Lucene search
K

54 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 3:22 p.m.18 views

Important: Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.19.0-1 Update

Custom Metrics Autoscaler Operator for Red Hat OpenShift updates. The following updates for the Custom Metric Autoscaler operator for Red Hat OpenShift are now available: custom-metrics-autoscaler-adapter-container custom-metrics-autoscaler-admission-webhooks-container...

10CVSS7.1AI score0.01945EPSS
Exploits4References13
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.10 views

CVE-2026-42798

Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c...

4CVSS5.4AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

BIRD 安全漏洞

BIRD is a full-featured dynamic IP routing daemon developed by BIRD OpenSource. Versions of BIRD prior to 2.19.0 contained security vulnerabilities; these vulnerabilities stemmed from stack buffer overflows in the BGP ASPATH mask matching implementation, which could potentially cause the daemon t...

6.3CVSS5.6AI score0.003EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.2.0; versions before 2.19.1 use recursion to sanitize CDATA sections. This can lead to stack exhaustion and raise a SystemStackError exception, potentially causing ...

7.5CVSS6.6AI score0.01104EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ruby-loofah

Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah = 2.1.0; versions less than 2.19.1 are vulnerable to cross-site scripting due to the image/svg+xml media type in data URIs. This issue has been fixed in version 2.19.1...

6.1CVSS6.2AI score0.00792EPSS
Exploits0References1
Amazon
Amazon
added 2026/05/14 12:0 a.m.5 views

Medium: lcms2

Issue Overview: Little CMS lcms2 through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication. CVE-2026-41254 Little CMS lcms2 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. CVE-2026-42798 Affected...

7.5CVSS5.4AI score0.00365EPSS
Exploits1
Atlassian
Atlassian
added 2026/05/11 11:31 p.m.24 views

Directory Traversal vulnerability at plexus-utils dependency in Bamboo Data Center

This High severity File Inclusion vulnerability was introduced in versions 10.0.1, 10.1.0, 10.2.0, 11.0.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This File Inclusion vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H allows an...

8.8CVSS6.2AI score0.00663EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/15 11:26 p.m.6 views

SUSE CVE-2026-33902

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expression parser allows an attacker to crash the process by providing a deeply nested expression. This...

5.5CVSS5.8AI score0.00144EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/13 9:32 p.m.5 views

CVE-2026-40310

ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with when a user specifies an invalid sampling index. This issue has been fixed in versions 6.9.13-44 an...

5.5CVSS5.2AI score0.00189EPSS
Exploits0
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.7 views

ImageMagick 缓冲区错误漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It can read, convert, and write images in various formats. Versions of ImageMagick prior to 7.1.2-19 contained a buffer error vulnerability. This vulnerability stemmed from improper handling of...

6.2CVSS6AI score0.0018EPSS
Exploits0References5
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.23 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.0064EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.11 views

CVE-2026-34877

An issue was discovered in Mbed TLS versions from 2.19.0 up to 3.6.5, Mbed TLS 4.0.0. Insufficient protection of serialized SSL context or session structures allows an attacker who can modify the serialized structures to induce memory corruption, leading to arbitrary code execution. This is cause...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 9:12 a.m.10 views

CLEANSTART-2026-JF28061 Security fixes for CVE-2026-24051, CVE-2026-26958, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-fw7p-63qq-7hpr, ghsa-p77j-4mvh-x3m3 applied in versions: 2.19.0-r0, 2.19.0-r1

Multiple security vulnerabilities affect the keda package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS5.9AI score0.01557EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/02/21 7:30 p.m.4 views

CVE-2025-69297

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...

7.5CVSS5.5AI score0.00238EPSS
Exploits0References1
NVD
NVD
added 2026/02/20 4:22 p.m.6 views

CVE-2025-69297

Missing Authorization vulnerability in GhostPool Aardvark Plugin aardvark-plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Aardvark Plugin: from n/a through = 2.19...

7.5CVSS0.00238EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/17 2:49 a.m.5 views

WordPress Spectra plugin <= 2.19.17 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin Spectra versions = 2.19.17...

5.3CVSS5.3AI score0.00228EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/02 6:37 p.m.4 views

CVE-2025-66398

Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state restoreFilePath of the server via the /skServer/validateBackup endpoint. This allows the attacker to hijack the administrator's "Restor...

9.6CVSS7.6AI score0.17934EPSS
Exploits3References1
EUVD
EUVD
added 2026/01/02 3:20 p.m.3 views

EUVD-2025-206139

Signal K Server Vulnerable to Denial of Service via Unrestricted Access Request Flooding...

7.5CVSS6.4AI score0.00519EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/01/01 6:37 p.m.25 views

CVE-2025-69203 Signal K Server Vulnerable to Access Request Spoofing

Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against...

6.3CVSS0.00272EPSS
Exploits1References2
NVD
NVD
added 2026/01/01 6:15 p.m.10 views

CVE-2025-68272

Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service DoS vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint /signalk/v1/access/requests. This causes a...

7.5CVSS0.00519EPSS
Exploits1References2
Rows per page
Query Builder