Lucene search
K

1754 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.10 views

PT-2026-43325

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod fastcgi module...

6.2CVSS5.8AI score0.00197EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/21 3:17 a.m.11 views

[SECURITY] Fedora 42 Update: mysql8.0-8.0.46-1.fc42

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

6.5CVSS7.3AI score0.00323EPSS
Exploits0
Fedora
Fedora
added 2026/05/21 1:28 a.m.12 views

[SECURITY] Fedora 43 Update: mysql8.0-8.0.46-1.fc43

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon mysqld and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files...

6.5CVSS7.3AI score0.00323EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:10 a.m.9 views

Malicious code in stripe-commands (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 25869cea9557ac431847a2e11b5c78d6da5ee072b1d73f1d0fa6ccc895d2be60 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

5.9AI score
Exploits0References1
EUVD
EUVD
added 2026/05/18 7:2 p.m.11 views

EUVD-2026-30543

ws: Uninitialized memory disclosure...

4.4CVSS5.8AI score0.00717EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/15 9:41 p.m.14 views

EUVD-2026-30665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.app.state.EMBEDDINGFUNCTION.... This allows any unauthenticated caller to trigger embedding generati...

6.5CVSS5.8AI score0.00341EPSS
Exploits1References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/15 2:40 p.m.11 views

Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL on IBM Cloud Pak for Data.

Summary Security Bulletin: A vulnerability in the Axios package affects IBM® Db2® Big SQL 8 and earlier on IBM Cloud Pak for Data 5.3.1 and earlier. Vulnerability Details CVEID:CVE-2026-25639 DESCRIPTION: Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 a...

7.5CVSS7AI score0.02591EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/05/15 2:0 p.m.7 views

OESA-2026-2303 python-click security update

Click is a Python package for creating beautiful command line interfaces in a composable way with as little code as necessary. It's the "Command Line Interface Creation Kit". It's highly configurable but comes with sensible defaults out of the box. Security Fixes: Pallets Click, versions 8.3.2 an...

7.2CVSS6.1AI score0.0081EPSS
Exploits1References2
Fedora
Fedora
added 2026/05/15 3:6 a.m.16 views

[SECURITY] Fedora 43 Update: php-8.4.21-1.fc43

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS5.8AI score0.00686EPSS
Exploits1
NVD
NVD
added 2026/05/14 4:16 p.m.12 views

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS0.00348EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:36 p.m.51 views

CVE-2026-42590 Gotenberg: ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS0.0029EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/14 3:33 p.m.40 views

CVE-2026-42595 Gotenberg: Server-Side Request Forgery via Chromium URL Endpoint with Redirect-Based Deny-List Bypass

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint /forms/chromium/convert/url has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated attacker can point...

8.6CVSS0.00313EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:32 p.m.7 views

CVE-2026-42594

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the webhook middleware spawns a goroutine that holds a reference to the request's echo.Context after the synchronous handler returns ErrAsyncProcess and Echo recycles the context back to its sync.Pool. When a concurrent...

7.5CVSS5.8AI score0.00348EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:31 p.m.8 views

CVE-2026-42593

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, and chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf +...

5.3CVSS5.8AI score0.00311EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/14 3:20 p.m.59 views

CVE-2026-42591 Gotenberg: Server-Side Request Forgery (SSRF) in github.com/gotenberg/gotenberg/v8

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, the LibreOffice conversion endpoint /forms/libreoffice/convert passes uploaded documents directly to LibreOffice without inspecting their content. LibreOffice then fetches any embedded external URLs on its own, completely...

8.2CVSS0.00245EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/14 3:19 p.m.11 views

EUVD-2026-30310

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, the default deny-lists used by Gotenberg's downloadFrom feature and webhook feature are bypassable. Because the filter is regex-based and case-sensitive, an unauthenticated attacker can supply URLs such as...

9.4CVSS5.8AI score0.00352EPSS
Exploits1References1
Fedora
Fedora
added 2026/05/14 4:3 a.m.12 views

[SECURITY] Fedora 42 Update: php-8.4.21-1.fc42

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

9.8CVSS5.8AI score0.00686EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.14 views

Gotenberg 安全漏洞

Gotenberg is an open-source, developer-friendly API developed by Gotenberg. It is used to convert various document formats into PDF files. Versions of Gotenberg prior to 8.32.0 contained security vulnerabilities. These vulnerabilities stemmed from timing issues in the DNS parsing of...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/13 6:30 p.m.8 views

EUVD-2026-29894

Using a densely populated chars mask and a large input string in the MongoDB aggregation operators $trim, $ltrim, and $rtrim, an authenticated user with aggregation permissions can pin CPU utilization at 100% for an extended period of time. This issue impacts MongoDB Server v7.0 versions prior to...

5.3CVSS5.8AI score0.00263EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:42 p.m.10 views

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS5.8AI score0.00264EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder