Lucene search
K

1028 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40176

Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS5.9AI score0.00332EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.11 views

requests-hardened 代码问题漏洞

requests-hardened is a Python library developed by Saleor Commerce, aimed at enhancing the security of HTTP requests. requests-hardened has code vulnerabilities; these vulnerabilities stem from the lack of SSRF protection, which fails to prevent access to shared address spaces as defined in RFC...

6.5CVSS5.9AI score0.00305EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.10 views

Microsoft Windows Storage Spaces Controller 输入验证错误漏洞

Microsoft Windows Storage Spaces Controller is a necessary driver provided by Microsoft for storage space functions. There is an input validation vulnerability in Microsoft Windows Storage Spaces Controller. Attackers can exploit this vulnerability to gain elevated privileges. The following...

7.8CVSS5.8AI score0.00332EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.7 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017651)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017651 advisory. A flaw was found in Samba's libldb. Multiple, consecutive leading spaces in an LDAP attribute can lead to an out-of-bounds memory write, leading to a crash of the LD...

7.5CVSS6.8AI score0.04328EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.24 views

Linux Distros Unpatched Vulnerability : CVE-2026-39823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces...

6.1CVSS7AI score0.00328EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/07 9:30 p.m.23 views

EUVD-2026-28424

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/07 7:41 p.m.9 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS5.8AI score0.00314EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.15 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0References5Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/07 7:41 p.m.21 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.3AI score0.00328EPSS
Exploits0
OSV
OSV
added 2026/04/27 1:14 p.m.10 views

JLSEC-2026-194

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function SkipSpaces in the library assimp/include/assimp/ParsingUtils.h. The manipulation leads to out-of-bounds read. Local access is required to approach this...

7.8CVSS4.4AI score0.00221EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.16 views

PT-2026-38565

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description URLs are not correctly escaped within the content attribute of a tag. If the URL content contains ASCII whitespaces around the = rune, the escaper fails to proce...

9.8CVSS5.8AI score0.00314EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34515

A logic error in the tr utility of uutils coreutils causes the program to incorrectly define the :graph: and :print: character classes. The implementation mistakenly includes the ASCII space character 0x20 in the :graph: class and excludes it from the :print: class, effectively reversing the...

3.3CVSS5.7AI score0.00149EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-33691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...

7.5CVSS6AI score0.02172EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.6 views

CVE-2026-32076

Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/15 7:23 p.m.6 views

CVE-2026-27907

Integer underflow wrap or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.00298EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/15 12:1 a.m.7 views

EUVD-2026-22817

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.8AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/15 12:1 a.m.3 views

CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.7AI score0.00405EPSS
Exploits0References3
CVE
CVE
added 2026/04/15 12:1 a.m.22 views

CVE-2026-40104

CVE-2026-40104 affects XWiki Platform. A resource exhaustion vulnerability exists in REST API endpoints (for example, /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties) that return metadata listing all pages without query lim...

8.2CVSS5.8AI score0.00405EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/15 12:1 a.m.3 views

CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

6.9CVSS5.9AI score0.00405EPSS
Exploits0References5
OSV
OSV
added 2026/04/14 10:34 p.m.2 views

GHSA-MRQG-XMGM-RC5G XWiki's REST APIs can list all pages/spaces, leading to unavailability

Impact REST API endpoints like /xwiki/rest/wikis/xwiki/spaces/AnnotationCode/pages/AnnotationConfig/objects/AnnotationCode.AnnotationConfig/0/properties list all available pages as part of the metadata for database list properties, which can exhaust available resources on large wikis. Patches Thi...

8.2CVSS5.7AI score0.00405EPSS
Exploits0References5
Rows per page
Query Builder