Lucene search
K

733065 matches found

OSV
OSV
added 2026/06/20 6:53 a.m.2 views

OPENSUSE-SU-2026:21122-1 Security update for tomcat10

This update for tomcat10 fixes the following issues Update to Tomcat 10.1.55: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165....

9.8CVSS5.9AI score0.01339EPSS
Exploits2References14
Veracode
Veracode
added 2026/06/20 6:36 a.m.3 views

Cross-Site Scripting (XSS)

Angular is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of namespaced script elements and attributes in the @angular/compiler and @angular/core packages, which allows an attacker to inject specially crafted namespaced templates that bypass Angular's...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References7Affected Software2
Veracode
Veracode
added 2026/06/20 5:55 a.m.7 views

Improper Request Routing

http-proxy-middleware is vulnerable to improper request routing. The vulnerability is due to unanchored substring matching in the host+path router selector logic, where configured host+path entries are matched against attacker-controlled request metadata using partial string comparisons instead o...

8.6CVSS5.8AI score0.0034EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2026/06/20 5:35 a.m.3 views

Denial Of Service (DoS)

@angular/common is vulnerable to Denial of Service DoS. The vulnerability is due to insufficient validation of the format parameter in the formatDate function, which allows an attacker to supply a maliciously crafted, excessively long date format string, causing excessive CPU and memory consumpti...

8.2CVSS5.8AI score0.00331EPSS
Exploits0References6Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 3:50 a.m.10 views

Malicious code in yian666aikf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/20 3:50 a.m.10 views

MAL-2026-6234 Malicious code in yian666aikf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f96776bdaabacae768376d5c1ff3543f77d94b41298d3d01365032817c3cd53e [email protected] advertises itself as a lightweight string-manipulation utility library, but its only on-install effect is to launch a reverse shell...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/20 3:50 a.m.10 views

Malicious code in yianzzkf6687 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/06/20 3:50 a.m.14 views

MAL-2026-6235 Malicious code in yianzzkf6687 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a59a0aee58573b3030b9d541980fa9d7df8ea55d4e6cc5b3bb349452b908d0e9 On npm install, the postinstall hook scripts/postinstall.js detach-spawns scripts/shell.js with detached: true, stdio: 'ignore', windowsHide: true an...

5.9AI score
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/20 3:43 a.m.99 views

ghidra-12.1.2-rce-ace-calc-poc

Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...

6.5AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/20 2:35 a.m.9 views

SUSE CVE-2026-12047

HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text - and the related file-resolution and database-commit...

4.8CVSS5.8AI score0.00137EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:35 a.m.7 views

SUSE CVE-2026-12050

SQL injection in pgAdmin 4's named restore point endpoint POST /browser/server/restorepoint/gid/sid. The user-supplied 'value' field was interpolated directly into the SQL string with str.format instead of being passed as a bound parameter, allowing an authenticated pgAdmin user with a connected...

5.3CVSS5.7AI score0.00245EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.12 views

SUSE CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.3CVSS6.5AI score0.0038EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/20 1:7 a.m.2 views

[SECURITY] Fedora 43 Update: perl-Config-IniFiles-3.001000-1.fc43

Config::IniFiles provides a way to have readable configuration files outside your Perl script. Configurations can be imported inherited, stacked,..., sections can be grouped, and settings can be accessed from a tied hash...

8.6CVSS5.8AI score0.00618EPSS
Exploits0
Fedora
Fedora
added 2026/06/20 12:51 a.m.2 views

[SECURITY] Fedora 44 Update: perl-Config-IniFiles-3.001000-1.fc44

Config::IniFiles provides a way to have readable configuration files outside your Perl script. Configurations can be imported inherited, stacked,..., sections can be grouped, and settings can be accessed from a tied hash...

8.6CVSS5.8AI score0.00618EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.9 views

kernel: Buffer overflow in drivers/xen/sys-hypervisor.c

A flaw was found in the Linux kernel. A buffer overflow vulnerability exists in the Xen hypervisor driver drivers/xen/sys-hypervisor.c. This flaw occurs because the HYPERVISORxenversionXENVERbuildid function returns a build ID that is not properly null-terminated. When the buildidshow function...

7.8CVSS6.1AI score0.00197EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported...

7.5CVSS7.1AI score0.0156EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Photon OS 5.0: Linux PHSA-2026-5.0-0888

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0888. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.1CVSS5.7AI score0.00442EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2026:2458-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2458-1 advisory. This update for dnsmasq fixes the following issues - CVE-2026-2291: VU471747: dnsmasq can be abused to record false cached data enabling DoS or...

8.8CVSS6.2AI score0.06662EPSS
Exploits4References22
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.7 views

RockyLinux 10 : postfix (RLSA-2026:25930)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:25930 advisory. postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 Tenable has extracted the preceding description block directly from the RockyLinux...

7.5CVSS6.2AI score0.00415EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-48818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as...

7.5CVSS5.9AI score0.00368EPSS
Exploits0References2
Rows per page
Query Builder