Lucene search
K

9631 matches found

CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

F5 NGINX Open Source 安全漏洞

F5 NGINX Open Source is a high-performance web server, reverse proxy server, load balancer, and API gateway provided by the F5 company. There is a security vulnerability in F5 NGINX Open Source, which stems from the use of proxysetbody when configuring HTTP/2 traffic. This vulnerability may lead ...

6.3CVSS5.8AI score0.00339EPSS
Exploits1References1
Oracle linux
Oracle linux
added 2026/05/13 12:0 a.m.12 views

krb5 security update

1.18.2-34.0.1 - Fixed race condition in krb5setpassword Orabug: 33609767 1.18.2-34 - Fix NegoEx parsing vulnerabilities CVE-2026-40355, CVE-2026-40356 Resolves: RHEL-171589 RHEL-171594...

5.9CVSS5.8AI score0.00461EPSS
Exploits0
OSV
OSV
added 2026/05/12 10:16 p.m.7 views

UBUNTU-CVE-2026-8449

Rejected reason: This CVE ID has been rejected or withdrawn...

8.8CVSS5.7AI score0.00179EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:34 p.m.7 views

CVE-2026-8449

This CVE ID has been rejected or withdrawn...

5.7AI score0.00179EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 3:28 p.m.4 views

CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
OSV
OSV
added 2026/05/12 3:25 p.m.6 views

CLSA-2026-1778599539 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
CVE
CVE
added 2026/05/12 1:28 p.m.19 views

CVE-2026-40020

CVE-2026-40020 affects dovecot via IMAP SETACL: an attacker can inject the "anyone" permission into a user’s dovecot-acl file even when imap_acl_allow_anyone=no, causing folders to be spammed to all users. Impact is limited to spamming, not unauthorized data access. Multiple vendors have referenc...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References1Affected Software2
Nextcloud
Nextcloud
added 2026/05/12 9:4 a.m.11 views

Cross-Account Calendar Takeover via Unauthorized Group-Member-Set Update

None...

8.1CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/12 8:20 a.m.10 views

CVE-2026-8234

A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the file /goform/WifiBasicSet. The manipulation of the argument security5g leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit h...

9CVSS7.8AI score0.00481EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40453

Name of the Vulnerable Software and Affected Versions Linux ksmbd affected versions not specified Description A remote memory corruption issue exists in the ACL inheritance path. Remote clients with directory creation permissions can trigger a heap out-of-bounds read and subsequent heap corruptio...

8.8CVSS5.9AI score0.00179EPSS
Exploits0References7
NVD
NVD
added 2026/05/11 8:25 p.m.10 views

CVE-2026-42874

Microdot is a minimalistic Python web framework. Prior to 2.6.1, the Response.setcookie method does not sanitize its string arguments, and in particular will not detect the presence of the \r\n sequence in them. This can be a potential source of header injection attacks. For a header injection...

3.7CVSS0.00215EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 6:16 p.m.14 views

CVE-2026-42315

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

8.1CVSS0.00395EPSS
Exploits1References1
PyPA
PyPA
added 2026/05/11 6:16 p.m.12 views

PYSEC-2026-129

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:35 p.m.10 views

CVE-2026-42315

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, when passing a folder name in the setpackagedata API function call inside the data object with key "folder", there is no sanitization at all, allowing a user with Perms.MODIFY to specify arbitrary...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/11 4:35 p.m.11 views

CVE-2026-42315

Summary (CVE-2026-42315) pyLoad before 0.5.0b3.dev100 is vulnerable to path traversal via the _folder field in set_package_data, allowing a user with Perms.MODIFY to set arbitrary download folders. The root cause is lack of sanitization for folder names supplied to set_package_data(), enabling ab...

8.1CVSS5.9AI score0.00395EPSS
Exploits1References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/11 4:22 p.m.8 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS5.8AI score0.00599EPSS
Exploits1References15
Github Security Blog
Github Security Blog
added 2026/05/11 4:9 p.m.9 views

@rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

8.2CVSS6AI score0.00271EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/11 4:9 p.m.5 views

GHSA-C567-44RC-M5HQ @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data)

Summary setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking a path. Because field names in submitted form data are passed directly to setPath via preprocessFormData and through...

8.2CVSS6AI score0.00271EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 5:16 a.m.64 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

7.2CVSS0.04544EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:30 a.m.9 views

CVE-2026-8273

A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgisethost/cgisetntp/cgifancontrol/cgimergeuser of the file /cgi-bin/systemmgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...

5.8CVSS5.7AI score0.04544EPSS
Exploits1References6Affected Software1
Rows per page
Query Builder