Lucene search
K
FreebsdRecent

6577 matches found

FreeBSD
FreeBSD
•added 2026/01/18 12:0 a.m.•5 views

mail/mailpit -- multiple vulnerabilities

Mailpit author reports: Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection GHSA-54wq-72mp-cq7c Prevent Server-Side Request Forgery SSRF via HTML Check API GHSA-6jxm-fv7w-rw5j...

7.5CVSS5.9AI score0.01441EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2026/01/16 12:0 a.m.•13 views

python -- several security vulnerabilities

The Python project announces a new release with several security fixes: CVE-2026-1299: gh-144125: BytesGenerator will now refuse to serialize write headers that are unsafely folded or delimited; see verifygeneratedheaders. Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650. gh-143935:...

6CVSS5.3AI score0.0056EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/16 12:0 a.m.•6 views

oauth2-proxy -- multiple vulnerabilities

Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can...

7.5CVSS8.7AI score0.00459EPSS
Exploits2
FreeBSD
FreeBSD
•added 2026/01/15 12:0 a.m.•5 views

traefik -- ACME TLS-ALPN fast path potential DoS

The traefik project reports: There is a potential vulnerability in Traefik ACME TLS certificates' automatic generation: the ACME TLS-ALPN fast path can allow unauthenticated clients to tie up goroutines and file descriptors indefinitely when the ACME TLS challenge is enabled.A malicious client ca...

7.5CVSS5.3AI score0.00321EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/13 12:0 a.m.•8 views

Mozilla -- multiple vulnerabilities

Memory safety bugs present in firefox-esr 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. Clickjacking issue and information disclosure in the PDF Viewer component. Use-after-free in the JavaScript: GC component...

9.8CVSS5.9AI score0.00423EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/01/13 12:0 a.m.•8 views

Mozilla -- multiple vulnerabilities

Incorrect boundary conditions in the Graphics component. Use-after-free in the IPC component. Sandbox escape due to integer overflow in the Graphics component. Sandbox escape due to incorrect boundary conditions in the Graphics component. Mitigation bypass in the DOM: Security component...

9.8CVSS7.3AI score0.0057EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/01/13 12:0 a.m.•8 views

Mozilla -- multiple vulnerabilities

Memory safety bugs present in Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. Denial-of-service in the DOM: Service Workers component. Information...

10CVSS7.4AI score0.00537EPSS
Exploits1
FreeBSD
FreeBSD
•added 2026/01/13 12:0 a.m.•8 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 10 security fixes: 458914193 High CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745 on 2025-11-08 465730465 High CVE-2026-0900: Inappropriate implementation in V8. Reported by Google on 2025-12-03 40057499 High CVE-2026-0901:...

9.8CVSS7.2AI score0.00382EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/10 12:0 a.m.•8 views

mail/mailpit -- Cross-Site WebSocket Hijacking

Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailp...

6.5CVSS6.8AI score0.00208EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2026/01/10 12:0 a.m.•6 views

virtualenv -- CWE-59: Improper Link Resolution Before File Access ('Link Following')

https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986 reports: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attac...

4.5CVSS6.5AI score0.00085EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/07 12:0 a.m.•5 views

libtasn1 -- Stack-based buffer overflow

oss-security@ list reports: Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...

7.5CVSS7.1AI score0.01109EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/07 12:0 a.m.•6 views

Gitlab -- vulnerabilities

Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE Cross-site Scripting issue in Web IDE impacts GitLab CE/EE Missing Authorization issue in Duo Workflows API impacts GitLab EE Missing Authorization issue in AI GraphQL mutation impacts...

9.6CVSS6.4AI score0.0062EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/06 12:0 a.m.•11 views

curl -- Multiple vulnerabilities

The curl project reports: Multiple vulnerabilities...

6.3CVSS5.8AI score0.00679EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2026/01/06 12:0 a.m.•8 views

mail/mailpit -- Server-Side Request Forgery

Mailpit author reports: A Server-Side Request Forgery SSRF vulnerability exists in Mailpit's /proxy endpoint that allows attackers to make requests to internal network resources. The /proxy endpoint allows requests to internal network resources. While it validates http:// and https:// schemes, it...

5.8CVSS7AI score0.00755EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2026/01/06 12:0 a.m.•11 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 1 security fix: 463155954 High CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman on 2025-11-23...

