Lucene search
+L

18984 matches found

Github Security Blog
Github Security Blog
added 2026/03/25 8:23 p.m.8 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2026/03/25 8:23 p.m.6 views

GHSA-Q537-8FR5-CW35 Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.6 views

RHEL 8 : mysql:8.0 (RHSA-2026:5580)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5580 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...

6.5CVSS7.3AI score0.00337EPSS
Exploits0References15
Snyk
Snyk
added 2026/03/20 2:41 a.m.5 views

Directory Traversal

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Directory Traversal via the Script View...

8.2CVSS6.4AI score0.00385EPSS
Exploits1References2
CNVD
CNVD
added 2026/03/19 12:0 a.m.6 views

Unspecified Vulnerability in HCL AION (CNVD-2026-15151)

HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by attackers to affect the traceability of user activities...

8.2CVSS5.9AI score0.00141EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/09 12:0 a.m.13 views

Google Android suffers from unspecified vulnerability (CNVD-2026-13151)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...

7.8CVSS5.8AI score0.00088EPSS
Exploits0References1
CNVD
CNVD
added 2026/03/06 12:0 a.m.8 views

Google Android suffers from unspecified vulnerability (CNVD-2026-18789)

Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...

8.4CVSS5.8AI score0.00112EPSS
Exploits0
OSV
OSV
added 2026/02/20 7:23 p.m.7 views

CVE-2026-2852

A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The...

6.3CVSS5.3AI score0.0022EPSS
Exploits1References6
UbuntuCve
UbuntuCve
added 2026/02/18 12:0 a.m.4 views

CVE-2026-2574

OOB Read in OpenSSL backend...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-20271

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of...

3.1CVSS5.4AI score0.00463EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.9 views

PT-2026-7399

Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 1607 versions prior to 10.0.14393.8868 Microsoft Windows 10 1809 versions prior to 10.0.17763.8389 Microsoft Windows 10 21H2 versions prior to 10.0.19044.6937 Microsoft Windows 10 22H2 versions prior to 10.0.19045.6937...

10CVSS7.5AI score0.15384EPSS
Exploits0References179
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.11 views

PT-2026-7464

Name of the Vulnerable Software and Affected Versions AMD Secure Processor ASP Boot Loader affected versions not specified Description A flaw exists in the AMD Secure Processor ASP Boot Loader where insufficient parameter sanitization could allow an attacker with access to SPIROM upgrade to...

5.4CVSS5.8AI score0.00126EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.10 views

PT-2026-7421

Name of the Vulnerable Software and Affected Versions Connections affected versions not specified Description The system may not accurately count connections received through the proxy port, specifically when a proxy protocol header is present. This can lead to the server exceeding its connection...

8.2CVSS5.4AI score0.00263EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/02/09 7:15 p.m.8 views

CVE-2026-24678

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...

8.7CVSS5.9AI score0.00628EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.11 views

PT-2026-7191

Name of the Vulnerable Software and Affected Versions Tanium Endpoint Configuration Toolset Solution affected versions not specified Tanium End-User Notifications Endpoint Tools affected versions not specified Description Tanium addressed a flaw that allows for arbitrary file deletion...

5.5CVSS5.6AI score0.00175EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.9 views

PT-2026-6700

Name of the Vulnerable Software and Affected Versions HDC module affected versions not specified Description A permission control issue exists in the HDC module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newer...

6.3CVSS5.4AI score0.00111EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.10 views

PT-2026-6708

Name of the Vulnerable Software and Affected Versions DFX module affected versions not specified Description An out-of-bounds write issue exists in the DFX module. Successful exploitation of this issue may impact system availability. Recommendations At the moment, there is no information about a...

6CVSS5.4AI score0.00105EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.8 views

PT-2026-6617

Name of the Vulnerable Software and Affected Versions Tanium Threat Response affected versions not specified Description Tanium Threat Response contains an information disclosure issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

4.9CVSS5.4AI score0.00326EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.8 views

PT-2026-6611

Name of the Vulnerable Software and Affected Versions Tanium Patch affected versions not specified Description Tanium Patch suffers from an improper access controls issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

4.3CVSS5.4AI score0.00238EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.5 views

PT-2026-6626

Name of the Vulnerable Software and Affected Versions Tanium Enforce affected versions not specified Description Tanium Enforce has an issue with incorrect default permissions. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...

6.5CVSS5.4AI score0.00306EPSS
Exploits0References4
Rows per page
Query Builder