Lucene search
+L

208 matches found

EUVD
EUVD
added 2026/07/11 12:31 a.m.8 views

EUVD-2026-43063

Missing Authorization vulnerability in Drupal WissKI allows Forceful Browsing. This issue affects WissKI versions: from 0.0.0 to 4.2.0...

6.1AI score0.00159EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56849

Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified in the libmbedtls2 and libeverest packages within the openSUSE Tumbleweed GA media. Recommendations Update...

6.1AI score
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56845

Name of the Vulnerable Software and Affected Versions libmbedtls2 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23-4.2.0-1.1 and libeverest-3.6.7-1.1 packages on the GA media of openSU...

6.1AI score
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.9 views

PT-2026-56838

Name of the Vulnerable Software and Affected Versions libmbedtls23 affected versions not specified libeverest affected versions not specified Description Security issues were identified and subsequently fixed in the libmbedtls23 and libeverest packages within the openSUSE Tumbleweed GA media...

6.1AI score
Exploits0References18
OSV
OSV
added 2026/07/08 12:0 a.m.2 views

OPENSUSE-SU-2026:11215-1 libmbedtls23-4.2.0-1.1 on GA media

These are all security issues fixed in the libmbedtls23-4.2.0-1.1 package on the GA media of openSUSE Tumbleweed...

6.1AI score
Exploits0References10
Cvelist
Cvelist
added 2026/06/22 2:59 p.m.43 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.19 views

PT-2026-50568

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Encryption versions 4.0.0 through 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where configuring the encrypt:rsa:algorithm variable with...

1.9CVSS5.9AI score0.00046EPSS
Exploits0References8
OSV
OSV
added 2026/06/09 11:16 p.m.6 views

DEBIAN-CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:16 p.m.6 views

UBUNTU-CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 10:40 p.m.46 views

CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS0.00263EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Wireshark

The NTLMSSP dissector crash in Wireshark versions 4.2.0 to 4.0.6, as well as 4.0.0 to 4.0.16, allows for denial of service through packet injection or malicious capture files...

7.8CVSS6.6AI score0.00317EPSS
Exploits1References2
OSV
OSV
added 2026/05/18 1:11 p.m.16 views

CLEANSTART-2026-JU62349 Security fixes for CVE-2018-10237, CVE-2020-8908, CVE-2021-22569, CVE-2021-22570, CVE-2022-3171, CVE-2022-3509, CVE-2022-3510, CVE-2023-2976, CVE-2023-44981, CVE-2024-23454, CVE-2024-23944, CVE-2024-38827, CVE-2024-47554, CVE-2024-6763, CVE-2024-7254, CVE-2025-11143, CVE-2025-24970, CVE-2025-25193, CVE-2025-27821, CVE-2025-41249, CVE-2025-48734, CVE-2025-48924, CVE-2025-49128, CVE-2025-52999, CVE-2025-53864, CVE-2025-55163, CVE-2025-58056, CVE-2025-58057, CVE-2025-59419, CVE-2025-67735, CVE-2025-68161, CVE-2025-8916, CVE-2026-24281, CVE-2026-24308, CVE-2026-33870, CVE-2026-33871, CVE-2026-40490, CVE-2026-41417, CVE-2026-5588, ghsa-72hv-8253-57qq, ghsa-cmxv-58fp-fm3g applied in versions: 4.2.0-r0, 4.2.0-r1, 4.2.0-r2

Multiple security vulnerabilities affect the apache-hive package. These issues are resolved in later releases. See references for individual vulnerability details...

9.1CVSS6.7AI score0.05119EPSS
Exploits13References81
SUSE CVE
SUSE CVE
added 2026/05/13 2:22 p.m.11 views

SUSE CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

7.5CVSS5.7AI score0.00126EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.21 views

PT-2026-40314

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/09 4:10 a.m.68 views

CVE-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.1CVSS0.00126EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2026/05/07 12:18 a.m.15 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42581 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42581 Source advisory: SNYK:JAVA-IONETTY-16438934...

9.8CVSS6.7AI score0.00607EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/05/07 12:13 a.m.16 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +2921 more potentially affected by CVE-2026-42580 via io.netty:netty-codec-http (>=4.2.0.Alpha1 <=4.2.12.Final)

io.netty:netty-codec-http MAVEN version =4.2.0.Alpha1, =0.1.0, =0.1.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42580 Source advisory: SNYK:JAVA-IONETTY-16438926...

6.5CVSS6.7AI score0.00364EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/21 5:10 p.m.34 views

CVE-2026-40586 blueprintUE: Login Endpoint Has No Rate Limiting, Lockout, or Brute-Force Protection

blueprintUE is a tool to help Unreal Engine developers. Prior to 4.2.0, the login form handler performs no throttling of any kind. Failed authentication attempts are processed at full network speed with no IP-based rate limiting, no per-account attempt counter, no temporary lockout, no progressiv...

7.5CVSS0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/07 1:7 p.m.23 views

CVE-2026-35554 Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

0.00328EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 3:30 p.m.6 views

EUVD-2026-14889

An issue in Free5GC v.4.2.0 and before allows a remote attacker to cause a denial of service via the function HandleAuthenticationFailure of the component AMF...

7.5CVSS5.7AI score0.00392EPSS
Exploits1References2
Rows per page
Query Builder