Lucene search
K

38460 matches found

Debian CVE
Debian CVE
added 2026/03/18 10:5 a.m.5 views

CVE-2025-71267

In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: fix infinite loop triggered by zero-sized ATTRLIST We found an infinite loop bug in the ntfs3 file system that can lead to a Denial-of-Service DoS condition. A malformed NTFS image can cause an infinite loop when an...

5.5CVSS5.3AI score0.00118EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/03/18 9:15 a.m.11 views

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the comman...

6.5CVSS7.5AI score0.00494EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 7:16 a.m.6 views

CVE-2026-3512

The Writeprint Stylometry plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'p' GET parameter in all versions up to and including 0.1. This is due to insufficient input sanitization and output escaping in the bjlwprintstylocommentsnav function. The function directly...

6.1CVSS0.00205EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/18 4:41 a.m.6 views

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the proxy module due to blindly trusting ExternalIPs/LoadBalancer IPs. An attacker can redirect cluster-wide network traffic or disrupt DNS services by assigning arbitrary external IPs or loadBalancer IPs withou...

7.1CVSS6AI score0.00297EPSS
Exploits1References2
NVD
NVD
added 2026/03/18 4:17 a.m.4 views

CVE-2026-32256

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...

7.5CVSS0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/18 3:22 a.m.29 views

CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...

7.5CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/18 3:22 a.m.2 views

CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 3:22 a.m.8 views

CVE-2026-32256

CVE-2026-32256 affects the music-metadata library in the ASF parser path (parseExtensionObject in lib/asf/AsfParser.ts). Before version 11.12.3, if a sub-object inside the ASF Header Extension Object has objectSize = 0, the parser can enter an infinite loop, causing an application hang. Version 1...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:22 a.m.1 views

CVE-2026-32256

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 3:22 a.m.4 views

CVE-2026-32256 music-metadata has an infinite loop vulnerability in ASF parser

music-metadata is a metadata parser for audio and video media files. Prior to version 11.12.3, music-metadata's ASF parser parseExtensionObject in lib/asf/AsfParser.ts:112-158 enters an infinite loop when a sub-object inside the ASF Header Extension Object has objectSize = 0. Version 11.12.3 fixe...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References4
NVD
NVD
added 2026/03/18 2:16 a.m.15 views

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

9.1CVSS0.00318EPSS
Exploits0References6
CVE
CVE
added 2026/03/18 1:24 a.m.8 views

CVE-2026-4268

The CVE relates to WP Go Maps (formerly WP Google Maps) WordPress plugin. All versions up to 10.0.05 are affected by a Stored Cross-Site Scripting vulnerability via the wpgmza_custom_js parameter, caused by insufficient input sanitization/output escaping and a missing capability check in the admi...

6.4CVSS5.9AI score0.00156EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/18 1:15 a.m.4 views

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

8.6CVSS5.7AI score0.00318EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/18 1:15 a.m.5 views

CVE-2026-28500 ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

8.6CVSS5.7AI score0.00318EPSS
Exploits0References2
CVE
CVE
added 2026/03/18 1:15 a.m.25 views

CVE-2026-28500

CVE-2026-28500 affects ONNX up to v1.20.1 where onnx.hub.load() bypasses security checks due to flawed repository trust logic. The silent=True flag silences warnings and prompts, enabling a vector for zero-interaction supply-chain attacks. When combined with filesystem vulnerabilities, an attacke...

9.1CVSS5.7AI score0.00318EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/03/18 1:15 a.m.5 views

CVE-2026-28500 ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

8.6CVSS5.9AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/03/18 12:48 a.m.18 views

CVE-2026-28674

Product/Context: xiaoheiFS (self-hosted financial/operational system). Vulnerability: In versions ≤ 0.3.15, the AdminPaymentPluginUpload endpoint allows admins to upload any file to plugins/payment/ with only a hardcoded password (qweasd123456) and disregards file content. A background watcher (S...

7.2CVSS5.7AI score0.00341EPSS
Exploits1References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/03/18 12:24 a.m.4 views

SUSE CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

5.3CVSS5.8AI score0.00193EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

ONNX 安全漏洞

ONNX Open Neural Network Exchange is an open standard for machine learning interoperability, developed under the ONNX open source framework. Versions of ONNX prior to 1.20.1 contain security vulnerabilities. These vulnerabilities stem from improper logic in the repository trust verification...

9.1CVSS5.8AI score0.00318EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.8 views

PT-2026-26022

The WP Go Maps formerly WP Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpgmza custom js’ parameter in all versions up to, and including, 10.0.05 due to insufficient input sanitization and output escaping and missing capability check in the 'admin post...

6.4CVSS6AI score0.00156EPSS
Exploits0References6
Rows per page
Query Builder