Lucene search
K
OsvMost viewed

910807 matches found

OSV
OSV
added 2023/03/07 4:15 p.m.359 views

CVE-2023-27522

HTTP Response Smuggling vulnerability in Apache HTTP Server via modproxyuwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55. Special characters in the origin response header can truncate/split the response forwarded to the client...

7.5CVSS8.7AI score
Exploits0References3
OSV
OSV
added 2024/03/06 10:50 a.m.358 views

BIT-APACHE-2023-45802 Apache HTTP Server: HTTP/2 stream memory not reclaimed right away on RST

When a HTTP/2 stream was reset RST frame by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing...

5.9CVSS7.9AI score0.03024EPSS
Exploits1References7
OSV
OSV
added 2022/01/27 2:51 p.m.358 views

GHSA-4RMR-C2JX-VX27 Mustache remote code injection vulnerability

In Mustache.php v2.0.0 through v2.14.0, Sections tag can lead to arbitrary php code execution even if strictcallables is true when section value is controllable...

8.8CVSS8.8AI score0.00691EPSS
Exploits1References6
OSV
OSV
added 2022/02/09 10:22 p.m.351 views

GHSA-R8F7-9PFQ-MJMV Improper Certificate Validation in node-sass

Certificate validation in node-sass 2.0.0 to 6.0.1 is disabled when requesting binaries even if the user is not specifying an alternative download path...

5.3CVSS5.3AI score0.0082EPSS
Exploits0References7
OSV
OSV
added 2021/08/25 2:45 p.m.340 views

GHSA-Q7CG-43MG-QP69 ASP.NET Core Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1 and .NET Core 2.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerabilit...

5.5CVSS6.1AI score0.01121EPSS
Exploits0References4
OSV
OSV
added 2020/10/19 10:15 p.m.334 views

CVE-2020-15261

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges. Since Veyon users both students and teachers usually don't have...

6.7CVSS6.5AI score
Exploits0References6
OSV
OSV
added 2021/08/30 4:12 p.m.333 views

GHSA-79MG-4W23-4FQC Unauthenticated SQL Injection in Cachet

Impact In Cachet versions through 2.3.18, there is a SQL injection which is in the SearchableTraitscopeSearch. Attackers without authentication can utilize this vulnerability to exfiltrate sensitive data from the database such as administrator's password and session. Patches The original reposito...

8.1CVSS7.4AI score0.09752EPSS
Exploits2References3
OSV
OSV
added 2021/12/08 7:57 p.m.327 views

GHSA-66HF-2P6W-JQFW Laravel Framework XSS in Blade templating engine

A security researcher has disclosed a possible XSS vulnerability in the Blade templating engine. Given the following two Blade templates: resources/views/parent.blade.php: html @section'content' @show resources/views/child.blade.php: html @extends'parent' @section'content' @endsection And a route...

6.1CVSS5.8AI score0.00799EPSS
Exploits1References12
OSV
OSV
added 2020/12/18 10:51 p.m.327 views

GHSA-63Q7-H895-M982 Cross-site Scripting in dompurify

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

6.1CVSS6.2AI score0.04881EPSS
Exploits1References9
OSV
OSV
added 2024/05/29 7:32 a.m.325 views

BIT-GITLAB-2023-6502 Inefficient Regular Expression Complexity in GitLab

A Denial of Service DoS condition has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. It is possible for an attacker to cause a denial of service using a crafted wiki page...

6.5CVSS5AI score0.00505EPSS
Exploits0References3
OSV
OSV
added 2016/03/03 12:0 a.m.322 views

DSA-3503-1 linux - security update

Bulletin has no description...

10CVSS6.8AI score0.14281EPSS
Exploits10
OSV
OSV
added 2024/05/29 7:18 a.m.321 views

BIT-GITLAB-2024-5318 Missing Authorization in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

5.3CVSS4.3AI score0.00366EPSS
Exploits1References3
OSV
OSV
added 2023/04/27 7:20 p.m.321 views

MAL-2023-462 Malicious code in fsevents (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware acdc3ae57250fab51aeff6e3938ed40197a1b74eb688a72cd5d7eee0c77a7167 This advisory is intended to inform the npm ecosystem with details to resolve a third-party malware incident that may have impacted your infrastructure i...

7AI score
Exploits0References3
OSV
OSV
added 2024/05/29 7:19 a.m.318 views

BIT-GITLAB-2024-5258 Authorization Bypass Through User-Controlled Key in GitLab

An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1 where an authenticated attacker could utilize a crafted naming convention to bypass pipeline authorization logic...

