Lucene search
+L

175 matches found

Cvelist
Cvelist
added 23 hours ago10 views

CVE-2026-62230 Grav < 2.0.4 File Access Bypass via Case Variation

Grav before 2.0.4 ships a default .htaccess and reference webserver-configs/htaccess.txt whose rules blocking access to sensitive file types .yaml, .php, .json, etc. lack the NC flag, making extension matching case-sensitive. On case-insensitive filesystems Windows/NTFS, macOS/HFS+, or Docker...

8.7CVSS
Exploits0References2
CVE
CVE
added 23 hours ago9 views

CVE-2026-62230

Grav

8.7CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/02 10:16 p.m.9 views

CVE-2026-50722

Libreswan, via the function RSAauthenticatehashsignaturepkcs115rsa, did not correctly verify the DER encoding of the ASN.1 digest when the IKEv2 AUTH payload was encoded using RSASSA-PKCS1-v15 RFC 8017. A remote attacker can use a variation on the Bleichenbacher attack to forge the AUTH payload...

8.1CVSS0.00352EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/02 9:44 p.m.6 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

8.1CVSS6.5AI score0.00392EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/28 12:0 a.m.37 views

The Surface You Test Is Not the Surface That Breaks

Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...

5.8AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 9:11 a.m.13 views

Security Bulletin: Multiple security vulnerabilities are addressed with Cloud Pak foundational services 4.17.0 shipped with IBM Cloud Pak for Business Automation iFixes for April 2026

Summary IBM Cloud Pak for Business Automation includes IBM Cloud Pak foundational services. IBM Cloud Pak for Business Automation April 2026 security fixes update this dependency beyond 4.17.0 to address security vulnerabilities. Vulnerability Details CVEID:CVE-2022-23990 DESCRIPTION: Expat aka...

9.1CVSS7.2AI score0.03992EPSS
Exploits7Affected Software2
Snyk
Snyk
added 2026/05/11 4:12 p.m.16 views

Acceptance of Extraneous Untrusted Data With Trusted Data

Overview next is a react framework. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data through the improper handling of the x-nextjs-data header in middleware or proxy redirect responses. An attacker can disrupt access to redirect paths b...

6.3CVSS5.8AI score0.00195EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/05/01 9:14 a.m.8 views

WordPress XT Variation Swatches for WooCommerce plugin <= 1.9.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin XT Variation Swatches for WooCommerce versions = 1.9.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/27 12:0 a.m.6 views

DETOUR: A Practical Backdoor Attack against Object Detection

Object detection OD is critical to real-world vision systems, yet existing backdoor attacks on detection transformers DETRs for OD tasks rely on patch-wise triggers optimized at fixed locations with minimal perturbations. Such attacks overlook that backdoor triggers in the real world may appear a...

5.1AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:43 a.m.51 views

Security Bulletin: Improper Unicode Handling in validator isLength() Leads to Input Length Bypass (Pre-13.15.22) affects watsonx.data

Summary Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength function that does not take into account Unicode variation selectors \uFE0F, \uFE0E appearing in a sequence which lead to improper string...

8.7CVSS6AI score0.00464EPSS
Exploits2Affected Software1
Packet Storm News
Packet Storm News
added 2026/03/18 12:0 a.m.5 views

A New Approach to Code Smoothing Bounds

To analyze the security of code-based cryptosystems, the smoothing parameter, which is closely related to the total variation distance of codes, has been investigated. While previous studies have bounded this distance using the Fourier transform on locally compact abelian groups, we take an...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/15 5:55 a.m.3 views

OESA-2026-1577 freetype security update

FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...

5.3CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/03/15 5:55 a.m.5 views

OESA-2026-1575 freetype security update

FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...

5.3CVSS5.8AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2026/03/15 5:55 a.m.4 views

OESA-2026-1574 freetype security update

FreeType is written in C, designed to be small,efficient, highly customizable, and portable while capable of producing high-quality output glyph images of most vector and bitmap font formats Security Fixes: An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in...

5.3CVSS5.8AI score0.00141EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/13 1:18 a.m.3 views

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

8.7CVSS5.8AI score0.00976EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/12 7:56 p.m.5 views

CVE-2026-1525 undici is vulnerable to Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names e.g., Content-Length and content-length. This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: Applications...

6.5CVSS7.1AI score0.00493EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/03/02 5:16 p.m.8 views

CVE-2026-23865

An integer overflow in the ttvarloaditemvariationstore function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2...

5.3CVSS5.9AI score0.00141EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.19 views

CVE-1999-0257

Nestea variation of teardrop IP fragmentation denial of service...

5CVSS7AI score0.01423EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.10 views

PT-2026-1940

Name of the Vulnerable Software and Affected Versions pnpm versions 10.26.2 and below Description pnpm, a package manager, stores HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes in versions 10.26.2 and below. This allows a remote server to deliver...

8.8CVSS6.3AI score0.0031EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.5 views

PT-2026-22623

Name of the Vulnerable Software and Affected Versions Freetype versions 2.13.2 and 2.13.3 Description An integer overflow in the tt var load item variation store function may allow for an out-of-bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. Recommendations...

5.4CVSS5.8AI score0.00141EPSS
Exploits0References212
Rows per page
Query Builder