Lucene search
K
OsvMost viewed

907610 matches found

OSV
OSV
•added 2019/01/09 5:29 a.m.•68 views

CVE-2016-10735

In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041...

6.1CVSS5.9AI score
Exploits0References13
OSV
OSV
•added 2018/07/12 8:29 p.m.•68 views

GHSA-8JXQ-75RW-FHJ9 Eve allows execution of arbitrary code

io/mongo/parser.py in Eve aka pyeve before 0.7.5 allows remote attackers to execute arbitrary code via Code Injection in the where parameter...

9.8CVSS9.9AI score0.05215EPSS
Exploits0References6
OSV
OSV
•added 2017/11/07 12:0 a.m.•68 views

DLA-1166-1 tomcat7 - security update

Bulletin has no description...

8.1CVSS6.9AI score0.99988EPSS
Exploits23
OSV
OSV
•added 2016/07/19 2:0 a.m.•68 views

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary...

8.1CVSS6.9AI score
Exploits0References54
OSV
OSV
•added 2015/01/06 12:0 a.m.•68 views

DSA-3120-1 mantis - security update

Bulletin has no description...

7.5CVSS5.3AI score0.50561EPSS
Exploits16
OSV
OSV
•added 2014/09/25 12:0 a.m.•68 views

DSA-3035-1 bash - security update

Bulletin has no description...

10CVSS9.9AI score0.9994EPSS
Exploits19
OSV
OSV
•added 2006/03/21 12:0 a.m.•68 views

DSA-1010-1 ilohamail - missing input sanitising

Bulletin has no description...

4.3CVSS6.8AI score0.01404EPSS
Exploits0
OSV
OSV
•added 2024/05/03 8:29 p.m.•67 views

GHSA-384W-WFFR-X63Q Pterodactyl panel's admin area vulnerable to Cross-site Scripting

Impact Importing a malicious egg or gaining access to wings instance could lead to XSS on the panel, which could be used to gain an administrator account on the panel. Specifically, the following things are impacted: - Egg Docker images - Egg variables: - Name - Environment variable - Default val...

6.1CVSS6.2AI score0.00457EPSS
Exploits0References6
OSV
OSV
•added 2024/04/26 12:30 a.m.•67 views

GHSA-6C5P-J8VQ-PQHJ python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

9.3CVSS7AI score0.00307EPSS
Exploits1References5
OSV
OSV
•added 2024/03/06 11:23 a.m.•67 views

BIT-GITLAB-2020-10085

GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles...

5.3CVSS5AI score0.00929EPSS
Exploits0References3
OSV
OSV
•added 2024/03/06 10:52 a.m.•67 views

BIT-APACHE-2022-28614 read beyond bounds via ap_rwrite()

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

5.3CVSS7.1AI score0.04428EPSS
Exploits0References7
OSV
OSV
•added 2024/03/04 5:29 p.m.•67 views

GO-2024-2587 SQL injection in github.com/apache/age/drivers/golang

SQL injection in github.com/apache/age/drivers/golang...

8.1CVSS8.4AI score0.00948EPSS
Exploits0References2
OSV
OSV
•added 2024/02/09 9:15 a.m.•67 views

CVE-2024-25674

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type...

9.8CVSS7.2AI score
Exploits0References2
OSV
OSV
•added 2023/11/02 10:4 p.m.•67 views

GO-2023-2162 SQL Injection in List Endpoints in github.com/flyteorg/flyteadmin

A malicious user can send a REST request to a List endpoint with filters that contain custom SQL statements. This can result in SQL injection...

8.8CVSS6.4AI score0.00929EPSS
Exploits0References1
OSV
OSV
•added 2023/09/13 3:44 p.m.•67 views

GHSA-4W8R-3XRW-V25G Craft CMS Remote Code Execution vulnerability

Impact This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. Mitigations This has been fixed in Craft 4.4.15. You should ensure you’re running at least that version. Refresh you...

10CVSS9.4AI score0.92918EPSS
Exploits10References9
OSV
OSV
•added 2023/08/22 7:16 p.m.•67 views

CVE-2022-48174

There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution...

