Lucene search
K

38416 matches found

RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.8 views

CVE-2021-27847

Division-By-Zero vulnerability in Libvips 8.10.5 in the function vipseyepoint, eye.cL83, and function vipsmaskpoint, mask.cL85...

6.5CVSS6.8AI score0.00976EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 2:18 p.m.6 views

CVE-2026-33759 AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the objects/playlistsVideos.json.php endpoint returns the full video contents of any playlist by ID without any authentication or authorization check. Private playlists including watchlater and favorite types are...

5.3CVSS5.8AI score0.00295EPSS
Exploits1References4
OSV
OSV
added 2026/03/27 2:4 p.m.6 views

CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

6.5CVSS6AI score0.0043EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/03/27 2:4 p.m.2 views

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

6.5CVSS6AI score0.0043EPSS
Exploits0References11Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 2:4 p.m.2 views

CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

6.5CVSS6AI score0.0043EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/03/27 2:4 p.m.32 views

CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

6.5CVSS0.0043EPSS
Exploits0References10
CVE
CVE
added 2026/03/27 2:4 p.m.40 views

CVE-2026-33750

The IBM security bulletins confirm CVE-2026-33750 affecting the brace-expansion library used by IBM DevOps Test Performance and Rational Performance Tester. Before 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a zero-step brace pattern (e.g., {1..2..0}) can cause an infinite loop, hang the process, and exhaus...

7.5CVSS6AI score0.0043EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2026/03/27 2:4 p.m.3 views

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

7.5CVSS5.4AI score0.0043EPSS
Exploits0
CVE
CVE
added 2026/03/27 1:58 p.m.13 views

CVE-2026-33284

GlobaLeaks (free/open-source whistleblowing software) is affected prior to version 5.0.89. The /api/support endpoint performs minimal validation on user-submitted support requests, allowing arbitrary URLs to be included in support emails sent to administrators. Version 5.0.89 patches the issue. E...

5.1CVSS5.9AI score0.00196EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 1:53 p.m.2 views

CVE-2026-33206 calibre has a path traversal vulnerability

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a path traversal vulnerability exists in Calibre' handling of images in Markdown and other similar text-based files allowing an attacker to include arbitrary files from the...

8.2CVSS5.9AI score0.00208EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 1:52 p.m.1 views

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

4.8CVSS6AI score0.00173EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/27 1:52 p.m.4 views

CVE-2026-33205 calibre has Server-Side Request Forgery in ebook viewer backend

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

4.8CVSS6AI score0.00173EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.5 views

CVE-2026-4835

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /myaccount/addcostumer.php of the component Web Application Interface. Such manipulation of the argument costumername leads to cross site scripting. The attack may be...

5.1CVSS3.9AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.4 views

CVE-2026-33932

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, a stored cross-site scripting vulnerability in the CCDA document preview allows an attacker who can upload or send a CCDA document to execute arbitrary JavaScript in ...

7.6CVSS5.9AI score0.00187EPSS
Exploits0References1
Slackware Linux
Slackware Linux
added 2026/03/27 4:14 a.m.7 views

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.56-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Use-after-free via pointer aliasing in pngsettRNS and...

7.6CVSS5.8AI score0.01052EPSS
Exploits1
Slackware Linux
Slackware Linux
added 2026/03/27 4:13 a.m.7 views

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.16.2-i586-1slack15.0.txz: Upgraded. Fixed missing security fixes in the 1.16.1 release. Security fix Where to find the new...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/27 12:3 a.m.10 views

CVE-2026-33693

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS5.8AI score0.00389EPSS
Exploits2References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 12:3 a.m.1 views

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28507

Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.6 Description An indirect prompt injection exists in the email channel processing module nanobot/channels/email.py. This allows a remote, unauthenticated attacker to execute arbitrary Large Language Model LLM...

9.8CVSS6.6AI score0.00489EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.5 views

PT-2026-28405

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view product.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References2
Rows per page
Query Builder