4.4CVSS4.1AI score0.00275EPSS
Exploits1References2
OSV
OSV
added 2020/01/07 5:20 p.m.317 views

GHSA-F884-GM86-CG3Q PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841

Impact We have identified that some psfacetedsearch module ZIP archives have been built with phpunit dev dependencies. PHPUnit contains a php script that would allow, on a webserver, an attacker to perform a RCE. This vulnerability impacts - phpunit before 4.8.28 and 5.x before 5.6.3 as reported ...

9AI score
Exploits0References2
OSV
OSV
added 2025/10/09 6:5 a.m.316 views

BELL-CVE-2025-61985

Bulletin has no description...

3.6CVSS7AI score0.00113EPSS
Exploits0References1
OSV
OSV
added 2024/12/24 7:12 p.m.315 views

BIT-KAFKA-2024-56128 Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM did not fully adhere to the requirements of RFC 5802 1. Specifically, as per RFC 5802, the serv...

5.3CVSS5.7AI score0.0078EPSS
Exploits0References6
OSV
OSV
added 2020/12/23 12:0 a.m.312 views

DLA-2506-1 awstats - security update

Bulletin has no description...

9.8CVSS7AI score0.02909EPSS
Exploits1
OSV
OSV
added 2024/05/24 7:19 a.m.306 views

BIT-GITLAB-2024-4539 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2 where abusing the API to filter branch and tags could lead to Denial of Service...

6.5CVSS5.1AI score0.00768EPSS
Exploits0References2
OSV
OSV
added 2020/11/16 8:7 p.m.304 views

GHSA-MW36-7C6C-Q4Q2 XStream can be used for Remote Code Execution

Impact The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Patches If you rely on XStream's default blacklist of the Security Framework, you will have to use at least version 1.4.14. Workarounds No user is affected, who...

8CVSS9.1AI score0.85001EPSS
Exploits7References17
OSV
OSV
added 2026/05/30 12:0 a.m.301 views

OPENSUSE-SU-2026:10913-1 golang-github-v2fly-v2ray-core-5.51.2-1.1 on GA media

These are all security issues fixed in the golang-github-v2fly-v2ray-core-5.51.2-1.1 package on the GA media of openSUSE Tumbleweed...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References2
OSV
OSV
added 2020/04/29 10:19 p.m.300 views

GHSA-JPCQ-CGW6-V4J6 Potential XSS vulnerability in jQuery

Impact Passing HTML containing elements from untrusted sources - even after sanitizing them - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Patches This problem is patched in jQuery 3.5.0. Workarounds To workaround this issue without...

6.9CVSS7.2AI score0.8383EPSS
Exploits6References121
OSV
OSV
added 2024/10/09 7:4 a.m.296 views

MAL-2024-9182 Malicious code in script-updated-roblox-redwood-prison-reworked-script-c5bqbv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b78659fb6218288f54c62b3f447a830fb0280c0b956bf43c74841db5510e7955 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/03/06 11:6 a.m.295 views

BIT-GITLAB-2023-3246 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor...

4.3CVSS4.5AI score0.00526EPSS
Exploits0References3
OSV
OSV
added 2023/01/10 10:48 p.m.295 views

GHSA-3244-8MFF-W398 Reflected XSS in Gotify's /docs via import of outdated Swagger UI

Impact Gotify exposes an outdated instance of the Swagger UI API documentation frontend at /docs which is susceptible to reflected XSS attacks when loading external Swagger config files. Specifically, the DOMPurify version included with this version of Swagger UI is vulnerable to a rendering XSS...

6.3AI score
Exploits0References5
OSV
OSV
added 2024/03/06 11:2 a.m.293 views

BIT-GITLAB-2023-3909 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in...

6.5CVSS5.1AI score0.00595EPSS
Exploits0References3
OSV
OSV
added 2024/05/24 7:31 a.m.292 views

BIT-POSTGRESQL-2024-4317 PostgreSQL pg_stats_ext and pg_stats_ext_exprs lack authorization checks

Missing authorization in PostgreSQL built-in views pgstatsext and pgstatsextexprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwi...

4.3CVSS5.1AI score0.00722EPSS
Exploits0References3
OSV
OSV
added 2024/05/24 7:18 a.m.290 views

BIT-GITLAB-2024-4597 Cross-Site Request Forgery (CSRF) in GitLab

An issue has been discovered in GitLab EE affecting all versions from 16.7 before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. An attacker could force a user with an active SAML session to approve an MR via CSRF...

6.5CVSS5.7AI score0.00282EPSS
Exploits0References2
OSV
OSV
added 2018/10/17 8:5 p.m.290 views

GHSA-P5HG-3XM3-GCJG Spring Framework allows applications to expose STOMP over WebSocket endpoints

Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user or attacker can craft a message to...

9.8CVSS9.6AI score0.77245EPSS
Exploits5References20
OSV
OSV
added 2024/03/06 11:5 a.m.289 views

BIT-GITLAB-2023-3399 Insertion of Sensitive Information Into Sent Data in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...

