Lucene search
K
FreebsdRecent

6577 matches found

FreeBSD
FreeBSD
•added 2026/03/10 12:0 a.m.•3 views

firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2017513%2C2017622%2C2019341 reports: Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS5.9AI score0.00308EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/03 12:0 a.m.•14 views

xrdp -- Multiple vulnerabilities

xrdp project reports: This release includes 8 security fixes: CVE-2026-32105 CVE-2026-32107 CVE-2026-32623 CVE-2026-32624 CVE-2026-33145 CVE-2026-32516 CVE-2026-32689 CVE-2026-35512...

9.3CVSS5.7AI score0.00583EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/01 12:0 a.m.•7 views

homebox -- multiple vulnerabilities

Homebox reports: HIGH CVE-2026-27981: Auth Rate Limit Bypass via IP Spoofing MODERATE CVE-2026-27600: Blind SSRF MODERATE CVE-2026-26272: Stored XSS via HTML/SVG Attachment Upload...

7.4CVSS5.8AI score0.00262EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/02/25 12:0 a.m.•12 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Mermaid sandbox impacts GitLab CE/EE Denial of Service issue in container registry impacts GitLab CE/EE Denial of Service issue in Jira events endpoint impacts GitLab CE/EE Regular Expression Denial of Service issue in GitLab merge requests impacts...

8CVSS5.4AI score0.00357EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/25 12:0 a.m.•9 views

mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API

Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status...

8.6CVSS5.6AI score0.00468EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/02/25 12:0 a.m.•11 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.1 release: Twelve security vulnerabilities were addressed, including: Out-of-bounds reads and writes in the H.266 video parser, WAV parser, MP4 and ASF demuxers, and DVB subtitle decoder. Integer overflows in the RI...

8.8CVSS6.2AI score0.00867EPSS
Exploits0References12
FreeBSD
FreeBSD
•added 2026/02/24 12:0 a.m.•11 views

Mozilla -- Integer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=2009552 reports: Integer overflow in the Libraries component in NSS...

9.8CVSS5.8AI score0.0036EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/24 12:0 a.m.•13 views

Mozilla -- Undefined behavior in the DOM: Core & HTML component

https://bugzilla.mozilla.org/showbug.cgi?id=2014593 reports: Undefined behavior in the DOM: Core & HTML component...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/24 12:0 a.m.•7 views

FreeBSD -- Local DoS and possible privilege escalation via routing sockets

Problem Description: The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily...

7.5CVSS5.8AI score0.00468EPSS
Exploits1
FreeBSD
FreeBSD
•added 2026/02/24 12:0 a.m.•7 views

Mozilla -- Multiple vulnerabilities

CVE-2026-2809: Memory safety bug in the JavaScript: WebAssembly component. CVE-2026-2808: Integer overflow in the JavaScript: Standard Library component...

6.8CVSS6AI score0.00475EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/02/24 12:0 a.m.•8 views

FreeBSD -- Jail chroot escape via fd exchange with a different jail

Problem Description: If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has...

7.5CVSS5.6AI score0.00111EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/02/24 12:0 a.m.•8 views

Firefox -- Multiple vulnerabilities

CVE-2026-2807: Memory safety bugs present in Firefox 147 and Thunderbird 147 CVE-2026-2806: Uninitialized memory in the Graphics: Text component. CVE-2026-2805: Invalid pointer in the DOM: Core & HTML component. CVE-2026-2804: Use-after-free in the JavaScript: WebAssembly component. CVE-2026-2803...

9.8CVSS5.9AI score0.00625EPSS
Exploits2
FreeBSD
FreeBSD
•added 2026/02/23 12:0 a.m.•10 views

Vaultwarden -- Multiple vulnerabilities

The Vaultwarden project reports: GHSA-w9f8-m526-h7fh. This vulnerability would allow an attacker to access a cipher from a different user fully encrypted if they already know its internal UUID. GHSA-h4hq-rgvh-wh27. This vulnerability allows an attacker with manager-level access within an...

5.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/22 12:0 a.m.•3 views

py-ormar -- vulnerabilities

https://github.com/ormar-orm/ormar/security/advisories reports: SQL Injection in aggregate functions min and max Pydantic Validation Bypass via pkonly and excluded Kwargs Injection in Model Constructor...

9.8CVSS7.4AI score0.01192EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2026/02/18 12:0 a.m.•6 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3669 / CVE-2026-27099 Stored XSS vulnerability in node offline cause description Medium SECURITY-3658 / CVE-2026-27100 Build information disclosure vulnerability through Run Parameter...

8CVSS5.4AI score0.00505EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/18 12:0 a.m.•11 views

chromium -- security fixes

Chrome Releases reports: This update includes 3 security fixes: 477033835 High CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax on 2026-01-19 481074858 High CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park@candymate of KAIST Hacking Lab on 2026-02-03 476461867 Medi...

