Lucene search
K

60404 matches found

CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Vienna Symphonic Library Vienna Assistant 安全漏洞

Vienna Symphonic Library Vienna Assistant is a music sampling library download and management tool provided by Vienna Symphonic Library. There is a security vulnerability in Vienna Symphonic Library Vienna Assistant, which stems from the lack of client validation and endpoint validation. This...

8.8CVSS5.9AI score0.00449EPSS
Exploits1References1
CNVD
CNVD
added 2026/03/26 12:0 a.m.2 views

OpenClaw Path Restriction Bypass Vulnerability

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path restriction bypass vulnerability that can be exploited by an attacker to write a file to an arbitrary location...

5.3CVSS5.8AI score0.0013EPSS
Exploits0
CNVD
CNVD
added 2026/03/26 12:0 a.m.3 views

OpenClaw path traversal vulnerability (CNVD-2026-16042)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a path traversal vulnerability. The vulnerability stems from the Feishu media download process failing to properly filter special elements in the path of a resource or file, which can be exploited by a...

9.1CVSS6AI score0.00339EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

RHEL 10 : freerdp (RHSA-2026:5939)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5939 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to...

8.8CVSS6.4AI score0.00591EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

SUSE SLED15: firewalld-prometheus-config / golang-github-prometheus-alertmanager / etc (SUSE-SU-2026:1008-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1008-1 advisory. golang-github-prometheus-alertmanager, golang-github-prometheus-nodeexporter: - Internal changes...

9.8CVSS7.2AI score0.01535EPSS
Exploits3References16
OSV
OSV
added 2026/03/26 12:0 a.m.8 views

ALSA-2026:5941 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

8.6CVSS5.9AI score0.00728EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.8 views

RHEL 10 : golang (RHSA-2026:5943)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5943 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

8.6CVSS7.2AI score0.00728EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.3 views

RHEL 9 : golang (RHSA-2026:5942)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5942 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

8.6CVSS7.1AI score0.00728EPSS
Exploits0References6
OSV
OSV
added 2026/03/26 12:0 a.m.10 views

ALSA-2026:5942 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

8.6CVSS5.9AI score0.00728EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.1 views

RHEL 10 : golang (RHSA-2026:5941)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5941 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

8.6CVSS7.1AI score0.00728EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.5 views

RHEL 9 : golang (RHSA-2026:5944)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5944 advisory. The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious...

8.6CVSS7.1AI score0.00728EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2026/03/26 12:0 a.m.11 views

Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive CVE-2025-61731 net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 For more details about the security issues, including...

8.6CVSS7.1AI score0.00728EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/03/26 12:0 a.m.12 views

openexr -- multiple vulnerabilities

Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CVE-2026-34380 Signed integer overflow undefined behavior in undopxr24impl may allow bounds-che...

8.8CVSS5.9AI score0.00482EPSS
Exploits5References2
OSV
OSV
added 2026/03/25 10:0 p.m.2 views

GHSA-F7XC-5852-FJ99 Saloon has a Fixture Name Path Traversal Vulnerability

Impact Users with MockResponse fixtures that use path traversal. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description Fixture names were used to build file paths under the configured fixture directory without validation. A name containin...

6.3CVSS5.8AI score0.00566EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 8:4 p.m.9 views

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

8.8CVSS6.2AI score0.00434EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/25 6:38 p.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the FcFontCapabilities function in fcfreetype.c. An attacker can cause a one-byte out-of-bounds write, potentially leading to a crash or execution of arbitrary code by supplying crafted input that triggers the...

7.8CVSS6.3AI score0.00125EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15934

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

5.9CVSS5.9AI score0.00125EPSS
Exploits0References4
OSV
OSV
added 2026/03/25 5:17 p.m.2 views

DEBIAN-CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

5.9CVSS5.9AI score0.00125EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.7 views

SUSE CVE-2026-23302

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...

5.7AI score0.00089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.6 views

SUSE CVE-2026-23316

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5
Rows per page
Query Builder