Lucene search
K

33 matches found

Cvelist
Cvelist
added 2026/07/08 7:32 p.m.33 views

CVE-2026-53624 Fiber: HSTS header never set in helmet middleware due to incorrect protocol check

Fiber is an Express inspired web framework written in Go. Prior to 3.4.0, the helmet middleware in middleware/helmet/helmet.go never sets the Strict-Transport-Security response header even when HSTSMaxAge is configured because it checks c.Protocol for https instead of c.Scheme. This issue is fixe...

4.8CVSS0.00207EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 1:17 p.m.3 views

Security Bulletin: Vulnerability in flatted affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in flatted has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

9.8CVSS6.9AI score0.00808EPSS
Exploits2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/18 8:31 p.m.7 views

CVE-2026-45696

OpenEXR is the reference implementation and specification for the EXR image format, widely used in the motion picture industry. In versions 3.4.0 through 3.4.11, the HTJ2K High-Throughput JPEG 2000 decoder, htundoimpl in OpenEXRCore is vulnerable to a heap-buffer-overflow READ. The htundoimp...

8.3CVSS5.6AI score0.00263EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/18 4:5 p.m.9 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.3AI score0.00431EPSS
Exploits0
NVD
NVD
added 2026/06/17 10:16 p.m.14 views

CVE-2026-50196

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Wireshark

An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...

7.5CVSS7.1AI score0.03879EPSS
Exploits1References1
CVE
CVE
added 2026/04/23 2:47 p.m.53 views

CVE-2026-41239

CVE-2026-41239 affects DOMPurify. From v1.0.10 up to but not including v3.4.0, SAFE_FOR_TEMPLATES incorrectly strips mustache/templating expressions in untrusted HTML when RETURN_DOM/RETURN_DOM_FRAGMENT are used, enabling XSS in template-evaluating frameworks (e.g., Vue 2). The issue is triggered...

6.8CVSS5.6AI score0.00248EPSS
Exploits0References2
OSV
OSV
added 2026/04/21 5:58 p.m.5 views

CVE-2026-40611 Lego: Arbitrary File Write via Path Traversal in Webroot HTTP-01 Provider

Let's Encrypt client and ACME library written in Go Lego. Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A malicious ACME server can supply a crafted challenge token containing ../ sequences, causing lego to...

8.8CVSS6AI score0.0034EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/04/02 11:26 p.m.6 views

SUSE CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

5.5CVSS5.7AI score0.00482EPSS
Exploits1References3
NVD
NVD
added 2026/04/01 9:17 p.m.2 views

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

8.7CVSS0.00482EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:56 p.m.1 views

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

8.7CVSS5.7AI score0.00482EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/13 3:40 p.m.4 views

EUVD-2026-11653

flatted vulnerable to unbounded recursion DoS in parse revive phase...

7.5CVSS5.8AI score0.00777EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/10 6:31 p.m.4 views

EUVD-2026-10494

Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.This issue affects Liderahenk: before v3.4.0...

7.5CVSS5.8AI score0.0081EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/07 5:46 a.m.3 views

CVE-2026-30829 Checkmate: Unauthenticated Access to Unpublished Status Page

Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. Prior to version 3.4.0, an unauthenticated information disclosure vulnerability exists in the GET /api/v1/status-page/:url...

5.3CVSS5.7AI score0.00386EPSS
Exploits1References1
NVD
NVD
added 2026/01/12 9:15 a.m.9 views

CVE-2025-14279

MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to bypass Same-Origin Policy protections and execute unauthorized calls against REST endpoints. An...

8.1CVSS0.00193EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.10 views

CVE-2023-40662

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15...

7.5CVSS7.8AI score0.00552EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/06 12:0 a.m.3 views

WordPress plugin imEvent 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

5.3CVSS6.5AI score0.00241EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/05 12:0 a.m.3 views

PT-2025-36135

Name of the Vulnerable Software and Affected Versions: Payoneer Checkout versions n/a through 3.4.0 Description: A missing authorization issue exists in Payoneer Checkout, which allows content spoofing. Recommendations: Update Payoneer Checkout to a version later than 3.4.0...

4.3CVSS6.3AI score0.00231EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.8 views

CVE-2022-45969

Alist v3.4.0 is vulnerable to Directory Traversal,...

9.8CVSS6.7AI score0.01175EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:35 a.m.5 views

CVE-2017-18497

The liveforms plugin before 3.4.0 for WordPress has XSS...

6.1CVSS6.9AI score0.00915EPSS
Exploits0References1
Rows per page
Query Builder