8.8CVSS7AI score0.06545EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2025/12/30 12:0 a.m.•8 views

security/libsodium -- crypto_core_ed25519_is_valid_point mishandles checks for whether an elliptic curve point is valid

Libsodium maintainer reports: The function cryptocoreed25519isvalidpoint, a low-level function used to check if a given elliptic curve point is valid, was supposed to reject points that aren't in the main cryptographic group, but some points were slipping through...

4.5CVSS6.6AI score0.00166EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/29 12:0 a.m.•9 views

phpmyfaq -- multiple vulnerabilities

phpMyFAQ team reports: Stored cross-site scripting XSS and unauthenticated config backup download vulnerability...

6.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/27 12:0 a.m.•6 views

gstreamer1-plugins-bad -- Out-of-bounds reads in MIDI parser

The GStreamer Security Center reports: Multiple out-of-bounds reads in the MIDI parser that can cause crashes for certain input files...

7.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/25 12:0 a.m.•6 views

Forgejo -- Symbolic Link (Symlink) Following

https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template...

9.5CVSS7AI score0.00489EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/23 12:0 a.m.•10 views

net-mgmt/net-snmp -- Remote Code Execution (snmptrapd)

net-snmp development team reports: A specially crafted packet to an net-snmp snmptrapd daemon can cause a buffer overflow and the daemon to crash...

9.8CVSS7.4AI score0.4269EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2025/12/23 12:0 a.m.•5 views

fluidsynth -- Use after free when using DLS files

The fluidsynth authors report: A race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memory, if the synthesizer is being concurrently destroyed, or samples of the unloaded...

7CVSS7.5AI score0.00179EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/12/20 12:0 a.m.•5 views

smb4k -- Critical vulnerabilities in Mount Helper

vulndb reports: A vulnerability, which was classified as critical, was found in smb4k up to 4.0.4. Affected is some unknown functionality of the component Mount Helper. The manipulation with an unknown input leads to a access control vulnerability. CWE is classifying the issue as CWE-284. The...

7.3CVSS6.3AI score0.00144EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2025/12/19 12:0 a.m.•12 views

MongoDB -- Improper Handling of Length Parameter Inconsistency

https://jira.mongodb.org/browse/SERVER-115508 reports: Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client...

8.7CVSS6.8AI score0.83007EPSS
Exploits39References1
FreeBSD
FreeBSD
•added 2025/12/18 12:0 a.m.•4 views

Firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=2000597 reports: Use-after-free in the Disability Access APIs component...

9.8CVSS6.7AI score0.00265EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/18 12:0 a.m.•5 views

Firefox -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1996570%2C1999700 reports: Memory safety bugs present in Firefox 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.8CVSS7.3AI score0.00208EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/16 12:0 a.m.•5 views

FreeBSD -- Remote code execution via ND6 Router Advertisements

Problem Description: The rtsol8 and rtsold8 programs do not validate the domain search list options provided in router advertisement messages; the option body is passed to resolvconf8 unmodified. resolvconf8 is a shell script which does not validate its input. A lack of quoting meant that shell...

7.2CVSS7.7AI score0.06272EPSS
Exploits7
FreeBSD
FreeBSD
•added 2025/12/16 12:0 a.m.•5 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 448294721 High CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous on 2025-09-30 466786677 High CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim on 2025-12-08...

8.8CVSS7.2AI score0.0281EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/16 12:0 a.m.•9 views

FreeBSD -- ipfw denial of service

Problem Description: In some cases, the tcp-setmss handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. Impact: Maliciously crafted packe...

7.5CVSS7AI score0.01097EPSS
Exploits0
FreeBSD
FreeBSD
•added 2025/12/14 12:0 a.m.•10 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: Cross-Site-Scripting vulnerability via SVG’s animate tag Information Disclosure vulnerability in the HTML style sanitizer...

6.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/11 12:0 a.m.•12 views

github-release-monitor -- multiple vulnerabilities

https://nextjs.org/blog/security-update-2025-12-11 reports: Description Medium Source Code Exposure: CVE-2025-55183 A specifically crafted HTTP request can cause a Server Function to return the compiled source code of other Server Functions in your application. This could reveal business logic...

7.5CVSS7.2AI score0.65592EPSS
Exploits13References1
FreeBSD
FreeBSD
•added 2025/12/10 12:0 a.m.•4 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 3 security fixes: 466192044 High: Under coordination. 460599518 Medium CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang @Krace of VRI on 2025-11-14 461532432 Medium CVE-2025-14373: Inappropriate implementation in Toolbar...

