Lucene search
K

102 matches found

OSV
OSV
added yesterday4 views

ROOT-OS-UBUNTU-2404-CVE-2025-38190 CVE-2025-38190 in rootio-linux - Patched by Root

Root has patched CVE-2025-38190 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

5.5CVSS7.8AI score0.00164EPSS
Exploits0
OSV
OSV
added 2026/06/12 4:45 p.m.6 views

MINI-GGQH-JP38-CP89

Bulletin has no description...

6.2CVSS4.8AI score0.00112EPSS
Exploits0
OSV
OSV
added 2026/06/05 3:54 a.m.4 views

MINI-Q38C-VV2H-4F8C

Bulletin has no description...

7.5CVSS5.7AI score0.0065EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 5:3 p.m.42 views

CVE-2026-46427 Budibase: Snowflake private key returned unmasked from datasource API to BASIC users

Budibase is an open-source low-code platform. Prior to 3.38.3, removeSecrets at packages/server/src/sdk/workspace/datasources/datasources.ts masks only datasource config fields whose schema type is DatasourceFieldType.PASSWORD. The Snowflake integration types its privateKey field as...

7.7CVSS0.00223EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/16 12:0 a.m.20 views

VulnCheck KEV: CVE-2025-67303

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...

7.5CVSS7.5AI score0.01361EPSS
In wildExploits3References21
OSV
OSV
added 2026/05/11 7:3 p.m.5 views

MINI-RVPX-7WQM-X38H

Bulletin has no description...

5.3CVSS5.7AI score0.00179EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/08 3:22 p.m.6 views

CVE-2026-41591

Marko is a declarative, HTML-based language for building web apps. Prior to marko version 5.38.36 and prior to @marko/runtime-tags 6.0.164, when dynamic text is interpolated into a ,...

6.4CVSS5.8AI score0.00195EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.4 views

CVE-2026-33737

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexmlloadstring without XXE protection. With LIBXMLNOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3...

6.5CVSS5.9AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/04/11 8:31 p.m.0 views

MINI-38MX-PM4V-X7GW

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
OSV
OSV
added 2026/04/11 3:2 p.m.1 views

MINI-X57C-38CM-9P75

Bulletin has no description...

7.5CVSS5.7AI score0.00349EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/04/06 11:43 p.m.6 views

CVE-2026-4437 affecting package glibc for versions less than 2.38-19

CVE-2026-4437 affecting package glibc for versions less than 2.38-19. A patched version of the package is available...

7.5CVSS5.9AI score0.00292EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:0 a.m.0 views

CVE-2026-30290

An arbitrary file overwrite vulnerability in InTouch Contacts & Caller ID APP v6.38.1 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

6.4AI score0.00231EPSS
Exploits1References4
CVE
CVE
added 2026/01/27 8:41 a.m.17 views

CVE-2026-24805

CVE-2026-24805 is a NULL pointer dereference in visualfc liteide within the area liteidex/src/3rdparty/libvterm/src modules, affecting liteide before x38.4. The issue involves the files screen.C , state.C , and vterm.C ; root cause identified as a NULL pointer dereference. No exploit details or p...

6.7CVSS5.9AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/24 3:18 p.m.12 views

CVE-2026-24536

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in webpushr Webpushr webpushr-web-push-notifications allows Retrieve Embedded Sensitive Data.This issue affects Webpushr: from n/a through = 4.38.0...

5.3CVSS5.4AI score0.00305EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/20 1:1 a.m.5 views

EUVD-2026-3589

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder ReadXBMImage allows an attacker to write controlled data past the allocated heap buffer when...

8.1CVSS5.9AI score0.00609EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 7 : rh-python38 (AXSA:2021-2383:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2383:01 advisory. python-cryptography: Bleichenbacher timing oracle attack against RSA decryption CVE-2020-25659 python: Unsafe use of eval on data retrieved via HTTP...

9.8CVSS7.8AI score0.35963EPSS
Exploits9References13
Positive Technologies
Positive Technologies
added 2026/01/08 12:0 a.m.4 views

PT-2026-1959

Name of the Vulnerable Software and Affected Versions Asseco InfoMedica versions prior to 4.50.1 Asseco InfoMedica versions prior to 5.38.0 Description Asseco InfoMedica stores user passwords in an encoded format within a database. An attacker with access to these encoded passwords can decode the...

5.9CVSS6.5AI score0.00138EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/06 12:19 a.m.6 views

CVE-2025-67303

An issue in ComfyUI-Manager prior to version 3.38 allowed remote attackers to potentially manipulate its configuration and critical data. This was due to the application storing its files in an insufficiently protected location that was accessible via the web interface...

7.5CVSS7.1AI score0.01361EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2025/12/25 12:0 a.m.3 views

PT-2025-53390

Name of the Vulnerable Software and Affected Versions Pexip Infinity versions 35.0 through 37.2 Description The software contains an improper input validation issue in the signalling component. This flaw allows an attacker to cause a software abort, leading to a denial of service. Recommendations...

7.5CVSS6.7AI score0.00268EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/12 4:47 p.m.1 views

Malicious code in rival-poke38 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0ec54c14dce5c425a195ddee454edde81c2afe1f460dd4e8e13fd7e1dd889d2 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Rows per page
Query Builder