8.5CVSS7.5AI score0.00452EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 11:3 a.m.289 views

BIT-REDMINE-2023-47259

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter...

6.1CVSS5.8AI score0.00397EPSS
Exploits0References2
OSV
OSV
added 2021/04/21 7:38 p.m.287 views

GHSA-GHHP-997W-QR28 .NET Core Remote Code Execution Vulnerability

.NET Core Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-24112. Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0, .NET Core 3.1, and .NET Core 2.1. This advisory also provides guidance on what...

9.8CVSS8.6AI score0.30315EPSS
Exploits0References15
OSV
OSV
added 2024/05/24 7:28 a.m.283 views

BIT-GITLAB-2023-6688 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.11 prior to 16.11.2. A problem with the processing logic for Google Chat Messages integration may lead to a regular expression DoS attack on the server...

6.5CVSS6.2AI score0.00745EPSS
Exploits0References3
OSV
OSV
added 2024/05/24 7:22 a.m.283 views

BIT-GITLAB-2024-2651 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown content...

6.5CVSS6.2AI score0.33301EPSS
Exploits0References3
OSV
OSV
added 2024/01/22 5:15 a.m.282 views

CVE-2024-21484

Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large...

5.9CVSS5.6AI score
Exploits0References7
OSV
OSV
added 2024/05/24 7:22 a.m.281 views

BIT-GITLAB-2024-2454 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request...

6.5CVSS6.2AI score0.33301EPSS
Exploits0References3
OSV
OSV
added 2024/08/05 6:30 a.m.280 views

GHSA-FFXG-5F8M-H72J Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability

A Server-Side Request Forgery SSRF affects Rocket.Chat's Twilio webhook endpoint before version 6.10.1...

8.6CVSS8.6AI score0.03201EPSS
Exploits2References4
OSV
OSV
added 2024/03/06 11:3 a.m.280 views

BIT-REDMINE-2023-47260

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails...

6.1CVSS5.8AI score0.00377EPSS
Exploits0References2
OSV
OSV
added 2023/09/20 10:51 p.m.279 views

GHSA-X4HH-VJM7-G2JV Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Summary Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. Details The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string...

7.5CVSS7.4AI score0.00769EPSS
Exploits1References3
OSV
OSV
added 2022/05/10 8:46 a.m.279 views

GHSA-269Q-HMXG-M83Q Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Description GHSA-5mcr-gq6c-3hq2 CVE-2021-21290 contains an insufficient fix for the vulnerability identified. Impact When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This...

5.5CVSS6.7AI score0.01044EPSS
Exploits1References7
OSV
OSV
added 2024/05/24 7:29 a.m.278 views

BIT-GITLAB-2023-6682 Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. A problem with the processing logic for Discord Integrations Chat Messages can lead to a regular expression DoS...

6.5CVSS6.2AI score0.00745EPSS
Exploits0References3
OSV
OSV
added 2022/07/26 12:0 a.m.278 views

DSA-5192-1 openjdk-17 - security update

Bulletin has no description...

7.5CVSS6.9AI score0.17673EPSS
Exploits2
OSV
OSV
added 2008/12/03 12:0 a.m.278 views

DSA-1679-1 awstats - cross-site scripting

Bulletin has no description...

4.3CVSS5.9AI score0.05597EPSS
Exploits1
OSV
OSV
added 2023/10/25 6:18 a.m.277 views

BIT-2023-4399

Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, Request security is a deny list that allows admins to configure Grafana in a way so that the instance doesn’t call specific hosts.However, the restriction can be bypassed used punycode encoding of the...

7.2CVSS6.8AI score0.01082EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2022/06/20 8:16 p.m.274 views

MAL-2022-4933 Malicious code in npm-cli-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bb10e3aadb85207426e2f19a15effbe518d2292152d572f7bdd6e0f3fd24b0e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2023/10/23 6:18 a.m.270 views

BIT-2023-4822

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

7.2CVSS6.7AI score0.01074EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/08/13 3:21 p.m.270 views

GHSA-4VWW-MC66-62M6 HTTP Request Smuggling in Apache Tomcat

Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer...

5.3CVSS6.4AI score0.75353EPSS
Exploits1References31
OSV
OSV
added 2024/12/16 7:11 a.m.269 views

BIT-GITLAB-2024-8647 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled...

5.4CVSS5.2AI score0.00414EPSS
Exploits1References3
OSV
OSV
added 2024/12/27 7:25 a.m.267 views

BIT-GITLAB-2023-5117 Exposure of Sensitive Information Due to Incompatible Policies in GitLab

An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL...

3.7CVSS3.7AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2009/03/20 12:0 a.m.266 views

DSA-1749-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

10CVSS6.4AI score0.1673EPSS
Exploits12
Total number of security vulnerabilities5000