Lucene search
K

1078 matches found

Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.3 views

PT-2026-26573

Name of the Vulnerable Software and Affected Versions tar-rs versions 0.4.44 and below Description The tar-rs crate’s unpack dir function uses fs::metadata to verify if a path already exists as a directory during tar archive unpacking. Because fs::metadata follows symbolic links, a specially...

7.8CVSS5.9AI score0.00379EPSS
Exploits1References36
Tenable Nessus
Tenable Nessus
added 2026/03/08 12:0 a.m.6 views

openSUSE 16 Security Update : gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer (openSUSE-SU-2026:20329-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20329-1 advisory. Changes in gstreamer-rtsp-server: - Update to version 1.26.7: - Fix issues with GDISABLECHECKS & GDISABLEASSERT. - rtsp-server: tests: Switch to fixture...

5.1CVSS6.1AI score0.00167EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/07 12:0 a.m.6 views

Security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer (moderate)

openSUSE security update: security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer...

5.8CVSS6.1AI score0.00167EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/06 5:56 p.m.3 views

CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...

8.7CVSS5.8AI score0.00272EPSS
Exploits0References2
OSV
OSV
added 2026/03/06 5:56 p.m.5 views

CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. Prior to version 0.19.16, the GET /api/v4/image/filename endpoint is vulnerable to unauthenticated SSRF...

8.7CVSS5.8AI score0.00272EPSS
Exploits0References4
NVD
NVD
added 2026/03/05 4:16 p.m.12 views

CVE-2026-30793

Cross-Site Request Forgery CSRF vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Flutter URI scheme handler, FFI bridge modules allows Privilege Escalation. This vulnerability is associated with program files flutter/lib/common.Dart,...

9.8CVSS0.00306EPSS
Exploits1References4
OSV
OSV
added 2026/03/05 3:55 p.m.2 views

SUSE-SU-2026:20686-1 Security update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer

This update for gstreamer-rtsp-server, gstreamer-plugins-ugly, gstreamer-plugins-rs, gstreamer-plugins-libav, gstreamer-plugins-good, gstreamer-plugins-base, gstreamer-plugins-bad, gstreamer-docs, gstreamer-devtools, gstreamer fixes the following issues: Changes in gstreamer-rtsp-server: - Update...

5.1CVSS6.3AI score0.00167EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005785)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005785 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005768)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005768 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6/addrconf: fix a potential refcount underflow for idev Now in addrconfmodrstimer, reference...

5.5CVSS5.8AI score0.00146EPSS
Exploits0References4
NVD
NVD
added 2026/02/27 10:16 p.m.17 views

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS0.00204EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/02/27 9:8 p.m.2 views

CVE-2026-28402 nimiq/core-rs-albatross's nimiq-blockchain missing proposal body root verification

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

7.1CVSS6AI score0.00204EPSS
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2026/02/27 8:25 p.m.14 views

Metasploit Wrap-Up 02/27/2026

No Prob-ollama This release brings some serious firepower with multiple new exploit modules and critical vulnerability support! The standout additions are the Ollama path traversal RCE CVE-2024-37032, a sophisticated exploit chaining arbitrary file writes into unauthenticated root RCE, and the...

9.9CVSS7.3AI score0.89633EPSS
Exploits17
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

core-rs-albatross 安全漏洞

core-rs-albatross is a Rust implementation of the Albatross protocol developed by Nimiq. Versions prior to 1.2.2 of core-rs-albatross contained a security vulnerability. This vulnerability stemmed from the lack of checks during the macro block proposal validation process, which did not verify the...

7.1CVSS5.8AI score0.00204EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/02/25 12:0 a.m.315 views

📄 BeyondTrust PRA / RS Unauthenticated Remote Code Execution

This Metasploit module exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. It leverages three different vulnerabilities depending on the user-selected target. The default target leverages CVE-2026-1731, a direct command...

9.9CVSS6.5AI score0.89914EPSS
Exploits22
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

httpsig-rs 安全漏洞

httpsig-rs is a Rust library developed by Jun Kurihara. Versions of httpsig-rs prior to 0.0.23 contained security vulnerabilities. These vulnerabilities stemmed from the misuse of the Digest header validation mechanism’s matches! macro, which could potentially allow incorrect validation successes...

7.5CVSS5.8AI score0.00162EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/16 12:0 a.m.8 views

LigeroSmart 代码注入漏洞

LigeroSmart is an open-source management platform developed by LigeroSmart. Versions of LigeroSmart 6.1.26 and earlier contained a code injection vulnerability. This vulnerability stemmed from improper handling of the SortBy parameter in the file/otrs/index.pl, which could lead to cross-site...

6.1CVSS5.7AI score0.00251EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2026/02/13 8:5 p.m.6 views

openmls (>=0.4.0-pre.1 <=0.4.0-pre.2), openmls_evercrypt (>=0.1.0-pre.1 <=0.1.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs (=0.1.2)

hpke-rs CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs and may be impacted: - openmls =0.4.0-pre.1, =0.1.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:GHSA-G433-PQ76-6CMF...

5.8AI score
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/13 8:5 p.m.3 views

hpke-rs (>=0.1.0-pre.1 <=0.1.0-pre.2), openmls (>=0.4.0-pre.1 <=0.4.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs-rust-crypto (=0.1.1)

hpke-rs-rust-crypto CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs-rust-crypto and may be impacted: - hpke-rs =0.1.0-pre.1, =0.4.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/13 7:48 p.m.393 views

Exploit for CVE-2026-1731

CVE-2026-1731 — BeyondTrust RS/PRA Passive Vulnerability Scann...

9.9CVSS6AI score0.88115EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-26076

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases 2-4 times above norma...

7.5CVSS6AI score0.00349EPSS
Exploits0References2
Rows per page
Query Builder