Lucene search
K

1782 matches found

RedHat Linux
RedHat Linux
added 2026/03/05 11:24 a.m.4 views

crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption

A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security TLS session resumption when certificate authority CA settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing ...

10CVSS6.5AI score0.00765EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/03/05 12:35 a.m.17 views

zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

6AI score
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/04 12:27 a.m.6 views

SUSE CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

5.1CVSS5.8AI score0.00271EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.17 views

PT-2026-41140

Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer includes a security setting to disable bind mounts...

8.5CVSS5.8AI score0.00206EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.6 views

PT-2026-21343

Name of the Vulnerable Software and Affected Versions Mastodon versions 4.4.0 through 4.4.13 Mastodon versions 4.5.0 through 4.5.6 Description Mastodon is a free, open-source social network server based on ActivityPub. A flaw exists in FASP registration where an unauthenticated attacker can...

8.2CVSS5.5AI score0.0027EPSS
Exploits0References11
Microsoft CVE
Microsoft CVE
added 2026/02/19 2:49 a.m.7 views

Chromium: CVE-2026-2319 Race in DevTools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

7.5CVSS5.5AI score0.00204EPSS
Exploits0
EUVD
EUVD
added 2026/02/16 12:30 p.m.13 views

EUVD-2026-6097

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.5AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.8 views

PT-2026-7437

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description A flaw exists due to incorrect validation of the profile command, potentially leading to a misidentification of requests altering the 'filter' as read-only. The issue may permit unauthorized configuration...

5.4CVSS5.2AI score0.00173EPSS
Exploits0References7
Packet Storm News
Packet Storm News
added 2026/01/30 12:0 a.m.5 views

Evaluating Large Language Models for Security Bug Report Prediction

Early detection of security bug reports SBRs is critical for timely vulnerability mitigation. We present an evaluation of prompt-based engineering and fine-tuning approaches for predicting SBRs using Large Language Models LLMs. Our findings reveal a distinct trade-off between the two approaches...

5.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-4914

Name of the Vulnerable Software and Affected Versions askbot versions prior to 0.12.2 Description An authenticated attacker with normal user permissions can modify the profile picture of other application users. Recommendations Update to a version later than 0.12.2...

5.3CVSS5.9AI score0.00318EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4287

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description Gitea does not correctly validate the repository context during attachment deletion. A user who uploaded an attachment to a repository might be able to delete it even after losing access to tha...

9.9CVSS5.4AI score0.00731EPSS
Exploits11References98
Vulnrichment
Vulnrichment
added 2026/01/20 9:56 p.m.4 views

CVE-2026-21975

...

4.5CVSS7.4AI score0.00215EPSS
Exploits0References1
Snyk
Snyk
added 2026/01/20 9:35 p.m.5 views

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via the urllib.request.DataHandler. An attacker can manipulate HTTP headers by injecting newline characters in the mediatype portion of a data URL, to alter request behavior or bypass security controls. Remediation A fix...

6.5CVSS6AI score0.0048EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/13 3:29 p.m.5 views

CVE-2025-68803

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...

5.2AI score0.00173EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-71087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iavf: fix off-by-one issues in iavfconfigrssreg There are off-by-one bugs when configuring RSS hash key and lookup table, causing out-of-bounds reads to memory ...

5.5CVSS6.2AI score0.00114EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.12 views

CVE-2023-45822

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which a default unsafe rego built-in was allowed to be used when...

5.3CVSS7AI score0.00519EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/01/06 12:0 a.m.5 views

Few-Shot Learning for Security Bug Report Identification

Security bug reports require prompt identification to minimize the window of vulnerability in software systems. Traditional machine learning ML techniques for classifying bug reports to identify security bug reports rely heavily on large amounts of labeled data. However, datasets for security bug...

6.8AI score
Exploits0
EUVD
EUVD
added 2026/01/05 7:57 p.m.5 views

EUVD-2026-0818

ERC7984ERC20Wrapper: once a wrapper is filled, subsequent wrap requests do not revert and result in loss of funds...

6.4AI score
Exploits0References2
EUVD
EUVD
added 2025/12/10 9:59 p.m.5 views

EUVD-2025-202429

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2 and 17.5.0-rc-1 through 17.5.0 have insufficient protection against /html injection, which...

8.7CVSS7.9AI score0.0086EPSS
Exploits1References8
Huntr
Huntr
added 2025/12/04 6:25 p.m.20 views

NLTK – Multiple CorpusReader classes allow Arbitrary File Read via Path Traversal

This report is not public...

8.6CVSS5.9AI score0.00924EPSS
Exploits3
Rows per page
Query Builder