Lucene search
K

77 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-41425

Pathway through 0.31.1, fixed in commit d09722e, document store applies a caller-supplied glob pattern to indexed document paths using a hand-written recursive matcher that branches two ways on each token without memoization, giving exponential worst-case complexity. The filepathglobpattern value...

8.7CVSS5.9AI score0.0047EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-409

An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS...

5.9CVSS6.8AI score0.0181EPSS
Exploits1References24
CNVD
CNVD
added 2026/04/08 12:0 a.m.4 views

OpenClaw Input Validation Error Vulnerability

OpenClaw is a command line tool for rights management. A security vulnerability exists in OpenClaw versions prior to 2026.3.11, which stems from the matchesExecAllowlistPattern function performing lowercase conversions and wildcard matching on POSIX paths when normalizing patterns, resulting in a...

9.8CVSS5.9AI score0.00406EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.5 views

TencentOS Server 3: curl (TSSA-2023:0172)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0172 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

5.9CVSS6.5AI score0.0181EPSS
Exploits2References3
VulnCheck KEV
VulnCheck KEV
added 2025/10/13 12:0 a.m.19 views

VulnCheck KEV: CVE-2013-2134

Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135...

9.3CVSS7.6AI score0.70211EPSS
In wildExploits1References184
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7724

Malware in sbrugna...

9.8CVSS9.5AI score0.01115EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-54457

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00301EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-32028

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.0181EPSS
Exploits1References14
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.8 views

ManageEngine SupportCenter Plus < 14.9 Build 14940 Privilege Escalation

The version of ManageEngine SupportCenter Plus installed on the remote host is prior to 14.9 Build 14940. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-8309 advisory. - A privilege escalation vulnerability caused by the overly permissive regular expression regex rule...

8.1CVSS5.6AI score0.00239EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2025/05/14 7:0 a.m.2 views

tranport: TLS host name wildcard matching too lax

...

7.5CVSS7.5AI score0.00301EPSS
Exploits1
OSV
OSV
added 2025/05/07 4:15 p.m.3 views

DEBIAN-CVE-2024-47619

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS7.3AI score0.00301EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/05/07 3:12 p.m.12 views

CVE-2024-47619 tranport: TLS host name wildcard matching too lax

syslog-ng is an enhanced log daemo. Prior to version 4.8.2, tlswildcardmatch matches on certificates such as foo..bar although that is not allowed. It is also possible to pass partial wildcards such as foo.ac.bar which glib matches but should be avoided / invalidated. This issue could have an...

7.5CVSS0.00301EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/14 12:0 a.m.2 views

micromatch 安全漏洞

micromatch is a highly optimized wildcard and global matching library from the micromatch open source. A security vulnerability exists in micromatch that stems from an inability to limit the number of characters that can be processed, which could lead to memory exhaustion...

7.5CVSS6.8AI score0.01471EPSS
Exploits1References9
OpenVAS
OpenVAS
added 2023/12/15 12:0 a.m.21 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3425)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.9CVSS7.7AI score0.0181EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2023/11/02 4:9 p.m.34 views

curl: IDN wildcard match may lead to Improper Cerificate Validation

A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...

5.9CVSS7.3AI score0.0181EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/10/10 3:28 p.m.6 views

curl: IDN wildcard match may lead to Improper Cerificate Validation

A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...

5.9CVSS7.3AI score0.0181EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2023/08/15 5:37 p.m.10 views

curl: IDN wildcard match may lead to Improper Cerificate Validation

A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...

5.9CVSS7.3AI score0.0181EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2023/08/02 12:0 a.m.29 views

EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2023-2537)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - An improper certificate validation vulnerability exists in curl v8.1.0 in the way it supports matching of wildcard patterns when...

5.9CVSS6.4AI score0.02211EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added 2023/08/01 8:55 a.m.3 views

curl: IDN wildcard match may lead to Improper Cerificate Validation

A flaw was found in the Curl package. An incorrect International Domain Name IDN wildcard match may lead to improper certificate validation...

5.9CVSS7.1AI score0.0181EPSS
Exploits1References5
Veracode
Veracode
added 2023/06/07 10:17 a.m.54 views

Improper Certificate Validation

libcurl.so is vulnerable to Improper Certificate Validation. In place of a library's built-in name matching function, Curl may utilize its own name matching function for TLS. IDN hosts could be mismatched by this private wildcard matching function since they are rendered in a weak form before...

5.9CVSS6.7AI score0.0181EPSS
Exploits1References16Affected Software1
Rows per page
Query Builder