Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/03/03 11:23 p.m.8 views

CVE-2026-0540

A cross site scripting flaw has been discovered in the DOMPurify npm library. This flaw allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attackers can include payloads like in attribute...

6.1CVSS5.3AI score0.0034EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/10 1:3 a.m.5 views

CVE-2026-24675

A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface. Mitigation Mitigation for this issue is either not available or the currently...

8.7CVSS5.7AI score0.00467EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/22 6:14 a.m.7 views

CVE-2026-24006

Seroval facilitates JS value stringification, including complex structures beyond JSON.stringify capabilities. In versions 1.4.0 and below, serialization of objects with extreme depth can exceed the maximum call stack limit. In version 1.4.1, Seroval introduces a depthLimit parameter in...

7.5CVSS5.2AI score0.00403EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/10 9:59 p.m.3 views

CVE-2025-67636

A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product...

4.3CVSS6.1AI score0.00208EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/08 9:36 p.m.6 views

CVE-2025-66552

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Enterprise Server prior to 30.0.9 and 31.0.1, incorrect path handling with groupfolders caused the adminaudit app to not properly log all actions on files and folders inside groupfolders. This vulnerability is fixed ...

4.3CVSS6AI score0.00269EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/17 8:37 p.m.4 views

CVE-2025-60360

radare2 v5.9.8 and before contains a memory leak in the function r2rsubprocessinit. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread...

5.5CVSS6.4AI score0.00151EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/08 5:9 p.m.4 views

CVE-2025-58782

A Deserialization of Untrusted Data vulnerability has been discovered in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution...

7.7CVSS7.8AI score0.01286EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2025/08/18 5:38 p.m.5 views

CVE-2025-41242

A path traversal flaw was found in the Spring Framework MVC, affecting applications built on this framework. This flaw only affects applications that are deployed as a WAR or with an embedded Servlet container, which do not reject suspicious sequences and serve static resources with Spring resour...

5.9CVSS5.8AI score0.01916EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/08/15 10:37 a.m.4 views

CVE-2025-9019

A flaw was found in tcpreplay. The maskcidr6 function in cidr.c contains a heap-based buffer overflow triggered by manipulation of network packets. A remote attacker can initiate the overflow by providing a specially crafted packet. This buffer overflow can lead to an application level denial of...

5.9CVSS4.1AI score0.00918EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/08/13 5:27 a.m.2 views

CVE-2025-8879

A flaw was found in chromium-browser. A heap buffer overflow exists within the libaom library, allowing a remote attacker to potentially trigger heap corruption through a crafted sequence of gestures. This vulnerability allows an attacker to manipulate memory via a specially designed input. The...

8.8CVSS7.7AI score0.00265EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/11 6:20 p.m.9 views

CVE-2025-8863

YugabyteDB diagnostic information was transmitted over HTTP, which could expose sensitive data during transmission Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deploymen...

7CVSS6.8AI score0.00219EPSS
Exploits0References4
Rows per page
Query Builder