Lucene search
K

12 matches found

CVE
CVE
added 2026/05/29 7:58 p.m.28 views

CVE-2026-46385

Summary (CVE-2026-46385) iskorotkov/avro’s Go Avro decoder can trigger remote, unauthenticated CPU exhaustion by looping up to math.MaxInt64 iterations when decoding large attacker-controlled block counts, because inner loops did not check the reader’s error state after each decode. Affected: git...

8.7CVSS5.8AI score0.00378EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/14 4:24 p.m.11 views

Portainer's Kubernetes middleware continues after token validation failure, bypassing endpoint authorization

Summary Portainer proxies requests to Kubernetes clusters through a middleware layer kubeClientMiddleware that validates the requesting user's token before forwarding traffic to the cluster. When security.RetrieveTokenData returned an error, the middleware wrote an HTTP 403 response but was missi...

8.1CVSS5.9AI score0.00335EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/11 8:25 p.m.14 views

CVE-2026-42887

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

4.5CVSS0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.7 views

PT-2026-4083

Name of the Vulnerable Software and Affected Versions matiskiba Ravpage versions prior to 2.33 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a Reflected Cross-Site Scripting XSS condition. This allows an attacker to...

5.2AI score0.00175EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/07/07 2:28 a.m.2 views

webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution

An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim needs to visit a malicious web site to trigger the vulnerability...

8.8CVSS7.6AI score0.02824EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/02/26 12:0 a.m.3 views

flusity CMS Security Vulnerability

flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version 2.33, which stems from an unrestricted upload of dangerously typed files allowed in updatesetting.php...

6.5CVSS7.2AI score0.00585EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.3 views

flusity CMS Security Vulnerability

flusity CMS is a user-interactive interface solution that can be easily changed or added to code. A security vulnerability exists in flusity CMS version v2.33, which stems from the presence of a cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary web script or HTML...

6.1CVSS5.7AI score0.00436EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.4 views

flusity CMS Security Vulnerability

flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v2.33, which was discovered to contain a cross-site request forgery CSRF vulnerability via the component /core/tools/deleteplace.php...

6.1CVSS7.3AI score0.0022EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/11 12:0 a.m.4 views

flusity CMS Cross-Site Request Forgery Vulnerability

flusity CMS is a user interaction interface solution where code can be easily changed or added. A cross-site request forgery vulnerability exists in flusity CMS version v2.33, which stems from a cross-site request forgery CSRF vulnerability in component /core/tools/updatemenu.php...

8.8CVSS7AI score0.00347EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

flusity CMS Security Vulnerability

flusity CMS is a user interactive interface solution where code can be easily changed or added. A security vulnerability exists in flusity CMS version v.2.33. A remote attacker can exploit this vulnerability to execute arbitrary code via addcustomblock.php...

8.8CVSS7.8AI score0.00475EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2021/06/02 7:0 a.m.4 views

The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller leading to a denial of service (application crash) or possibly unspecified other impact.

...

9.8CVSS7.3AI score0.02898EPSS
Exploits1
CNNVD
CNNVD
added 2021/05/25 12:0 a.m.1 views

GNU C Library 资源管理错误漏洞

The GNU C Library glibc, libc6 is an open source, free C language compiler released under the LGPL license. A resource management error vulnerability exists in GNU C Library versions 2.33 through 2.33, which can be exploited by an attacker to cause a denial of service...

9.8CVSS6.8AI score0.02898EPSS
Exploits1References36
Rows per page
Query Builder