Lucene search
K

162530 matches found

OSV
OSV
added 2026/06/04 12:0 a.m.16 views

ALSA-2026:23102 Important: delve security update

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out ...

7.5CVSS7.2AI score0.00621EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.7 views

Ubuntu 24.04 LTS / 25.10 : Linux kernel vulnerabilities (USN-8371-1)

The remote Ubuntu 24.04 LTS / 25.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8371-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirt...

8.8CVSS6.3AI score0.93235EPSS
Exploits57References19
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.12 views

PT-2026-46536

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in WebView allows a remote attacker who has compromised the renderer process to leak cross-origin data through a crafted HTML page...

9.6CVSS5.9AI score0.00411EPSS
Exploits0References436
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46563

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Tab Group Sync allows a remote attacker to inject arbitrary scripts or HTML, leading to Universal Cross-Site Scripting UXSS, via...

9.6CVSS6AI score0.00493EPSS
Exploits0References437
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.9 views

PT-2026-46639

Name of the Vulnerable Software and Affected Versions Google Chrome on Linux versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input in Chromoting allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted...

9.6CVSS5.9AI score0.00985EPSS
Exploits0References434
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46731

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 149.0.7827.53 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML Universal Cross-Site Scripting - UXSS via a crafted QR code. This occurs...

9.6CVSS6.1AI score0.00985EPSS
Exploits0References433
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46879

Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow to replace on original repository with one under the control of an attacker under very specific conditions. First of all, the attacker mus...

2.1CVSS5.8AI score0.00021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.15 views

PT-2026-46883

Name of the Vulnerable Software and Affected Versions stata-mcp affected versions not specified Description The stata do API and CLI contain a flaw where the log file name parameter is interpolated into a Stata command string without proper sanitization. This allows an attacker to break out of th...

9.3CVSS6.2AI score0.00629EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.8 views

CVE-2026-44393

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

5.8AI score0.0016EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 12:0 a.m.12 views

EUVD-2026-34294

An issue was discovered in OpenStack oslo.messaging 1.0.0 through 17.3.0. The oslo.messaging RabbitMQ driver does not perform TLS hostname verification when connecting to the message broker. When sslcafile is configured, the driver enables certificate chain validation but does not pass the expect...

7.4CVSS5.8AI score0.0016EPSS
Exploits0References2
CVE
CVE
added 2026/06/04 12:0 a.m.27 views

CVE-2026-44393

Summary: OpenStack oslo.messaging (RabbitMQ driver) versions 1.0.0–17.3.0 fail TLS hostname verification when connecting to the broker. The driver validates certificate chains when ssl_ca_file is configured but does not pass the broker hostname into the TLS stack, allowing any certificate signed ...

7.4CVSS5.8AI score0.0016EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46260

Name of the Vulnerable Software and Affected Versions oslo.messaging versions 1.0.0 through 17.3.0 Description The RabbitMQ driver in oslo.messaging fails to perform TLS hostname verification when connecting to the message broker. While the driver enables certificate chain validation when ssl ca...

7.4CVSS5.5AI score0.0016EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 p.m.10 views

CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score0.00088EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/03 9:34 p.m.12 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the cookies parameter, which is processed by connectandsendrequest in client.py. An attacker who can control a redirect on a request that passes cookies on a per-request basis can expose data from those...

8.7CVSS5.5AI score0.0015EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 9:15 p.m.8 views

GHSA-J5XP-7M2F-49JV Docling Core: Insufficient validation of image reference URIs

Impact In versions = 2.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible: - reject file: and data: image references from untrusted input - allow only approved local or remote image sources - apply input size and memory limits to processing workers References - Fix release: v2.74....

8.1CVSS5.8AI score0.0004EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 9:15 p.m.7 views

GHSA-Q29V-XC37-WH5M Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/03 9:15 p.m.12 views

Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/03 9:14 p.m.7 views

GHSA-2J5P-7P5M-CVQR Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Impact The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:14 p.m.12 views

Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

Impact The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation. Attackers could craft malicious LaTeX documents with path traversal sequences e.g., ../../../etc/passwd to: - Read arbitrary files from the file system accessible to the...

5.5CVSS5.9AI score0.00163EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2026/06/03 9:0 p.m.7 views

Revive Adserver: Missing ownership validation allows cross‑manager tracker–campaign linking

A vulnerability was reported in Revive Adserver version 6.0.7 and earlier that allowed a low-privileged user to link their trackers to campaigns owned by other managers on the same instance. This was due to a lack of proper ownership validation in the tracker-campaigns.php script, which handled t...

4.3CVSS5.9AI score0.00272EPSS
Exploits1
Rows per page
Query Builder