Lucene search
K

38461 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.9 views

Photon OS 5.0: Curl PHSA-2026-5.0-0785

An update of the curl package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0785. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.5CVSS7.1AI score0.00715EPSS
Exploits4References5
EUVD
EUVD
added 2026/03/16 9:34 p.m.3 views

EUVD-2025-208761

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

5.4CVSS5.8AI score0.00266EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/16 9:17 p.m.3 views

Cross-site Request Forgery (CSRF)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the savemembership process. An attacker can alter membership start and end dates for any member of...

6.8CVSS5.9AI score0.00149EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/16 9:16 p.m.4 views

Arbitrary File Upload

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Arbitrary File Upload through the UploadHandlerFile process. An attacker can execute arbitrary code on the server by uploading a...

8.8CVSS6.3AI score0.00982EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/03/16 8:26 p.m.6 views

WordPress Wicked Folders plugin <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder Deletion vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Arbitrary Folder Deletion vulnerability discovered by Youssef Elouaer in WordPress Plugin Wicked Folders versions = 4.1.0...

4.3CVSS5.8AI score0.00233EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/16 8:16 p.m.3 views

UBUNTU-CVE-2025-69693

Out-of-bounds read in FFmpeg 8.0 and 8.0.1 RV60 video decoder libavcodec/rv60dec.c. The quantization parameter qp validation at line 2267 only checks the lower bound qp 0 but is missing upper bound validation. The qp value can reach 65 base value 63 from 6-bit frame header + offset +2 from...

5.4CVSS5.8AI score0.00266EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 6:32 p.m.4 views

GHSA-4P9M-8GC4-RW2H GoBGP vulnerable to a denial of service via the NEXT_HOP path attribute

An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXTHOP path attribute...

7.5CVSS5.8AI score0.00333EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/03/16 5:32 p.m.3 views

SUSE CVE-2026-31883

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a sizet underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header...

7.3CVSS5.8AI score0.00317EPSS
Exploits1References14
SUSE CVE
SUSE CVE
added 2026/03/16 5:32 p.m.3 views

SUSE CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

5.3CVSS5.8AI score0.00303EPSS
Exploits1References14
SUSE CVE
SUSE CVE
added 2026/03/16 5:32 p.m.2 views

SUSE CVE-2026-31897

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, there is an out-of-bounds read in freerdpbitmapdecompressplanar when SrcSize is 0. The function dereferences srcp which points to pSrcData without first verifying that SrcSize = 1. When SrcSize is 0 and pSrcData is...

3.1CVSS5.8AI score0.00285EPSS
Exploits1References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/16 3:41 p.m.7 views

Security Bulletin: Multiple security vulnerabilities in IBM SDK, Java Technology Edition Quarterly CPU - October 2025 affects IBM OpenPages

Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition Quarterly CPU - Oct 2025 has been published in multiple security bulletins. These products have addressed the...

7.5CVSS5.7AI score0.00633EPSS
Exploits0Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/16 3:30 p.m.7 views

Vanna has a SQL injection in the remove_training_data function

A flaw has been found in vanna-ai vanna up to 2.0.2. This impacts the function removetrainingdata of the file src/vanna/legacy/google/bigqueryvector.py. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

7.5CVSS5.6AI score0.00254EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2026-12345

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

7.4CVSS5.8AI score0.00193EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/16 3:30 p.m.4 views

EUVD-2025-208675

in OpenHarmony v5.1.0 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through using incompatible type. This vulnerability can be exploited only in restricted scenarios...

6.3CVSS6.3AI score0.00151EPSS
Exploits0References2
NVD
NVD
added 2026/03/16 2:20 p.m.7 views

CVE-2026-4255

A DLL search order hijacking vulnerability in Thermalright TR-VISION HOME on Windows 64-bit allows a local attacker to escalate privileges via DLL side-loading. The application loads certain dynamic-link library DLL dependencies using the default Windows search order, which includes directories...

8.4CVSS0.00191EPSS
Exploits0References1
OSV
OSV
added 2026/03/16 2:19 p.m.3 views

CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

7.4CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/16 2:19 p.m.2 views

UBUNTU-CVE-2026-32775

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow...

7.8CVSS5.8AI score0.00193EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2026/03/16 2:17 p.m.24 views

⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More

Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we’re doing this now” feeling. This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real...

9.9CVSS7.8AI score0.6906EPSS
Exploits41
OSV
OSV
added 2026/03/16 1:37 p.m.6 views

CLSA-2026-1773668222 Fix CVE(s): CVE-2026-24481

SECURITY UPDATE: heap information disclosure in PSD handler - debian/patches/CVE-2026-24481.patch: zero-initialize pixel buffer in ReadPSDChannelZip to prevent heap info leak when ZIP-compressed layer data decompresses to fewer bytes than expected - CVE-2026-24481...

7.5CVSS7.2AI score0.00348EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:32 a.m.1 views

CVE-2026-4236

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. Impacted is an unknown function of the file /enrollment/index.php?view=add. Such manipulation of the argument txtsearch/deptname/name leads to sql injection. The attack may be performed from remote. The explo...

7.5CVSS5.7AI score0.00278EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder