Lucene search
K

695 matches found

Fedora
Fedora
added 2026/07/02 1:12 a.m.9 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 5:25 a.m.8 views

Malicious code in yastatic-s3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f6abc47a32b453ee0a12ea33e7512ccdea60ed1868839e952cbeedaccd002a06 Package name mimics Yandex's yastatic static-asset namespace. On install, postinstall.js performs an unconditional plain-HTTP GET to a hardcoded...

6.2AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:17 a.m.9 views

Malicious code in yandex-geobase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6219d513896736aee31ce33719d6ae2d1f5b03293ecdfe884d944bbb3eb99a [email protected] squats the internal-sounding name 'yandex-geobase' and ships a postinstall script that performs an HTTP GET to a hardcoded bare-...

6.2AI score
Exploits0References6
OSV
OSV
added 2026/06/29 4:17 a.m.5 views

MAL-2026-6574 Malicious code in yandex-geobase (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f6219d513896736aee31ce33719d6ae2d1f5b03293ecdfe884d944bbb3eb99a [email protected] squats the internal-sounding name 'yandex-geobase' and ships a postinstall script that performs an HTTP GET to a hardcoded bare-...

6.2AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-14545

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...

6.5CVSS5.6AI score0.00266EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-10549

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 10:16 a.m.25 views

CVE-2026-10549

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 8:27 a.m.17 views

CVE-2026-10549

CVE-2026-10549 describes an LDAP filter injection in Yandex Database leading to bypass of group membership checks and unauthorized access for an attacker with valid LDAP credentials. Affected product: Yandex Database before version 25.3.1.25. Root cause: LDAP filter injection in the authenticatio...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:27 a.m.8 views

CVE-2026-10549

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 8:27 a.m.10 views

EUVD-2026-33900

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 8:27 a.m.48 views

CVE-2026-10549 Privilege escalation in Yandex Database

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 8:27 a.m.12 views

CVE-2026-10549 Privilege escalation in Yandex Database

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

Yandex Database 安全漏洞

Yandex Database is a distributed SQL database management system developed by the Russian company Yandex. Versions of Yandex Database prior to 25.3.1.25 contained security vulnerabilities. These vulnerabilities were caused by LDAP filter injection issues, which could allow remote attackers to bypa...

5.3CVSS5.6AI score0.00268EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45722

LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database...

5.3CVSS5.8AI score0.00268EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/11 1:2 a.m.13 views

[SECURITY] Fedora 43 Update: rclone-1.74.0-2.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Fedora
Fedora
added 2026/05/10 2:55 a.m.12 views

[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Patchstack
Patchstack
added 2026/04/13 10:39 a.m.8 views

WordPress YML for Yandex Market plugin < 5.0.26 - Shop Manager+ RCE via Feed Generation vulnerability

Shop Manager+ RCE via Feed Generation vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin YML for Yandex Market versions 5.0.26...

6.5CVSS5.8AI score0.00266EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/10 9:31 a.m.10 views

EUVD-2025-209399

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...

6.5CVSS6AI score0.00266EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 7:16 a.m.6 views

CVE-2025-14545

The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process...

6.5CVSS0.00266EPSS
Exploits0References1
Rows per page
Query Builder