Lucene search
K

38423 matches found

Snyk
Snyk
added 2026/03/26 6:29 p.m.2 views

Infinite loop

Overview org.webjars.npm:brace-expansion is a WebJar for brace-expansion. Affected versions of this package are vulnerable to Infinite loop through the expand function when processing a brace pattern with a zero step value. An attacker can cause the process to hang and exhaust system memory by...

8.7CVSS5.9AI score0.0043EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 5:58 p.m.5 views

libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 5:58 p.m.5 views

GHSA-434V-X5QV-PMH6 libcrux has All-Zero Key Generation Upon Catastrophic RNG Failure

The libcrux-ed25519 key generation samples Ed25519 secret keys from a provided CSPRNG in a loop for up to 100 attempts until a non-zero key is found. If a non-zero key could not be sampled within 100 attempts the key generation function would silently continue with an all-zero buffer as the secre...

8.2CVSS6AI score
Exploits0References3
Snyk
Snyk
added 2026/03/26 5:17 p.m.3 views

Out-of-bounds Write

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

5.5CVSS5.9AI score0.00141EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/26 5:17 p.m.6 views

ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction

An out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References3Affected Software18
EUVD
EUVD
added 2026/03/26 5:17 p.m.5 views

EUVD-2026-16365

ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction...

4CVSS5.8AI score0.00141EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 5:17 p.m.7 views

GHSA-MW3M-PQR2-QV7C ImageMagick has an Out-of-Bounds write of a zero byte in its X11 display interaction

An out-of-bounds write of a zero byte exists in the X11 display interaction path that could lead to a crash...

4CVSS5.9AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/03/26 5:16 p.m.6 views

CVE-2026-34071

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

6.1CVSS0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:1 p.m.4 views

CVE-2026-24989

Deserialization of Untrusted Data vulnerability in FantasticPlugins SUMO Affiliates Pro affs allows Object Injection.This issue affects SUMO Affiliates Pro: from n/a through 11.4.0...

9.8CVSS5.8AI score0.00375EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 5:0 p.m.6 views

EUVD-2026-16271

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

5.4CVSS6AI score0.0026EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.6 views

CVE-2025-26474

in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information improper input. This vulnerability can be exploited only in restricted scenarios...

3.3CVSS5.8AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:17 p.m.3 views

CVE-2026-32732

Lean 4 VS Code Extension is a Visual Studio Code extension for the Lean 4 proof assistant. Projects that use @leanprover/unicode-input-component are vulnerable to an XSS exploit in 0.1.9 of the package and lower. The component re-inserted text in the input element back into the input element as...

5.7AI score0.00327EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.4 views

CVE-2024-51226

A stored cross-site scripting XSS vulnerability in the component /admin/search-vehicle.php of Phpgurukul Vehicle Record Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Search parameter...

6.1CVSS5.8AI score0.00192EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.3 views

CVE-2026-25169

Divide by zero in Microsoft Graphics Component allows an unauthorized attacker to deny service locally...

6.2CVSS5.8AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.4 views

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS5.9AI score0.00388EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.6 views

CVE-2026-32816

Admidio is an open-source user management solution. In versions 5.0.0 through 5.0.6, the delete, activate, and deactivate modes in modules/groups-roles/groupsroles.php perform destructive state changes on organizational roles but never validate an anti-CSRF token. The client-side UI passes a CSRF...

5.7CVSS5.8AI score0.0013EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.4 views

CVE-2026-32320

Ella Core is a 5G core designed for private networks. Prior to 1.5.1, Ella Core panics when processing a PathSwitchRequest containing UE Security Capabilities with zero-length NR encryption or integrity protection algorithm bitstrings, resulting in a denial of service. An attacker able to send...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.6 views

CVE-2026-32953

Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...

4.7CVSS5.9AI score0.00246EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.3 views

CVE-2026-1653

A potential divide by zero vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to cause a Windows blue screen error...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.5 views

CVE-2026-33290

WPGraphQL provides a GraphQL API for WordPress sites. Prior to version 2.10.0, an authorization flaw in updateComment allows an authenticated low-privileged user including a custom role with zero capabilities to change moderation status of their own comment for example to APPROVE without the...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References1
Rows per page
Query Builder