Lucene search
+L

547 matches found

OSV
OSV
added 10 hours ago4 views

ROOT-OS-UBUNTU-2404-CVE-2025-39961 CVE-2025-39961 in rootio-linux - Patched by Root

Root has patched CVE-2025-39961 in the rootio-linux package for Root:Ubuntu:24.04. Multiple fixed versions available...

4.7CVSS8.2AI score0.00101EPSS
Exploits0
CVE
CVE
added 2 days ago31 views

CVE-2026-49445

Cilium CVE-2026-49445 : When L7 is enabled, embedded or standalone Envoy creates a world-accessible admin.sock on cluster nodes, enabling a local attacker to access Envoy admin endpoints, potentially expose TLS secrets, disrupt traffic, or terminate Envoy. Affected are Cilium releases prior to 1....

9.2CVSS6.1AI score0.0017EPSS
Exploits0References6
NVD
NVD
added 3 days ago3 views

CVE-2026-45068

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, SendmailTransport in -t mode appended recipient addresses to the sendmail command line without a -- end-of-options separator, allowing an address beginnin...

8.7CVSS0.00399EPSS
Exploits0References6
CVE
CVE
added 3 days ago33 views

CVE-2026-48068

The CVE-2026-48068 entry concerns @grpc/grpc-js (Pure JavaScript gRPC implementation). The issue is triggered by an invalid incoming HTTP/2 stream initiation, which can cause the server process created by @grpc/grpc-js to crash. Affected versions are pre-fix: 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13...

7.5CVSS6.1AI score0.00625EPSS
Exploits0References13
NVD
NVD
added 3 days ago4 views

CVE-2026-45304

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser resolved YAML collection aliases recursively, allowing a small untrusted YAML input to expand into a multi-gigabyte structur...

8.7CVSS0.00804EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-45133 Symfony: [Yaml] Harden the parser when handling untrusted input

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, when the parser is exposed to attacker-controlled input, deeply nested mappings or sequences cause both the block-level Parser::parseBlock and inline...

8.2CVSS0.00691EPSS
Exploits0References5
NVD
NVD
added 3 days ago5 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS0.0029EPSS
Exploits0References5
OSV
OSV
added 3 days ago6 views

ROOT-OS-UBUNTU-2204-CVE-2026-53001 CVE-2026-53001 in rootio-linux - Patched by Root

Root has patched CVE-2026-53001 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
OSV
OSV
added 3 days ago5 views

ROOT-OS-UBUNTU-2204-CVE-2022-50322 CVE-2022-50322 in rootio-linux - Patched by Root

Root has patched CVE-2022-50322 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.5CVSS5.4AI score0.00143EPSS
Exploits0
OSV
OSV
added 3 days ago5 views

ROOT-OS-UBUNTU-2204-CVE-2024-46820 CVE-2024-46820 in rootio-linux - Patched by Root

Root has patched CVE-2024-46820 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

7.8CVSS7.9AI score0.00231EPSS
Exploits0
OSV
OSV
added 3 days ago7 views

ROOT-OS-UBUNTU-2204-CVE-2025-39898 CVE-2025-39898 in rootio-linux - Patched by Root

Root has patched CVE-2025-39898 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

8.2AI score
Exploits0
OSV
OSV
added 3 days ago12 views

ROOT-OS-DEBIAN-12-CVE-2025-39931 CVE-2025-39931 in rootio-linux - Patched by Root

Root has patched CVE-2025-39931 in the rootio-linux package for Root:Debian:12. Multiple fixed versions available...

5.5CVSS6.5AI score0.00143EPSS
Exploits0
OSV
OSV
added 5 days ago4 views

CVE-2026-15477 Bahmni bahmnicore Search Endpoint sql additionalParams sql injection

A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a manipulation of the argument test results in sql injection. The attack can be initiated remotely...

5.3CVSS5.9AI score0.00319EPSS
Exploits0References8
Cvelist
Cvelist
added last week31 views

CVE-2026-57212 RabbitMQ management HTTP API accepts request bodies larger than configured max_http_body_size

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.1CVSS0.00404EPSS
Exploits1References6
CVE
CVE
added last week11 views

CVE-2026-56665

ZITADEL's external JWT Identity Provider validation (internal/idp/providers/jwt/session.go) does not enforce expiration when an incoming token omits the exp claim, causing tokens from trusted issuers to be treated as valid without an automatic expiration window. Affected releases: 3.0.0-rc.1 thro...

4.2CVSS6.1AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 2026/07/09 10:17 p.m.9 views

CVE-2026-53962

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, insufficient SVG sanitization in upload and user avatar handling could lead to cross-site scripting when a user visited specific URLs that are not normally part of community browsing. This issue ...

5.4CVSS0.0027EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/09 10:3 p.m.7 views

CVE-2026-44787

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, the signup flow could allow newly registered users to set primarygroupid and gain whisper-group privileges without legitimate group membership on sites with whispersallowedgroups configured. This...

8.2CVSS6AI score0.00267EPSS
Exploits0References10Affected Software1
Cvelist
Cvelist
added 2026/07/09 6:44 p.m.31 views

CVE-2026-50188 Kirby: Request header injection in `Http\Remote`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS0.0029EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/09 3:32 p.m.7 views

CVE-2026-59209

n8n is an open source workflow automation platform. Prior to 1.123.61, 2.27.4, and, 2.28.1, an authenticated member with use-only editor access to a shared workflow could read credential-populated headers exposed via the $request object inside an HTTP Request node's pagination expression and...

7.1CVSS5.9AI score0.00294EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.10 views

PT-2026-57000

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description A stored cross-site scripting issue exists where a malicious second factor name on ...

9CVSS6.2AI score0.00451EPSS
Exploits0References17
Rows per page
Query Builder