9.8CVSS8.2AI score
Exploits0References3
OSV
OSV
•added 2023/02/18 12:0 a.m.•67 views

DSA-5354-1 snort - security update

Bulletin has no description...

8.6CVSS5.8AI score0.02367EPSS
Exploits0
OSV
OSV
•added 2022/12/02 10:25 p.m.•67 views

GHSA-RP2V-V467-Q9VQ GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package

Impact Running GuardDog against a specially-crafted package can allow an attacker to write an arbitrary file on the machine where GuardDog is executed. This is due to a path traversal vulnerability when extracting the .tar.gz file of the package being scanned, which exists by design in the...

5.8CVSS6.6AI score0.0059EPSS
Exploits0References7
OSV
OSV
•added 2022/11/08 4:49 p.m.•67 views

GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd

Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...

9.8CVSS9.2AI score0.01195EPSS
Exploits1References4
OSV
OSV
•added 2022/10/01 12:0 a.m.•67 views

ASB-A-195410559

In btadmremovedevice of btadmact.cc, there is a possible way for a BT device to receive a long term trackable identifier due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

6.3AI score
Exploits0References3
OSV
OSV
•added 2022/07/15 3:28 p.m.•67 views

GHSA-RPXG-HG79-H8Q9 SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3...

9.8CVSS9.9AI score0.25824EPSS
Exploits0References3
OSV
OSV
•added 2022/07/13 12:0 a.m.•67 views

GHSA-64X4-9HC6-R2H6 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS4.9AI score0.005EPSS
Exploits0References4
OSV
OSV
•added 2022/06/09 1:15 p.m.•67 views

PYSEC-2022-206

OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowedidps...

6.5CVSS1.5AI score0.00434EPSS
Exploits0References1
OSV
OSV
•added 2022/05/24 5:0 p.m.•67 views

GHSA-RJ7P-RFGP-852X Loop with Unreachable Exit Condition in Apache Thrift

In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings...

7.5CVSS8.2AI score0.09082EPSS
Exploits0References43
OSV
OSV
•added 2022/05/13 1:39 a.m.•67 views

GHSA-RJ4P-7MM6-GM9J JBossWS vulnerable to uncontrolled recursion

DOMUtils.java in org.jboss.ws:jbossws-common does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service memory and CPU consumption via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested...

5CVSS7AI score0.02664EPSS
Exploits0References4
OSV
OSV
•added 2021/11/23 6:18 p.m.•67 views

GHSA-RHF5-F553-XG82 Password exposure in concrete5/core

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...

7.5CVSS7.6AI score0.01075EPSS
Exploits0References3
OSV
OSV
•added 2021/06/16 5:4 p.m.•67 views

GHSA-WPH3-44RJ-92PR elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE

Impact We recently fixed several vulnerabilities affect elFinder 2.1.58. These vulnerabilities can allow an attacker to execute arbitrary code and commands on the server hosting the elFinder PHP connector, even with the minimal configuration. Patches The issues were addressed in our last release,...

9.8CVSS9.4AI score0.69934EPSS
Exploits5References7
OSV
OSV
•added 2020/08/31 12:0 a.m.•67 views

DSA-4757-1 apache2 - security update

Bulletin has no description...

9.8CVSS7.8AI score0.90039EPSS
Exploits4
OSV
OSV
•added 2019/09/17 8:45 a.m.•67 views

ALSA-2019:2799 Important: nginx:1.14 security update

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 Post Office Protocol 3 and IMAP protocols, with a focus on high concurrency, performance and low memory usage. Security Fixes: HTTP/2: large amount of data request leads to denial of service CVE-2019-9511 HTTP/2: flood using...

7.8CVSS7.4AI score0.82017EPSS
Exploits0References4
OSV
OSV
•added 2018/10/19 4:55 p.m.•67 views

GHSA-MCFM-H73V-635M Undertow-core vulnerable to HTTP Request Smuggling

It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating t...

6.5CVSS6.1AI score0.02712EPSS
Exploits0References2
OSV
OSV
•added 2018/01/15 4:29 p.m.•67 views

CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id which is not a forbidden header for Fetch for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS...

8.8CVSS8AI score
Exploits0References7
OSV
OSV
•added 2017/11/20 3:29 p.m.•67 views

CVE-2017-16544

In the addmatch function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code...