8.8CVSS5.8AI score0.00642EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/17 12:0 a.m.•6 views

go-ethereum -- vulnerabilities

https://github.com/ethereum/go-ethereum/security/advisories reports: DoS via malicious p2p message CVE-2026-26313 DoS via malicious p2p message CVE-2026-26314 Improper ECIES Public Key Validation in RLPx Handshake CVE-2026-26315...

8.7CVSS5.8AI score0.0058EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2026/02/16 12:0 a.m.•13 views

Mozilla -- Heap buffer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=2014390 reports: Heap buffer overflow in libvpx...

8.8CVSS5.8AI score0.006EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/16 12:0 a.m.•9 views

openexr -- buffer overflow in istream_nonparallel_read on invalid input data

Cary Phillips reports: openexr v3.4.5 ... fixes an incorrect size check in istreamnonparallelread that could lead to a buffer overflow on invalid input data...

5.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2026/02/16 12:0 a.m.•5 views

PowerDNS -- vulnerabilities

PowerDNS Team reports: CVE-2026-33257: Insufficient input validation of internal webserver CVE-2026-33260: Insufficient input validation of internal webserver CVE-2026-33608: Incomplete domain name sanitization during Bind autosecondary zone transfer CVE-2026-33609: LDAP DN injection...

9.8CVSS5.8AI score0.00524EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/02/13 12:0 a.m.•14 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 483569511 High CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim on 2026-02-11...

8.8CVSS5.5AI score0.2202EPSS
Exploits12References1
FreeBSD
FreeBSD
•added 2026/02/12 12:0 a.m.•10 views

Grafana -- Public Dashboards time range restriction on annotations can be bypassed

https://grafana.com/security/security-advisories/cve-2026-21722 reports: Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific...

5.3CVSS7.2AI score0.00327EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/12 12:0 a.m.•7 views

PostgreSQL -- Multiple vulnerabilities

The PostgreSQL project reports: Improper validation of type oidvector in PostgreSQL allows a database user to disclose a few bytes of server memory. We have not ruled out viability of attacks that arrange for presence of confidential information in disclosed bytes, but they seem unlikely. Missing...

8.8CVSS6.5AI score0.01208EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2026/02/12 12:0 a.m.•10 views

Grafana -- XSS in Grafana Explore stack trace

https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasourc...

6.8CVSS5.8AI score0.0026EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/11 12:0 a.m.•6 views

traefik -- TCP readTimeout bypass via STARTTLS on Postgres

The traefik project reports: There is a potential vulnerability in Traefik managing STARTTLS requests. An unauthenticated client can bypass Traefik entrypoint respondingTimeouts.readTimeout by sending the 8-byte Postgres SSLRequest STARTTLS prelude and then stalling, causing connections to remain...

7.5CVSS5.6AI score0.00709EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•8 views

png -- CWE-122: Heap-based Buffer Overflow

https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3 reports: LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the...

8.3CVSS5.6AI score0.00955EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•6 views

MongoDB Server -- CWE-704 Incorrect Type Conversion or Cast

https://jira.mongodb.org/browse/SERVER-113685 reports: An authorized user may disable the MongoDB server by issuing a query against a collection that contains an invalid compound wildcard index...

7.1CVSS5.5AI score0.0024EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•6 views

Gitlab -- vulnerabilities

Gitlab reports: Incomplete Validation issue in Web IDE impacts GitLab CE/EE Denial of Service issue in GraphQL introspection impacts GitLab CE/EE Denial of Service issue in JSON validation middleware impacts GitLab CE/EE Cross-site Scripting issue in Code Flow impacts GitLab CE/EE HTML Injection...

9.1CVSS5.7AI score0.004EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•5 views

MongoDB Server -- CWE-617 Reachable Assertion

https://jira.mongodb.org/browse/SERVER-99119 reports: An authorized user may trigger a server crash by running a $geoNear pipeline with certain invalid index hints...

7.1CVSS5.5AI score0.0024EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•6 views

FreeBSD -- blocklistd(8) socket leak

Problem Description: Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null...

7.5CVSS5.6AI score0.00359EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•6 views

MongoDB Server -- Multiple vulnerabilities

https://jira.mongodb.org/browse/SERVER-114126 reports: Complex queries can cause excessive memory usage in MongoDB Query Planner resulting in an Out-Of-Memory Crash. https://jira.mongodb.org/browse/SERVER-102364 reports: MongoDB Server may experience an out-of-memory failure while evaluating...

7.5CVSS5.5AI score0.00272EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2026/02/10 12:0 a.m.•5 views

munge -- CWE-787: Out-of-bounds Write

https://github.com/dun/munge/security/advisories/GHSA-r9cr-jf4v-75gh reports: MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can exploit a buffer overflow vulnerability in munged the MUNGE authentication daemon to leak...

