Lucene search
K

60426 matches found

Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.5 views

PT-2026-28071

Name of the Vulnerable Software and Affected Versions fontconfig versions prior to 2.17.1 Description fontconfig versions prior to 2.17.1 contain an off-by-one error in memory allocation during sfnt capability handling. This error can lead to a one-byte out-of-bounds write within the...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.4 views

PT-2026-27639

SANUPS SOFTWARE provided by SANYO DENKI CO., LTD. registers Windows services with unquoted file paths. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege...

8.4CVSS7AI score0.00191EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Apple多款产品 安全漏洞

Apple iOS, among others, are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple macOS is a specialized operating system designed for Mac computers. Apple iPadOS is an operating system for iPad tablets. Several of Apple’s products have...

7.1CVSS5.8AI score0.00335EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.5 views

fontconfig 安全漏洞

Fontconfig is an open-source font-related computer library developed by freedesktop. Versions of Fontconfig prior to 2.17.1 contained security vulnerabilities. These vulnerabilities stemmed from errors in the allocation process during sfnt processing, which could lead to one-byte out-of-bound...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.26 views

PT-2026-27771

Name of the Vulnerable Software and Affected Versions Stackfield Desktop App affected versions not specified Description The Stackfield Desktop App is susceptible to Remote Code Execution RCE due to a path traversal and arbitrary file write condition. This allows an attacker to potentially execut...

9.6CVSS6.3AI score0.00421EPSS
Exploits1References11
Grafana
Grafana
added 2026/03/25 12:0 a.m.9 views

Missing Protected-field Authorization in Provisioning Contact Points API

A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission...

5.4CVSS5.7AI score0.00238EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from data competition between the sk-skdataready and sk-skwritespace pointers...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-23316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/24 8:33 p.m.2 views

Directory Traversal

Overview @astrojs/internal-helpers is an Internal helpers used by core Astro packages. Affected versions of this package are vulnerable to Directory Traversal in the matchPathname method. An attacker can access unauthorized paths in the /image endpoint by crafting a remote URL that includes an...

6.3CVSS6.5AI score0.00325EPSS
Exploits1References2
NVD
NVD
added 2026/03/24 8:16 p.m.4 views

CVE-2026-33329

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS0.00444EPSS
Exploits1References3
CVE
CVE
added 2026/03/24 7:14 p.m.11 views

CVE-2026-33329

FileRise is affected by a path traversal in the resumableIdentifier used by the UploadModel::handleUpload() function. From version 1.0.1 up to but excluding 3.10.0, unsanitized paths allow an authenticated user with upload permission to write files to arbitrary directories, perform post-assembly ...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/24 7:14 p.m.5 views

EUVD-2026-14992

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/24 7:14 p.m.19 views

CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS0.00444EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 7:14 p.m.6 views

CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/24 7:14 p.m.3 views

CVE-2026-33329 FileRise: Path Traversal in `resumableIdentifier` Leading to Arbitrary File Write, Recursive Directory Deletion, and Limited Existence Oracle

FileRise is a self-hosted web file manager / WebDAV server. From version 1.0.1 to before version 3.10.0, the resumableIdentifier parameter in the Resumable.js chunked upload handler UploadModel::handleUpload is concatenated directly into filesystem paths without any sanitization. An authenticated...

8.1CVSS5.9AI score0.00444EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/24 6:56 p.m.13 views

CVE-2026-33511

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/24 6:56 p.m.9 views

EUVD-2026-15001

pyLoad is a free and open-source download manager written in Python. From version 0.4.20 to before version 0.5.0b3.dev97, the localcheck decorator in pyLoad's ClickNLoad feature can be bypassed by any remote attacker through HTTP Host header spoofing. This allows unauthenticated remote users to...

8.8CVSS6AI score0.00422EPSS
Exploits1References1
OSV
OSV
added 2026/03/24 5:53 p.m.5 views

MGASA-2026-0065 Updated roundcubemail packages fix security vulnerabilities

Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...

4.7CVSS6AI score0.00629EPSS
Exploits2References3
Mageia
Mageia
added 2026/03/24 5:53 p.m.12 views

Updated roundcubemail packages fix security vulnerabilities

Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler, reported by y0us. Fix bug where a password could get changed without providing the old password, reported by flydragon777. Fix IMAP Injection + CSRF bypass in mail search, reported by Martila Security...

4.7CVSS6AI score0.00629EPSS
Exploits2References2
Rows per page
Query Builder