6.1CVSS7.1AI score0.00272EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/10 12:0 a.m.•8 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description High SECURITY-3630 / CVE-2025-67635 Denial of service vulnerability in HTTP-based CLI Medium SECURITY-1809 / CVE-2025-67636 Missing permission check on password fields Medium SECURITY-783 / CVE-2025-67637 storage, CVE-2025-67638 masking Build authorization...

7.5CVSS7AI score0.00506EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/10 12:0 a.m.•9 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site scripting issue in Wiki impacts GitLab CE/EE Improper encoding in vulnerability reports impacts GitLab CE/EE Cross-site scripting issue in Swagger UI impacts GitLab CE/EE Denial of service issue in GraphQL endpoints impacts GitLab CE/EE Authentication bypass issue for...

8.7CVSS6.9AI score0.0076EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•7 views

MongoDB Server -- Improper Locking

https://jira.mongodb.org/browse/SERVER-106075 reports: A post-authenticationflaw in the network two-phase commit protocol used for cross-shard transactions in MongoDB Server may lead to logical data inconsistencies under specific conditions which are not predictable and exist for a very short...

5.4CVSS6.9AI score0.00192EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•6 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1963153%2C1985058%2C1995637%2C1997118 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

7.3CVSS7.5AI score0.00265EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•8 views

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1840666 reports: Use-after-free in the Audio/Video: GMP component...

9.8CVSS7AI score0.00394EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•11 views

Mozilla -- Sandbox escape

https://bugzilla.mozilla.org/showbug.cgi?id=1996473 reports: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...

8CVSS7AI score0.00276EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•4 views

Mozilla -- Privilege escalation

https://bugzilla.mozilla.org/showbug.cgi?id=1996761 reports: Privilege escalation in the Netmonitor component...

8.8CVSS7.2AI score0.00334EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•5 views

Mozilla -- JIT miscompilation in the JavaScript Engine: JIT component

https://bugzilla.mozilla.org/showbug.cgi?id=1997503 reports: JIT miscompilation in the JavaScript Engine: JIT component...

9.8CVSS7AI score0.00422EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•9 views

Mozilla -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1992760 reports: Use-after-free in the WebRTC: Signaling component...

9.8CVSS7AI score0.00498EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•9 views

Mozilla -- JIT miscompilation

https://bugzilla.mozilla.org/showbug.cgi?id=1998050 reports: JIT miscompilation in the JavaScript Engine: JIT component...

9.8CVSS7AI score0.00481EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•6 views

Mozilla -- Privilege escalation

https://bugzilla.mozilla.org/showbug.cgi?id=1996555 reports: Privilege escalation in the DOM: Notifications component...

8.8CVSS7.2AI score0.00344EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•6 views

Mozilla -- Spoofing issue

https://bugzilla.mozilla.org/showbug.cgi?id=1970743 reports: Spoofing issue in the Downloads Panel component...

7.5CVSS7AI score0.00338EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•9 views

Mozilla -- Privilege escalation

https://bugzilla.mozilla.org/showbug.cgi?id=1997018 reports: Privilege escalation in the Netmonitor component...

8.8CVSS7.2AI score0.00334EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•7 views

Mozilla -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2000218 reports: Same-origin policy bypass in the Request Handling component...

6.5CVSS7AI score0.00156EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/09 12:0 a.m.•7 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=1966501%2C1997639 reports: Memory safety bugs. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

8.1CVSS7.5AI score0.00376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/08 12:0 a.m.•25 views

traefik -- Bypassing security controls via special characters

The traefik project reports: There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path; if the request path contains an encoded restricted...

6.9CVSS6.9AI score0.00331EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2025/12/08 12:0 a.m.•7 views

powerdns-recursor -- Denial of Service

PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial of service in Recursor 2025-08: Insufficient validation of incoming notifies over TCP can lead to a denial of service in Recursor 2026-01: Crafted zones can lead to increased resource usage in Recursor...

7.5CVSS5.5AI score0.00486EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2025/12/08 12:0 a.m.•6 views

c-ares -- Use After Free

https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5 reports: c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed i...

5.9CVSS6.9AI score0.0039EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/12/08 12:0 a.m.•5 views

traefik -- Inverted TLS Verification Logic in Kubernetes NGINX Provider

The traefik project reports: There is a potential vulnerability in Traefik NGINX provider managing the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. The provider inverts the semantics of the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" intendi...

5.9CVSS6.8AI score0.00205EPSS
Exploits0References1
Total number of security vulnerabilities6577