Lucene search
K

38444 matches found

Vulnrichment
Vulnrichment
added 2026/03/24 6:38 p.m.3 views

CVE-2026-29772 Astro: Memory exhaustion DoS due to missing request body size limit in Server Islands

Astro is a web framework. Prior to version 10.0.0, Astro's Server Islands POST handler buffers and parses the full request body as JSON without enforcing a size limit. Because JSON.parse allocates a V8 heap object for every element in the input, a crafted payload of many small JSON objects achiev...

5.9CVSS5.8AI score0.0037EPSS
Exploits1References1
NVD
NVD
added 2026/03/24 6:16 p.m.6 views

CVE-2026-33400

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, a stored cross-site scripting XSS vulnerability in the payment method rename endpoint allows any authenticated user to inject arbitrary JavaScript that executes when any user visits the Settings,...

5.4CVSS0.00193EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/24 5:43 p.m.5 views

CVE-2026-33399 Wallos: SSRF Bypass - Incomplete Fix for CVE-2026-30839/30840

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.7.0, the SSRF fix applied in version 4.6.2 for CVE-2026-30839 and CVE-2026-30840 is incomplete. The validatewebhookurlforssrf protection was added to the test notification endpoints but not to the...

7.7CVSS7.2AI score0.00497EPSS
Exploits3References2
CVE
CVE
added 2026/03/24 5:40 p.m.8 views

CVE-2026-33407

Wallos

9.1CVSS5.8AI score0.00369EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 5:22 p.m.4 views

CVE-2026-33157 Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior

Craft CMS is a content management system CMS. From version 5.6.0 to before version 5.9.13, a Remote Code Execution RCE vulnerability exists in Craft CMS, it can be exploited by any authenticated user with control panel access. This is a bypass of a previous fix. The existing patches add...

8.6CVSS5.8AI score0.0102EPSS
Exploits1References3
OSV
OSV
added 2026/03/24 4:48 p.m.3 views

SUSE-SU-2026:20900-1 Security update for the Linux Kernel RT (Live Patch 14 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-38.1 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed bsc1257669. ...

5.5CVSS5.9AI score0.00176EPSS
Exploits0References15
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/24 4:15 p.m.9 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Commons Lang (CVE-2025-48924)

Summary A vulnerability in Apache Commons Lang that is used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.6AI score0.02164EPSS
Exploits0Affected Software1
Akamai Blog
Akamai Blog
added 2026/03/24 12:0 p.m.3 views

Microsegmentation and Zero Trust: Control the Blast Radius by Design

...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/24 6:31 a.m.6 views

EUVD-2026-14700

NULL Pointer Dereference vulnerability in taurusxin ncmdump ‎src/utils‎ modules. This vulnerability is associated with program files cJSON.Cpp‎. This issue affects ncmdump: before 1.4.0...

6.7CVSS5.8AI score0.00117EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 6:31 a.m.2 views

EUVD-2026-14704

Use After Free vulnerability in No-Chicken Echo-Mate ‎SDK/rv1106-sdk/sysdrv/source/kernel/mm modules. This vulnerability is associated with program files rmap.C‎. This issue affects Echo-Mate: before V250329...

8.8CVSS5.8AI score0.00088EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 5:37 a.m.12 views

CVE-2026-4751

CVE-2026-4751 : Affected software is tmate before version 2.4.0. The vulnerability is a NULL pointer dereference in the tmate-io tmate component. The available documents do not provide explicit impact, exploit details, or remediation steps. If present, further specifics (impact scope, CVSS) would...

5.3CVSS5.8AI score0.00312EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 4:17 a.m.4 views

CVE-2026-4732

Out-of-bounds Read vulnerability in tildearrow furnace ‎extern/libsndfile-modified/src modules. This vulnerability is associated with program files flac.C‎. This issue affects furnace: before 0.7...

9.3CVSS0.00128EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 3:18 a.m.19 views

CVE-2026-4738 GDAL Bundled zlib (inftree9.c) Pointer Offset Optimization Undefined Behavior Allows Heap Corruption or Remote Code Execution

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

9.4CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/24 1:34 a.m.3 views

CVE-2026-33307 mod_gnutils has stack-based buffer overflow caused by a long client certificate chain

Modgnutls is a TLS module for Apache HTTPD based on GnuTLS. In versions prior to 0.12.3 and 0.13.0, code for client certificate verification imported the certificate chain sent by the client into a fixed size gnutlsx509crtt x509 array without checking the number of certificates is less than or...

7.5CVSS6AI score0.00342EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/24 1:17 a.m.3 views

CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 1:17 a.m.4 views

UBUNTU-CVE-2026-33306

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/24 12:30 a.m.3 views

EUVD-2025-208954

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

9.3CVSS5.8AI score0.00405EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/24 12:8 a.m.25 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS0.00228EPSS
Exploits0References3
CVE
CVE
added 2026/03/24 12:8 a.m.18 views

CVE-2026-33306

CVE-2026-33306 affects bcrypt-ruby (JRuby Java BCrypt implementation) where a signed 32-bit integer overflow at cost=31 causes the key-strengthening loop to run zero iterations, collapsing bcrypt from 2^31 rounds to effectively constant time. This leads to weaker hashes that may be exploitable. T...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/24 12:8 a.m.6 views

CVE-2026-33306 bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

bcrypt-ruby is a Ruby binding for the OpenBSD bcrypt password hashing algorithm. Prior to version 3.1.22, an integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. T...

7.4CVSS5.8AI score0.00228EPSS
Exploits0References5
Rows per page
Query Builder