Lucene search
K

53 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-55175

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS0.00615EPSS
Exploits0References11
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43087

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
SUSE Linux
SUSE Linux
added 2026/06/15 8:6 a.m.10 views

Security update for openssl-3

This update for openssl-3 fixes the following issues CVE-2026-7383: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion bsc1266340. CVE-2026-9076: Out-of-Bounds Read in CMS Password-Based Decryption bsc1266341. CVE-2026-34180: Heap Buffer Over-read in ASN.1 Content Parsing...

8.2CVSS5.4AI score0.02719EPSS
Exploits0References36
Microsoft CVE
Microsoft CVE
added 2026/06/13 8:4 a.m.7 views

Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

...

4.8CVSS5.8AI score0.0021EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.9 views

openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes

A flaw was found in OpenSSL. The implementations of AES-SIV Advanced Encryption Standard - SIV and AES-GCM-SIV Advanced Encryption Standard - Galois/Counter Mode - SIV incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 4:3 p.m.80 views

CVE-2026-45446

CVE-2026-45446 concerns OpenSSL implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452). The root cause is that the expected authentication tag is computed only when the decryption function processes non-empty data; if a caller provides AAD and then invokes DecryptFinal without any ciphe...

4.8CVSS5.7AI score0.0021EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/04/24 4:51 p.m.31 views

CVE-2026-41411

Vim (before version 9.2.0357) contains a local command-injection vulnerability in tag file processing. When resolving a tag, Vim passes the filename field from the tags file through wildcard expansion, enabling backtick syntax (e.g., command) that can execute arbitrary commands via the system she...

6.6CVSS5.4AI score0.00501EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 4:51 p.m.32 views

CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS0.00501EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.12 views

WordPress plugin Ultimate Member 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8CVSS5.8AI score0.00229EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/28 1:54 a.m.4 views

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.8CVSS6.8AI score0.00561EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/26 9:31 p.m.6 views

EUVD-2026-8884

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.7CVSS7AI score0.00561EPSS
Exploits0References4
OSV
OSV
added 2026/02/26 9:28 p.m.4 views

DEBIAN-CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.7CVSS7.1AI score0.00561EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 9:28 p.m.8 views

UBUNTU-CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.8CVSS6.7AI score0.00561EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/26 8:17 p.m.4 views

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.8CVSS6.7AI score0.00561EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/02/26 8:17 p.m.7 views

CVE-2026-22206

SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote cod...

8.8CVSS7.1AI score0.00561EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.5 views

PT-2026-22182

Name of the Vulnerable Software and Affected Versions SPIP versions prior to 4.4.10 Description SPIP versions before 4.4.10 have a SQL injection flaw. Authenticated low-privilege users can execute arbitrary SQL queries through union-based injection techniques. Attackers can combine this SQL...

8.8CVSS6.8AI score0.00561EPSS
Exploits0References8
OSV
OSV
added 2026/02/11 9:28 a.m.4 views

SUSE-SU-2026:0437-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-22770: improper pointer initialization can cause denial of service bsc1256969. - CVE-2026-23874: manipulation of digital images can lead to stack overflow bsc1256976. - CVE-2026-23876: maliciously crafted image can lead to heap...

9.8CVSS6AI score0.00609EPSS
Exploits3References9
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.4 views

Vim < 9.1.2132 Buffer Overflow (GHSA-5w93-4g67-mm43)

The version of Vim installed on the remote host is prior to 9.1.2132. It is, therefore, affected by a vulnerability as referenced in the GHSA-5w93-4g67-mm43 advisory. - Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's...

6.6CVSS6.3AI score0.00213EPSS
Exploits1References2
OSV
OSV
added 2026/02/06 11:15 p.m.5 views

AZL-77411 CVE-2026-25749 affecting package vim for versions less than 9.2.0088-1

Vim is an open source, command line text editor. Prior to version 9.1.2132, a heap buffer overflow vulnerability exists in Vim's tag file resolution logic when processing the 'helpfile' option. The vulnerability is located in the gettagfname function in src/tag.c. When processing help file tags,...

6.6CVSS5.9AI score0.00213EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.6 views

PT-2026-3191

Name of the Vulnerable Software and Affected Versions Satera LBP670C Series/Satera MF750C Series versions v06.02 and earlier Color imageCLASS LBP630C/Color imageCLASS MF650C Series/imageCLASS LBP230 Series/imageCLASS X LBP1238 II/imageCLASS MF450 Series/imageCLASS X MF1238 II/imageCLASS X MF1643i...

9.8CVSS7.8AI score0.0083EPSS
Exploits0References10
Rows per page
Query Builder