7.8CVSS6.1AI score0.00302EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/08 12:0 a.m.•7 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Unspecified CSS injection vulnerability. Remote image blocking bypass via SVG content...

5.3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/02/05 12:0 a.m.•9 views

oauth2-proxy -- multiple vulnerabilities

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed...

10CVSS7.1AI score0.00765EPSS
Exploits1
FreeBSD
FreeBSD
•added 2026/02/03 12:0 a.m.•5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 478942410 High CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google on 2026-01-26 479726070 High CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng @ret2happy on 2026-01-29...

8.8CVSS5.8AI score0.00579EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/02/03 12:0 a.m.•8 views

navidrome -- multiple vulnerabilities

An XSS vulnerability in the frontend allows a malicious attacker to inject code through the comment metadata of a song to exfiltrate user credentials. Authenticated users can crash the Navidrome server by supplying an excessively large size parameter to /rest/getCoverArt or to a shared-image URL...

9.2CVSS5.5AI score0.00455EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2026/02/02 12:0 a.m.•5 views

qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 7 security bugs in Chromium: CVE-2025-13638: Prevent media element GC in callbacks in WebMediaPlayerMS CVE-2025-13639: Improve validation of SDP direction in remote description CVE-2025-13720: Avoid downcasting Hash and Integrity reports...

8.8CVSS8AI score0.22359EPSS
Exploits11References1
FreeBSD
FreeBSD
•added 2026/01/31 12:0 a.m.•7 views

expat -- multiple vulnerabilities

expat team reports: Update contains 2 security fixes: CVE-2026-24515: NULL dereference in function XMLExternalEntityParserCreate CVE-2026-25210: missing check for integer overflow in function doContent...

7.8CVSS5.5AI score0.00193EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/01/29 12:0 a.m.•29 views

qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...

9.8CVSS7.3AI score0.2202EPSS
Exploits17References1
FreeBSD
FreeBSD
•added 2026/01/29 12:0 a.m.•8 views

zeek -- potential DoS vulnerability

Tim Wojtulewicz of Corelight reports: Zeek's HTTP analyzer can be tricked into interpreting Transfer-Encoding or Content-Length headers set in MIME entities within HTTP bodies and change the analyzer behavior...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/27 12:0 a.m.•6 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 474435504 High CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera @lbherrera on 2026-01-09...

6.5CVSS5.9AI score0.00224EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/01/27 12:0 a.m.•6 views

FreeBSD -- Jail escape by a privileged user via nullfs

Problem Description: By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the...

8.8CVSS5.9AI score0.00112EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/01/27 12:0 a.m.•7 views

Firefox -- Multiple vulnerabilities

https://bugzilla.mozilla.org/showbug.cgi?id=2007302 reports: Mitigation bypass in the Privacy: Anti-Tracking component. Use-after-free in the Layout: Scrolling and Overflow component...

8.8CVSS5.9AI score0.00232EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/01/27 12:0 a.m.•19 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...

9.8CVSS6AI score0.47621EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2026/01/22 12:0 a.m.•10 views

wheel -- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx reports: wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.46.1 and below, the unpack function is vulnerable to file permission modification through mishandling of file...

7.1CVSS6.1AI score0.00311EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2026/01/21 12:0 a.m.•9 views

Gitlab -- vulnerabilities

Gitlab reports: Denial of Service issue in Jira Connect integration impacts GitLab CE/EE Incorrect Authorization issue in Releases API impacts GitLab CE/EE Unchecked Return Value issue in authentication services impacts GitLab CE/EE Infinite Loop issue in Wiki redirects impacts GitLab CE/EE Denia...

7.5CVSS5.8AI score0.00846EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/20 12:0 a.m.•5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 473851441 High CVE-2026-1220: Race in V8. Reported by @p1nky4745 on 2026-01-07...

7.5CVSS5.4AI score0.00297EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/01/20 12:0 a.m.•9 views

MySQL -- Multiple vulnerabilities

Oracle reports: Oracle reports multiple vulnerabilities in its MySQL server products...

6.5CVSS5.4AI score0.00337EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/20 12:0 a.m.•12 views

Python -- imaplib module, when passed a user-controlled command, can have additional commands injected using newlines

Python Software Foundation Security Developer reports: The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

5.9CVSS7.1AI score0.00315EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/20 12:0 a.m.•13 views

Python -- poplib module, when passed a user-controlled command, can have additional commands injected using newlines

Python Software Foundation Security Developer reports: The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters...

5.9CVSS7.1AI score0.00315EPSS
Exploits0References1
Total number of security vulnerabilities6577