8.8CVSS2.7AI score0.0624EPSS
Exploits12References20
OSV
OSV
•added 2015/01/19 12:0 a.m.•67 views

DSA-3132-1 icedove - security update

Bulletin has no description...

7.5CVSS9.5AI score0.03861EPSS
Exploits0
OSV
OSV
•added 2014/11/26 12:0 a.m.•67 views

DSA-3077-1 openjdk-6 - security update

Bulletin has no description...

6.8CVSS4.9AI score0.04102EPSS
Exploits0
OSV
OSV
•added 2014/06/05 12:0 a.m.•67 views

DLA-0003-1 openssl - security update

Bulletin has no description...

7.4CVSS6.8AI score0.99977EPSS
Exploits14
OSV
OSV
•added 2008/01/13 12:0 a.m.•67 views

DSA-1460-1 postgresql-8.1 - several

Bulletin has no description...

7.2CVSS7.3AI score0.03855EPSS
Exploits3
OSV
OSV
•added 2026/06/17 8:17 p.m.•66 views

UBUNTU-CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

9.2CVSS7.5AI score0.00732EPSS
Exploits10References4
OSV
OSV
•added 2024/09/18 12:0 a.m.•66 views

DLA-3891-1 mariadb-10.5 - security update

Bulletin has no description...

4.9CVSS5.6AI score0.00424EPSS
Exploits0
OSV
OSV
•added 2024/09/13 10:0 p.m.•66 views

RHSA-2019:2519 Red Hat Security Advisory: rh-php71-php security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS7.7AI score0.87883EPSS
Exploits30References135
OSV
OSV
•added 2024/06/25 1:33 p.m.•66 views

MAL-2024-4924 Malicious code in coloramas (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
•added 2024/06/25 1:30 p.m.•66 views

MAL-2024-4544 Malicious code in MetаMаsk.Blazor (NuGet)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
•added 2024/05/14 6:40 p.m.•66 views

CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

9CVSS7.6AI score0.25334EPSS
Exploits32References10
OSV
OSV
•added 2024/04/09 1:15 a.m.•66 views

CVE-2024-27983

An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a T...

6.5AI score
Exploits0References5
OSV
OSV
•added 2024/04/04 8:15 p.m.•66 views

CVE-2024-27316

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion...

7.5CVSS6.7AI score
Exploits0References10
OSV
OSV
•added 2024/01/02 12:0 a.m.•66 views

ALSA-2024:0001 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.6.0. Security Fixes: Mozilla: Heap-buffer-overflow affecting WebGL DrawElementsInstanced method with Mesa VM driver CVE-2023-6856 Mozilla: Memory safety bugs fixed in Firefox 121, Firefo...

8.8CVSS8.8AI score0.20472EPSS
Exploits0References24
OSV
OSV
•added 2023/11/28 11:28 p.m.•66 views

GHSA-4GRX-2X9W-596C Marvin Attack: potential key recovery through timing sidechannels

The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key. A recent survey of RSA implementations found that the Rust rsa...

5.9CVSS5.4AI score0.00605EPSS
Exploits0References5
OSV
OSV
•added 2023/08/27 2:0 p.m.•66 views

OSV-2023-745 Heap-buffer-overflow in pcpp::SomeIpSdLayer::isDataValid

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61774 Crash type: Heap-buffer-overflow READ 4 Crash state: pcpp::SomeIpSdLayer::isDataValid pcpp::SomeIpLayer::parseSomeIpLayer pcpp::UdpLayer::parseNextLayer...

7.2AI score
Exploits0References1
OSV
OSV
•added 2023/05/25 10:15 p.m.•66 views

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...

6.5CVSS7.2AI score0.012EPSS
Exploits1References6
OSV
OSV
•added 2023/03/29 12:0 a.m.•66 views

DLA-3371-1 unbound - security update

Bulletin has no description...

7.5CVSS7AI score0.01259EPSS
Exploits0
OSV
OSV
•added 2023/03/13 3:30 a.m.•66 views

GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS9.2AI score0.01421EPSS
Exploits0References6
Total number of security vulnerabilities5000