Lucene search
K

60484 matches found

OSV
OSV
added 2026/03/20 12:2 a.m.6 views

RLSA-2023:3018 Low: libarchive security update

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file...

5.9CVSS6.6AI score0.01936EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/03/20 12:2 a.m.8 views

libarchive security update

An update is available for libarchive. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libarchive programming library can create and read several different...

9.8CVSS6.7AI score0.01936EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.7 views

PT-2026-26750

Name of the Vulnerable Software and Affected Versions Graphiti versions prior to 1.10.2 Description Graphiti is a framework that exposes models through a JSON:API-compliant interface. Versions prior to 1.10.2 contain a flaw where an attacker can construct a malicious JSONAPI payload with arbitrar...

9.1CVSS6.1AI score0.00632EPSS
Exploits0References12
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.7 views

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK, which stems from an out-of-bound write operation in the GPU shader compiler library, potentially leading to crashes...

9.6CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.5 views

PT-2026-26678

Name of the Vulnerable Software and Affected Versions libde265 versions prior to 1.0.17 Description libde265 is an open source implementation of the h.265 video codec. A crafted HEVC bitstream can cause an out-of-bounds heap write. This occurs due to a stale ctb info.log2unitSize after an SPS...

5.5CVSS5.8AI score0.00232EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.3 views

PT-2026-26792

Name of the Vulnerable Software and Affected Versions: pyLoad versions 0.4.0 through 0.5.0b3.dev96 Description: pyLoad, a free and open-source download manager written in Python, contains a flaw in the set config value API endpoint. Users with the non-admin SETTINGS permission can modify any...

8.8CVSS6AI score0.00529EPSS
Exploits1References19
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-4440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page...

8.8CVSS6AI score0.00324EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.11 views

PT-2026-26592

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the intended temporary worki...

8.1CVSS5.9AI score0.00462EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.10 views

Halloy 路径遍历漏洞

Halloy is a cross-platform IRC client developed by Squidowl. Halloy has a path traversal vulnerability, which stems from the lack of cleaning of file names during the DCC reception process. This vulnerability may lead to path traversal and arbitrary file writing...

8.7CVSS5.9AI score0.00399EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.2 views

PT-2026-31533

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description Improper input validation within the WebML component in Google Chrome could lead to an out-of-bounds memory write. This issue was discovered in versions of Google Chrome before...

9.8CVSS5.8AI score0.00608EPSS
Exploits0References68
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.9 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by out-of-bound writing in the V8 engine, potentially leading to heap corruption...

8.8CVSS5.8AI score0.00281EPSS
Exploits0References3
RubySec
RubySec
added 2026/03/20 12:0 a.m.8 views

Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

9.1CVSS6AI score0.00632EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/03/20 12:0 a.m.6 views

Missing Authorization

Overview feast is a Python SDK for Feast Affected versions of this package are vulnerable to Missing Authorization via the /save-document endpoint. An attacker can modify system files, overwrite configuration or startup scripts, or execute arbitrary code by sending crafted requests to write...

9.1CVSS6.2AI score
Exploits0References2
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 146.0.7680.153 contained a security vulnerability, which was caused by excessive reading and writing operations related to WebGL. This vulnerability could lead to arbitrary reading and writing...

8.8CVSS6.1AI score0.00324EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/20 12:0 a.m.1 views

CVE-2026-4450

Out of bounds write in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.9AI score0.00281EPSS
Exploits0References3
NVD
NVD
added 2026/03/19 11:16 p.m.7 views

CVE-2026-29104

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Prior to versions 7.15.1 and 8.9.3, SuiteCRM contains an authenticated arbitrary file upload vulnerability in the Configurator module. An authenticated administrator can bypass intended file ty...

2.7CVSS0.0023EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 10:47 p.m.5 views

CVE-2026-22732

When applications specify HTTP response headers for servlet applications using Spring Security, there is the possibility that the HTTP Headers will not be written. This issue affects Spring Security Servlet applications using lazy default writing of HTTP Headers: : from 5.7.0 through 5.7.21, from...

9.1CVSS5.8AI score0.0048EPSS
Exploits2References2Affected Software1
Snyk
Snyk
added 2026/03/19 10:45 p.m.2 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the wcHpkeLabeledExtract function when processing an oversized ECH configuration. An attacker can cause a client crash or achieve remote code execution by sending a maliciously crafted ECH config from a TLS server...

9.8CVSS6.4AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 10:16 p.m.4 views

CVE-2026-32017

OpenClaw versions prior to 2026.2.19 contain an allowlist bypass vulnerability in the exec safeBins policy that allows attackers to write arbitrary files using short-option payloads. Attackers can bypass argument validation by attaching short options like -o to whitelisted binaries, enabling...

5.9CVSS6AI score
Exploits0References5
OSV
OSV
added 2026/03/19 10:16 p.m.7 views

CVE-2026-32018

OpenClaw versions prior to 2026.2.19 contain a race condition vulnerability in concurrent updateRegistry and removeRegistryEntry operations for sandbox containers and browsers. Attackers can exploit unsynchronized read-modify-write operations without locking to cause registry updates to lose data...

3.6CVSS5.9AI score
Exploits0References3
Rows per page
Query Builder