38460 matches found
IBM QRadar SIEM 跨站脚本漏洞
IBM QRadar SIEM is a solution developed by the American multinational company IBM, designed to protect assets and information from advanced threats using security intelligence. This solution provides features such as monitoring across the entire IT infrastructure and generating detailed reports o...
PT-2026-26287
We're not migrating to Veeam B&R 13.0.1 until the end of the year, as Veeam B&R is supported until 01 Feb 2027, and we're not find of adopting applications before a couple of version releases have been made. We noticed Action1 appears to be incorrectly assigning CVE's affecting Veeam B&R 13.0.1.x...
wolfSSL(CyaSSL) 安全漏洞
wolfSSL CyaSSL is a small, portable embedded SSL programming library developed by the American company wolfSSL, aimed at developers working with embedded systems. WolfSSL CyaSSL versions 5.8.4 and earlier contain security vulnerabilities. These vulnerabilities stem from a 1-byte out-of-bounds hea...
CVE-2022-50871
creationtimestamp| type| source ---|---|--- 2026-03-19 00:00:00+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0316/...
PT-2026-26343
⚠️ Limited Disclosure — Full Details Pending A critical security vulnerability has been identified in Step CA. An updated version, v0.30.0, is available and all operators are strongly encouraged to upgrade immediately. Full details of this vulnerability will be published in this security advisory...
SiYuan 安全漏洞
SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan 3.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from improper cleaning of upload file paths, allowing administrators to write files to arbitrary...
PT-2026-26376
Name of the Vulnerable Software and Affected Versions wolfSSL versions 5.8.4 and earlier Description An out-of-bounds heap read issue exists in the wc PKCS7 DecodeEnvelopedData function when processing crafted CMS EnvelopedData messages containing zero-length encrypted content. This issue could...
Fedora 43 : dotnet10.0 (2026-854e553ffa)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-854e553ffa advisory. This is the March 2026 release of .NET 10. Release Notes: - SDK: https://github.com/dotnet/core/blob/main/release-notes/10.0/10.0.4/10.0.104.md - Runtime:...
Photon OS 4.0: Linux PHSA-2026-4.0-0980
An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-0980. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...
CVE-2026-32636
A flaw was found in ImageMagick. The NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. This vulnerability could allow a remote attacker to cause a Denial of Service DoS by providing a specially crafted image, leading to system...
DEBIAN-CVE-2026-32636
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-17 and 6.9.13-42, the NewXMLTree method contains a bug that could result in a crash due to an out of write bounds of a single zero byte. Versions 7.1.2-17 and 6.9.13-42 fix the issue...
CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-25745
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the message/note update endpoint e.g. PUT or POST updates by message/note ID only and does not verify that the message belongs to the current patient or...
gosaml2 CBC Padding Panic — Unauthenticated Process Crash
Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...
Improper Validation of Array Index
Overview Affected versions of this package are vulnerable to Improper Validation of Array Index via the DecryptBytes function. An attacker can cause the process or goroutine to crash by sending a crafted AES-CBC encrypted assertion with a plaintext of all zero bytes, which triggers a panic due to...
GHSA-HWQM-QVJ9-4JR2 gosaml2 CBC Padding Panic — Unauthenticated Process Crash
Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...
GHSA-7C47-XR7Q-P6HG free5GC NRF Discovery EncodeGroupId Function Panics on Malformed group-id-list Parameter
Impact This is an Improper Input Validation vulnerability leading to Denial of Service. - Security Impact: A remote attacker can cause the NRF service to panic and crash by sending a crafted HTTP GET request with a malformed group-id-list parameter. This results in complete denial of service for...
EUVD-2026-12907
In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3arb A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUTVSCREENINFO ioctl on /dev/fb. When doing so, the driver recomputes FIFO arbitration parameters in nv3ar...
EUVD-2026-12887
In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...
CVE-2026-23266
In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3arb A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUTVSCREENINFO ioctl on /dev/fb. When doing so, the driver recomputes FIFO arbitration parameters in nv3ar...