Lucene search
K

592 matches found

Github Security Blog
Github Security Blog
added 2026/03/30 5:17 p.m.23 views

go-git: Maliciously crafted idx file can cause asymmetric memory consumption

Impact A vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a Denial of Service DoS condition. Exploitation requires write access to the local repository's .git directory, it...

5CVSS5.8AI score0.00147EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/30 12:0 a.m.6 views

PT-2026-29159

Name of the Vulnerable Software and Affected Versions go-git versions 5.0.0 through 5.17.0 Description A crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service DoS condition. Exploitation requires write access to the...

5CVSS5.9AI score0.00201EPSS
Exploits0References184
Positive Technologies
Positive Technologies
added 2026/03/29 12:0 a.m.7 views

PT-2026-28753

Name of the Vulnerable Software and Affected Versions Tenda FH1201 version 1.2.0.14408 Description A flaw exists in the Tenda FH1201 router that allows remote attackers to trigger a stack-based buffer overflow. The issue is located within the WrlclientSet function of the /goform/WrlclientSet file...

9CVSS6.4AI score0.00655EPSS
Exploits1References8
EUVD
EUVD
added 2026/03/27 8:25 p.m.4 views

EUVD-2026-16817

Gematik Authenticator securely authenticates users for login to digital health applications. Versions prior to 4.16.0 are vulnerable to authentication flow hijacking, potentially allowing attackers to authenticate with the identities of victim users who click on a malicious deep link. Update...

9.3CVSS5.9AI score0.00265EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/26 6:28 p.m.5 views

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

9CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 5:16 p.m.4 views

UBUNTU-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-24750

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.6CVSS5.8AI score0.00236EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-23514

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

8.8CVSS5.8AI score0.0104EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 10:5 p.m.2 views

GHSA-FXCW-H3QJ-8M8P n8n Has External Secrets Authorization Bypass in Credential Saving

Impact An authenticated user without permission to list external secrets could reference a secret by the external name in a credential and retrieve its plaintext value when saving the credential. This bypassed the externalSecret:list permission check and allowed access to secrets stored in...

7.3CVSS5.8AI score0.0026EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 2:10 p.m.11 views

Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to handshake corruption due to the crypto/tls package (CVE-2025-68121)

Summary Crypto/tls is used as part of secure encryption by DataStage on Cloud Pak for Data. Vulnerability Details CVEID:CVE-2025-68121 DESCRIPTION: During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the...

10CVSS5.9AI score0.00765EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26750

Name of the Vulnerable Software and Affected Versions Graphiti versions prior to 1.10.2 Description Graphiti is a framework that exposes models through a JSON:API-compliant interface. Versions prior to 1.10.2 contain a flaw where an attacker can construct a malicious JSONAPI payload with arbitrar...

9.1CVSS6.1AI score0.00632EPSS
Exploits0References12
OSV
OSV
added 2026/03/17 7:42 p.m.4 views

GHSA-4W7R-3222-8H6V Tillitis TKey Client has an Error in Protocol Implementation

Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...

4.7CVSS6AI score0.00246EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/13 8:37 p.m.10 views

Undici has Unbounded Memory Consumption in its DeduplicationHandler via Response Buffering that leads to DoS

Impact This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An...

5.9CVSS5.7AI score0.00566EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/13 8:7 p.m.5 views

GHSA-F269-VFMQ-VJVJ Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client

Impact A server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24....

7.5CVSS5.8AI score0.00488EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/13 8:2 p.m.23 views

Scrapy: Arbitrary Module Import via Referrer-Policy Header in RefererMiddleware

Impact Since version 1.4.0, Scrapy respects the Referrer-Policy response header to decide whether and how to set a Referer header on follow-up requests. If the header value looked like a valid Python import path, Scrapy would import the referenced object and call it, assuming it referred to a...

5.8AI score
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/03/12 12:30 p.m.5 views

EUVD-2026-11565

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

4.8CVSS5.3AI score0.00133EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/02/28 12:24 a.m.5 views

SUSE CVE-2026-26955

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a malicious RDP server can trigger a heap buffer overflow in FreeRDP clients using the GDI surface pipeline e.g., xfreerdp by sending an RDPGFX ClearCodec surface command with an out-of-bounds destination...

8.8CVSS6.1AI score0.00537EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2026/02/27 12:0 a.m.4 views

PT-2026-24944

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.19-2 Description A flaw exists in the applySkillConfigenvOverrides function within the Skill Env Handler component. This issue allows for code injection when a manipulation is executed remotely. The issue arises becaus...

8.8CVSS6.6AI score0.00316EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/02/26 12:34 a.m.7 views

CVE-2026-27946

ZITADEL is an open source identity management platform. Prior to versions 4.11.1 and 3.4.7, a vulnerability in Zitadel's self-management capability allowed users to mark their email and phone as verified without going through an actual verification process. The patch in versions 4.11.1 and 3.4.7...

8.2CVSS5.5AI score0.00176EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/25 11:16 p.m.6 views

CVE-2026-3209

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to...

5.3CVSS5.3AI score
Exploits0References9
Rows per page
Query Builder