Lucene search
K

382 matches found

EUVD
EUVD
added 2026/05/19 2:59 a.m.14 views

EUVD-2026-30828

in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-41814

in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps...

8.1CVSS6.3AI score0.00428EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.6 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause information leaks...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

OpenHarmony 输入验证错误漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contained a vulnerability related to input validation. Attackers could exploit this vulnerability to cause denial-of-service attacks...

3.3CVSS5.8AI score0.00117EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.10 views

OpenHarmony 安全漏洞

OpenHarmony is an open-source project for a Harmony operating system developed by the OpenAtom Foundation in China. Versions of OpenHarmony 6.0 and earlier contain security vulnerabilities, and attackers can exploit these vulnerabilities to cause denial-of-service attacks...

3.3CVSS5.8AI score0.00094EPSS
Exploits0References1
Debian
Debian
added 2026/05/17 4:58 a.m.13 views

[BSA-133] Security Update for incus

Mathias Gibbens uploaded new packages for incus which fixed the following security problems: CVE ID : CVE-2026-40195 CVE-2026-40197 CVE-2026-40243 CVE-2026-40251 CVE-2026-41647 CVE-2026-41648 CVE-2026-41684 CVE-2026-41685 Multiple security issues were discovered in Incus, a system container and...

7.1CVSS5.8AI score0.00408EPSS
Exploits8
CVE
CVE
added 2026/05/12 7:23 p.m.16 views

CVE-2026-44215

Summary: NanaZip versions 5.0.1252.0 through before 6.0.1698.0 contain a bug in the UFS/UFS2 filesystem image parser that allows a one-byte heap out-of-bounds null write when opening a crafted UFS image. Vulnerability details: attacker-controlled byte offset within a ~254-byte window past the hea...

7.1CVSS5.8AI score0.00217EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/05/12 1:25 p.m.24 views

CVE-2026-35071

The CVE-2026-35071 entry concerns Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, with an OS Command Injection flaw caused by improper neutralization of special elements in an OS command. A high-privilege attacker with local access could potentially exploit this to achieve command execut...

8.2CVSS5.8AI score0.0046EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/07 12:31 p.m.15 views

EUVD-2026-28349

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting XSS, Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383...

8.8CVSS5.8AI score0.00339EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/05 6:33 p.m.8 views

Django Uses Persistent Cookies Containing Sensitive Information

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but SESSIONSAVEEVERYREQUEST is True. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Django serie...

6.5CVSS5.8AI score0.00544EPSS
Exploits0References6Affected Software1
PyPA
PyPA
added 2026/05/05 4:16 p.m.14 views

PYSEC-2026-55

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14.django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served.Earlier, unsupported Django series such as 5.0.x, 4.1.x...

5.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:50 p.m.4 views

CVE-2026-6907

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. django.middleware.cache.UpdateCacheMiddleware erroneously caches requests where the Vary header contained an asterisk ''. This can lead to private data being stored and served. Earlier, unsupported Django series such as 5.0.x,...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/05 2:49 p.m.10 views

CVE-2026-5766 Potential denial-of-service vulnerability in ASGI requests via file upload limit bypass

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/05 2:49 p.m.10 views

CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

6.3CVSS5.8AI score0.00423EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.12 views

PT-2026-46970

Name of the Vulnerable Software and Affected Versions 7-Zip versions 9.21 through 26.00 Description An uninitialized memory disclosure exists in the UEFI capsule .scap parser. The OpenCapsule function allocates a heap buffer based on an attacker-declared CapsuleImageSize up to 1 GiB without...

7.8CVSS5.6AI score0.00277EPSS
Exploits1References33
RedhatCVE
RedhatCVE
added 2026/04/20 7:23 p.m.6 views

CVE-2026-40305

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

4.3CVSS5.7AI score0.00183EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/17 9:6 p.m.22 views

CVE-2026-40305 DNN has Force Friend Request Acceptance

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user could craft a request that would force the acceptance of a friend request on another user. Version 10.2.2...

4.3CVSS0.00183EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/17 6:5 p.m.4 views

EUVD-2026-23462

Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an opslice network packet, the server passes an unprepared structure containing a null pointer to the SDLinfo function, resulting in a null pointer dereference an...

7.5CVSS5.7AI score0.00503EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/04/08 7:58 p.m.5 views

CVE-2026-39864 Kamailio Auth: Processing Vulnerability For Additional Authenticated User Identity Checks

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted SIP packet if a successful user...

4.4CVSS6AI score0.00301EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/07 2:22 p.m.17 views

CVE-2026-4292

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Admin changelist forms using ModelAdmin.listeditable incorrectly allowed new instances to be created via forged POST data. Earlier, unsupported Django series such as 5.0.x, 4.1.x, and 3.2.x were not evaluated a...

2.7CVSS5.1AI score0.00294EPSS
Exploits0
Rows per page
Query Builder