Lucene search
+L

55 matches found

NVD
NVD
added 5 days ago5 views

CVE-2026-10085

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to restrict the groupconstrained channel flag to public and private channels that support group synchronization, which allows an ordinary group or direct message member to remove all participants from the conversation v...

5.4CVSS0.0017EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 9:16 p.m.8 views

CVE-2026-35210

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/08 9:6 p.m.33 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 9:6 p.m.15 views

CVE-2026-35210

Summary: OpenCTI prior to version 7.260326.0 contains an authorization bypass via the synchronized-upsert: true HTTP header, exploitable by any authenticated user with KNOWLEDGE_KNUPDATE permission. This allows bypassing Confidence Level validation and Object Marking restrictions, enabling attack...

7.1CVSS5.9AI score0.00252EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/08 9:6 p.m.4 views

CVE-2026-35210 OpenCTI: Authorization Bypass via `synchronized-upsert` HTTP Header Injection

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to 7.260326.0, an authorization bypass vulnerability in OpenCTI allows any authenticated user with KNOWLEDGEKNUPDATE permission to bypass Confidence Level validation and Object Marking...

7.1CVSS6.1AI score0.00252EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.14 views

PT-2026-56601

Name of the Vulnerable Software and Affected Versions OpenCTI versions prior to 7.260326.0 Description An authorization bypass allows authenticated users with KNOWLEDGE KNUPDATE permission to circumvent Confidence Level validation and Object Marking restrictions. This is achieved by injecting the...

7.1CVSS6.1AI score0.00252EPSS
Exploits0References8
OSV
OSV
added 2026/05/27 2:17 p.m.9 views

UBUNTU-CVE-2026-46045

In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: skip reading rdevs that are not insync When reading bitmap pages from member disks, the code iterates through all rdevs and attempts to read from the first available one. However, it only checks for raiddisk...

7.8CVSS5.8AI score0.00127EPSS
Exploits0References7
CNVD
CNVD
added 2026/04/02 12:0 a.m.4 views

FreeRDP Heap Buffer Overflow Vulnerability (CNVD-2026-16033)

FreeRDP is an open source Remote Desktop Protocol RDP implementation library and client . FreeRDP suffers from a heap buffer overflow vulnerability. The vulnerability arises due to an out-of-bounds heap memory write due to a bmpSize synchronization error in the persistent cache. An attacker can...

7.1CVSS6.2AI score0.001EPSS
Exploits0
NVD
NVD
added 2026/03/20 3:15 a.m.5 views

CVE-2026-32889

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

6.5CVSS0.0041EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/20 2:23 a.m.31 views

CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

6.5CVSS0.0041EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/03/20 2:23 a.m.4 views

CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

6.5CVSS5.8AI score0.0041EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/20 2:23 a.m.4 views

CVE-2026-32889

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

6.5CVSS5.7AI score0.0041EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/20 2:23 a.m.5 views

CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

6.5CVSS5.8AI score0.0041EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/03/19 5:25 p.m.12 views

Denial of service via non-terminating SYLT frame parsing loop in tinytag

Summary tinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsin...

6.5CVSS5.8AI score0.0041EPSS
Exploits1References6Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/17 12:0 a.m.11 views

Synchronized DNA Sources for Unconditionally Secure Cryptography

Secure communication is the cornerstone of modern infrastructures, yet achieving unconditional security -resistant to any computational attack- remains a fundamental challenge. The One-Time Pad OTP, proven by Shannon to offer perfect secrecy, requires a shared random key as long as the message,...

5.7AI score
Exploits0
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.5 views

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when accessing synchronized objects during concurrent operations...

6.7CVSS6.8AI score0.00075EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/04 12:11 a.m.24 views

CVE-2025-65841

Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file /Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate...

6.2CVSS6.7AI score0.00182EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/10/22 12:0 a.m.4 views

Ultra-Fast Wireless Power Hacking

The rapid growth of electric vehicles EVs has driven the development of roadway wireless charging technology, effectively extending EV driving range. However, wireless charging introduces significant cybersecurity challenges. Any receiver within the magnetic field can potentially extract energy,...

6.8AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-1305

Malware in sbrugna...

7.5CVSS6.4AI score0.0325EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/10/04 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that originates from not fully freeing resources when a memory allocation fails in a synchronized endpoint URB allocation loop,...

5.2AI score0.00149EPSS
Exploits0References10
Rows per page
Query Builder