Lucene search
K

38459 matches found

AlpineLinux
AlpineLinux
added 2026/03/19 9:17 p.m.6 views

CVE-2026-4159

1-byte OOB heap read in wcPKCS7DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wcPKCS7DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted...

3.3CVSS5.2AI score0.00095EPSS
Exploits0
NVD
NVD
added 2026/03/19 9:17 p.m.3 views

CVE-2026-33302

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS0.00315EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/19 8:23 p.m.7 views

EUVD-2026-13221

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, the module ACL function AclMain::zhAclCheck only checks for the presence of any "allow" user or group. It never checks for explicit "deny" allowed=0. As a result,...

8.6CVSS5.8AI score0.00315EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/19 8:10 p.m.17 views

CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

7.1CVSS0.00444EPSS
Exploits1References2
CVE
CVE
added 2026/03/19 7:30 p.m.16 views

CVE-2026-32238

OpenEMR CVE-2026-32238: A command injection vulnerability in the backup functionality affects versions prior to 8.0.0.2 due to insufficient input validation. An authenticated attacker could exploit this weakness. The issue is fixed in version 8.0.0.2. Remediation: upgrade to 8.0.0.2 or apply the ...

9.1CVSS5.8AI score0.01889EPSS
Exploits3References2Affected Software1
OSV
OSV
added 2026/03/19 7:13 p.m.6 views

GHSA-JP2Q-39XQ-3W4G Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser

Summary The DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in...

5.9CVSS6.2AI score0.00449EPSS
Exploits1References5
Snyk
Snyk
added 2026/03/19 7:13 p.m.6 views

Improper Validation of Specified Quantity in Input

Overview fast-xml-parser is a Validate XML, Parse XML, Build XML without C/C++ based libraries Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the DocTypeReader component when the maxEntityCount or maxEntitySize configuration options are...

8.2CVSS5.8AI score0.00449EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/19 7:13 p.m.5 views

Entity Expansion Limits Bypassed When Set to Zero Due to JavaScript Falsy Evaluation in fast-xml-parser

Summary The DocTypeReader in fast-xml-parser uses JavaScript truthy checks to evaluate maxEntityCount and maxEntitySize configuration limits. When a developer explicitly sets either limit to 0 — intending to disallow all entities or restrict entity size to zero bytes — the falsy nature of 0 in...

5.9CVSS6.1AI score0.00449EPSS
Exploits1References5Affected Software1
Microsoft Secure
Microsoft Secure
added 2026/03/19 7:0 p.m.7 views

New tools and guidance: Announcing Zero Trust for AI

Over the past year, I have had conversations with security leaders across a variety of disciplines, and the energy around AI is undeniable. Organizations are moving fast, and security teams are rising to meet the moment. Time and again, the question comes back to the same thing: "We're adopting A...

5.9AI score
Exploits0
EUVD
EUVD
added 2026/03/19 6:31 p.m.9 views

EUVD-2026-13135

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/03/19 6:4 p.m.3 views

MGASA-2026-0060 Updated graphicsmagick & imagemagick packages fix security vulnerabilities

Division-by-Zero in YUV sampling factor validation leads to crash. CVE-2026-25799...

7.5CVSS5.7AI score0.00385EPSS
Exploits0References4
Mageia
Mageia
added 2026/03/19 6:4 p.m.6 views

Updated graphicsmagick & imagemagick packages fix security vulnerabilities

Division-by-Zero in YUV sampling factor validation leads to crash. CVE-2026-25799...

7.5CVSS5.7AI score0.00385EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/19 5:54 p.m.10 views

bcrypt-ruby has an Integer Overflow that Causes Zero Key-Strengthening Iterations at Cost=31 on JRuby

Impact An integer overflow in the Java BCrypt implementation for JRuby can cause zero iterations in the strengthening loop. Impacted applications must be setting the cost to 31 to see this happen. The JRuby implementation of bcrypt-ruby BCrypt.java computes the key-strengthening round count as a...

7.5CVSS5.8AI score0.00228EPSS
Exploits0References6Affected Software1
Snyk
Snyk
added 2026/03/19 5:25 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the setPassword.json.php endpoint. An attacker can gain unauthorized access to protected channels by submitting...

9.1CVSS5.8AI score0.00342EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 5:25 p.m.5 views

GHSA-6547-8HRG-C55M AVideo: IDOR - Any Admin Can Set Another User's Channel Password via setPassword.json.php

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

5.1CVSS5.8AI score0.00342EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 3:48 p.m.3 views

CVE-2026-32868

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

5.5CVSS5.8AI score0.00141EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/19 3:31 p.m.3 views

EUVD-2026-13105

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

6.5CVSS5.9AI score0.0042EPSS
Exploits0References4
NVD
NVD
added 2026/03/19 3:16 p.m.2 views

CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS0.0042EPSS
Exploits0References3
OSV
OSV
added 2026/03/19 3:16 p.m.1 views

UBUNTU-CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS6AI score0.0042EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/03/19 2:20 p.m.7 views

CVE-2026-2369

A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service...

9.1CVSS5.6AI score0.0042EPSS
Exploits0
Rows per page
Query Builder