Lucene search
K

319 matches found

NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-56014

Unauthenticated Cross Site Scripting XSS in Master Slider = 3.11.2 versions...

7.1CVSS0.00175EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

When loading a plist file, the plistlib module reads data in a size specified by the file itself. This means that a malicious file can cause out-of-memory OOM and denial-of-service DoS issues...

5.5CVSS6.6AI score0.00193EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

The poplib module, when a user-controlled command is passed to it, can have additional commands injected using newlines. Mitigation rejects commands that contain control characters...

5.9CVSS6.7AI score0.00315EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

When using http.cookies.Morsel, user-controlled cookie values and parameters may allow the injection of HTTP headers into messages. The patch rejects all control characters within cookie names, values, and parameters...

6CVSS7AI score0.00401EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Python 3.11

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. With this new behavior, headers that are...

6CVSS7AI score0.0056EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 1:20 p.m.7 views

EUVD-2026-38779

A cross-site request forgery CSRF vulnerability in Jenkins Contrast Continuous Application Security Plugin 3.11 and earlier allows attackers to have Jenkins connect to an attacker-specified URL using an attacker-specified username, API key, and service key...

5.4CVSS5.8AI score0.00101EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.7 views

Oracle Linux 9 : python3.11 (ELSA-2026-19175)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-19175 advisory. - Security fixes for CVE-2026-4786, CVE-2026-6100 Resolves: RHEL-168158, RHEL-167916 - Security fix for CVE-2026-4519 Resolves: RHEL-158053 Tenable ha...

9.1CVSS6.9AI score0.00579EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:17 p.m.5 views

CVE-2026-47341

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

6.3CVSS5.8AI score0.0043EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Python 3.11

It allows the extraction filter to be ignored, enabling symlink targets to point outside the destination directory, and modifying some file metadata. This vulnerability affects users who use the TarFile module to extract untrusted tar archives using TarFile.extractall or TarFile.extract, with the...

7.5CVSS6.4AI score0.01109EPSS
Exploits7References2
OSV
OSV
added 2026/06/17 10:8 a.m.5 views

RHSA-2026:26187 Red Hat Security Advisory: python3.11 security update

Bulletin has no description...

8.1CVSS5AI score0.00579EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : python311 (SUSE-SU-2026:2298-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2298-1 advisory. - CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Tenable has extracted the preceding...

6CVSS5.3AI score0.00188EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 2:14 p.m.9 views

EUVD-2026-36442

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, Symbol.for override in setup-sandbox.js only intercepts 2 of 9 dangerous Node.js cross-realm symbols. Combined with the bridge's set/defineProperty/deleteProperty traps having no isDangerousCrossRealmSymbol key check, sandbox...

8.7CVSS5.2AI score0.00266EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/11 1:31 p.m.6 views

CVE-2026-11816

Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in keras/src/utils/fileutils.py. The functions filtersafetarinfos and filtersafezipinfos validate archive member paths against the process current working directory CWD instead of t...

8.1CVSS7.8AI score0.00518EPSS
Exploits1
CVE
CVE
added 2026/06/11 1:31 p.m.31 views

CVE-2026-11816

CVE-2026-11816 affects Keras

8.1CVSS7.6AI score0.00518EPSS
Exploits1References5Affected Software1
SUSE Linux
SUSE Linux
added 2026/06/08 10:17 a.m.8 views

Security update for python311

This update for python311 fixes the following issues: CVE-2026-3446: Base64 decoding stops at first padded quad by default bsc1261970. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...

6CVSS5.4AI score0.00188EPSS
Exploits0References6
OSV
OSV
added 2026/06/03 2:21 p.m.6 views

SUSE-SU-2026:2257-1 Security update for salt

This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...

8.7CVSS7.1AI score0.00375EPSS
Exploits0References8
SUSE Linux
SUSE Linux
added 2026/06/03 2:20 p.m.7 views

Security update for salt

This update for salt fixes the following issue: Security issues fixed: CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 Harden Torna...

8.7CVSS7.2AI score0.00375EPSS
Exploits0References16
OSV
OSV
added 2026/06/03 2:20 p.m.7 views

SUSE-SU-2026:2256-1 Security update for salt

This update for salt fixes the following issue: Security issues fixed: - CVE-2026-31958: python-tornado: parsing large multipart bodies with many parts can cause a denial of service bsc1259554. Other updates and bugfixes: - Use non vendored Tornado with Python 3.11 bsc1257583, bsc1259700 - Harden...

8.7CVSS5.8AI score0.00375EPSS
Exploits0References8
OSV
OSV
added 2026/06/03 2:19 p.m.15 views

SUSE-SU-2026:2255-1 Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 - CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer...

9.8CVSS7AI score0.00704EPSS
Exploits0References13
SUSE Linux
SUSE Linux
added 2026/06/03 2:13 p.m.8 views

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

8.7CVSS7.5AI score0.00704EPSS
Exploits0References26
Rows per page
Query Builder