Lucene search
K

15 matches found

Snyk
Snyk
added 2026/05/04 8:48 p.m.8 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

6.5CVSS5.7AI score0.00294EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 8:48 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization through the DeleteManifest process. An attacker can remove tags from repositories by sending a DELETE request to the relevant API endpoint, even when deletion has been explicitly disabled in the configuration. Th...

6.5CVSS5.7AI score0.00294EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/04 7:31 p.m.10 views

CVE-2026-6321

fast-uri decoded percent-encoded path separators and dot segments before applying dot-segment removal in its normalize and equal functions. Encoded path data was treated like real slashes and parent-directory references, so distinct URIs could collapse onto the same normalized path. Applications...

7.5CVSS5.8AI score0.00521EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS5.9AI score0.00821EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 12:16 a.m.7 views

CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS0.00821EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/23 11:38 p.m.3 views

CVE-2026-33250 Crash when receiving specially-crafted packets

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS5.9AI score0.00821EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/03/22 12:23 a.m.8 views

SUSE CVE-2026-33250

Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player'...

7.5CVSS6AI score0.00821EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/04 12:26 a.m.5 views

SUSE CVE-2026-26014

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Pion DTLS versions v1.0.0 through v3.0.10 and 3.1.0 use random nonce generation with AES GCM ciphers, which makes it easier for remote attackers to obtain the authentication key and spoof data by leveraging the reuse of a nonc...

5.9CVSS5.9AI score0.00619EPSS
Exploits0References3
Snyk
Snyk
added 2025/05/13 8:25 p.m.6 views

Function Call With Incorrect Order of Arguments

Overview Affected versions of this package are vulnerable to Function Call With Incorrect Order of Arguments due to the incorrect handling of the SECRETKEYFALLBACKS configuration. An attacker can exploit this to sign sessions with stale keys, potentially impeding the transition to fresher keys...

2.3CVSS6.9AI score0.00153EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/12 1:44 p.m.2 views

HTTP Request Smuggling

Overview io.ktor:ktor-client-cio is a framework for quickly creating web applications in Kotlin with minimal effort. Affected versions of this package are vulnerable to HTTP Request Smuggling due to a race condition between multiple coroutines using the same thread. Remediation Upgrade...

6.9CVSS6.9AI score0.00305EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.4 views

PT-2023-29429 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. The issue allows new chat messages to be read by making an unauthenticated POST request to MessageBus. There...

7.5CVSS7.4AI score0.01814EPSS
Exploits2References10
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.5 views

PT-2023-29222 · Nginx +1 · Nginx +1

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 stable and 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. A malicious request can cause production log files to quickly fill up and thus result in the server running o...

7.5CVSS7.4AI score0.00531EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-29226 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.1 Discourse versions prior to 3.2.0.beta2 Description: Discourse is an open source platform for community discussion. User summaries are accessible for anonymous users even when hide user profiles from public i...

5.3CVSS5.2AI score0.0041EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/01/07 12:0 a.m.5 views

PT-2023-10208 · Kelvinmo · Simplexrd

Name of the Vulnerable Software and Affected Versions: kelvinmo simplexrd versions up to 3.1.0 Description: A vulnerability was found in the file simplexrd/simplexrd.class.php, which leads to xml external entity reference. This issue affects unknown code and can be addressed by upgrading to versi...

9.8CVSS5.8AI score0.00804EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2022/12/25 12:0 a.m.9 views

PT-2022-11692 · Unknown · Starcounter-Jack Json-Patch

Name of the Vulnerable Software and Affected Versions: Starcounter-Jack JSON-Patch versions up to 3.1.0 Description: A vulnerability has been found in Starcounter-Jack JSON-Patch, classified as problematic. This issue affects unknown code and leads to improperly controlled modification of object...

9.8CVSS9.7AI score0.01083EPSS
Exploits1References13
Rows per page
Query Builder