Lucene search
K

785 matches found

CVE
CVE
added 2 days ago21 views

CVE-2026-48760

Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...

6.1CVSS6.1AI score0.00412EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-43577

Cockpit CMS contains a path traversal vulnerability in the Bucket file storage API /system/buckets/api. The api method in modules/System/Controller/Buckets.php sanitizes the bucket name with pregreplace'/^a-zA-Z0-9-\./','', $bucket, which permits '..' and '../' sequences. The sanitized value is...

8.8CVSS6.1AI score0.00389EPSS
Exploits0References6
Fedora
Fedora
added 2026/07/09 1:8 a.m.8 views

[SECURITY] Fedora 43 Update: perl-CSS-Minifier-XS-0.15-1.fc43

'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also not breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl...

6.5CVSS5.9AI score0.00238EPSS
Exploits0
Fedora
Fedora
added 2026/07/09 12:57 a.m.8 views

[SECURITY] Fedora 44 Update: perl-CSS-Minifier-XS-0.15-1.fc44

'CSS::Minifier::XS' is a CSS "minifier". It's designed to remove unnecessary white-space and comments from CSS files, while also not breaking the CSS. 'CSS::Minifier::XS' is similar in function to 'CSS::Minifier', but is substantially faster as it's written in XS and not just pure Perl...

6.5CVSS5.9AI score0.00238EPSS
Exploits0
Fedora
Fedora
added 2026/07/08 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: perl-JavaScript-Minifier-XS-0.16-1.fc43

JavaScript::Minifier::XS is a JavaScript "minifier"; it's designed to remove unnecessary white space and comments from JavaScript files without breaking the JavaScript...

7.5CVSS6AI score0.00609EPSS
Exploits0
Fedora
Fedora
added 2026/07/08 12:58 a.m.6 views

[SECURITY] Fedora 44 Update: perl-JavaScript-Minifier-XS-0.16-1.fc44

JavaScript::Minifier::XS is a JavaScript "minifier"; it's designed to remove unnecessary white space and comments from JavaScript files without breaking the JavaScript...

7.5CVSS5.9AI score0.00609EPSS
Exploits0
EUVD
EUVD
added 2026/07/08 12:37 a.m.9 views

EUVD-2026-42127

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

6AI score0.00392EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-14895

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace...

7.5CVSS6.1AI score0.00392EPSS
Exploits0References3
OSV
OSV
added 2026/07/07 11:44 p.m.6 views

GHSA-6W3M-4HHP-775Q KEDA has PostgreSQL connection string parameter injection via incomplete whitespace escaping

Summary pkg/scalers/postgresqlscaler.go builds libpq-style connection strings by concatenating key=value pairs separated by spaces. Each tenant-controllable field host, port, userName, dbName, sslmode is passed through escapePostgreConnectionParameter: go func escapePostgreConnectionParameterstr...

5.9CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/07 11:16 p.m.10 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS0.00392EPSS
Exploits0References4
OSV
OSV
added 2026/07/07 11:16 p.m.5 views

DEBIAN-CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS6AI score0.00392EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/07 10:12 p.m.7 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

6AI score0.00392EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/07/07 10:12 p.m.6 views

CVE-2026-14895

String::Util versions before 1.36 for Perl are susceptible to a regular expression denial of service. The trim and rtrim functions stripped trailing whitespace with s/\s$//u. Because \s matches greedily and the $ anchor fails whenever a non-whitespace character follows the whitespace, the regex...

7.5CVSS6AI score0.00392EPSS
Exploits0
OSV
OSV
added 2026/07/07 9:17 p.m.5 views

DEBIAN-CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 9:17 p.m.3 views

UBUNTU-CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 7:43 p.m.42 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS0.00351EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 7:43 p.m.7 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/07 7:43 p.m.5 views

EUVD-2026-42081

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/07 7:43 p.m.6 views

CVE-2026-58469 GNU Wget 1.25.0 Heap Buffer Underread via Metalink URL Parsing

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/07 7:43 p.m.5 views

CVE-2026-58469

GNU Wget through 1.25.0, fixed in commit 37a40fc, contains a heap buffer underread vulnerability in the cleanmetalinkstring function within src/metalink.c that allows a malicious server to trigger memory corruption by serving a Metalink document containing a whitespace-only URL. Attackers can cau...

8.7CVSS6.2AI score0.00351EPSS
Exploits0
Rows per page
Query Builder