Lucene search
K
OsvMost viewed

907332 matches found

OSV
OSV
•added 2026/06/17 8:17 p.m.•65 views

UBUNTU-CVE-2026-55200

libssh2 through 1.11.1, fixed in commit 7acf3df contains an out-of-bounds write vulnerability in ssh2transportread that fails to enforce upper bounds on packetlength field. Remote attackers can send crafted SSH packets with excessively large packetlength values to corrupt heap memory and achieve...

9.2CVSS7.5AI score0.00732EPSS
Exploits10References4
OSV
OSV
•added 2026/06/10 8:39 a.m.•65 views

BIT-APACHE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0References3
OSV
OSV
•added 2026/03/31 10:22 p.m.•65 views

GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5
OSV
OSV
•added 2026/02/03 8:53 a.m.•65 views

BIT-PYTHON-2026-1299 email BytesGenerator header injection due to unquoted newlines

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS5.4AI score0.00737EPSS
Exploits0References11
OSV
OSV
•added 2024/11/13 10:13 a.m.•65 views

SUSE-SU-2024:3986-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too bsc1226797. - CVE-2024-41031: mm/filemap: skip to create PMD-sized page...

9.1CVSS7.8AI score0.01367EPSS
Exploits4References597
OSV
OSV
•added 2024/10/02 11:32 a.m.•65 views

RHSA-2023:6818 Red Hat Security Advisory: Satellite 6.14 security and bug fix update

Bulletin has no description...

9.8CVSS8.1AI score0.99999EPSS
Exploits30References422
OSV
OSV
•added 2024/09/18 12:0 a.m.•65 views

DLA-3891-1 mariadb-10.5 - security update

Bulletin has no description...

4.9CVSS5.6AI score0.00424EPSS
Exploits0
OSV
OSV
•added 2024/06/25 1:33 p.m.•65 views

MAL-2024-4924 Malicious code in coloramas (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
•added 2024/06/24 5:4 p.m.•65 views

SUSE-SU-2024:2183-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47497: Fixed shift-out-of-bound UBSAN with byte size cells bsc1225355. - CVE-2021-47500: Fixed trigger reference couting bsc1225360. - CVE-2021-47383: Fiedx...

9.8CVSS8AI score0.17563EPSS
Exploits6References275
OSV
OSV
•added 2024/05/15 9:38 p.m.•65 views

GHSA-H533-5V22-8VCP firebase/php-jwt: "None" Algorithm treated as valid on tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

7.3AI score
Exploits0References5
OSV
OSV
•added 2024/05/14 6:40 p.m.•65 views

CVE-2024-32002 Git's recursive clones on case-insensitive filesystems that support symlinks are susceptible to Remote Code Execution

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory...

9CVSS7.6AI score0.25334EPSS
Exploits32References10
OSV
OSV
•added 2024/03/06 10:53 a.m.•65 views

BIT-APACHE-2022-28330 read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

5.3CVSS7AI score0.03398EPSS
Exploits0References4
OSV
OSV
•added 2023/11/27 5:25 p.m.•65 views

GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

8.2AI score
Exploits0References2
OSV
OSV
•added 2023/05/25 10:15 p.m.•65 views

CVE-2023-2804

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2mergedupsampleinternal function of jdmrgext.c file. The vulnerability can only be exploited with 12-bit data precision for which the range of the sample data type exceeds the valid sample range, hence, an attacker could cra...

6.5CVSS7.2AI score0.012EPSS
Exploits1References6
OSV
OSV
•added 2023/04/24 12:0 a.m.•65 views

DLA-3401-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.7AI score0.8377EPSS
Exploits5
OSV
OSV
•added 2023/03/13 3:30 a.m.•65 views

GHSA-HC6Q-2MPP-QW7J Cross-realm object access in Webpack 5

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object...

9.8CVSS9.2AI score0.01421EPSS
Exploits0References6
OSV
OSV
•added 2022/12/05 12:0 a.m.•65 views

DLA-3222-1 node-fetch - security update

Bulletin has no description...

8.8CVSS7.9AI score0.01646EPSS
Exploits1
OSV
OSV
•added 2022/11/08 4:49 p.m.•65 views

GO-2022-1098 Denial of service in message decoding in github.com/btcsuite/btcd

Erroneous message decoding can cause denial of service. Improper checking of maximum witness size during node message decoding prevented nodes in Lightning Labs lnd before 0.15.2-beta to sync...

9.8CVSS9.2AI score0.01195EPSS
Exploits1References4
OSV
OSV
•added 2022/10/21 12:0 a.m.•65 views

PSF-2022-11 Buffer overflow in the _sha3 module in Python 3.10 and older

The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface...

9.8CVSS9.4AI score0.05193EPSS
Exploits1References4
OSV
OSV
•added 2022/05/13 1:11 a.m.•66 views

GHSA-R9VV-XJ4W-G8M8 Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain

The getObject method of the javax.jms.ObjectMessage class in the 1 JMS Core client, 2 Artemis broker, and 3 Artemis REST component in Apache ActiveMQ Artemis before 1.4.0 might allow remote authenticated users with permission to send messages to the Artemis broker to deserialize arbitrary objects...

7.2CVSS8.3AI score0.06924EPSS
Exploits0References26
OSV
OSV
•added 2022/04/06 12:1 a.m.•65 views

GHSA-2V6V-Q994-XVXX Privilege escalation in beego

beego is an open-source, high-performance web framework for the Go programming language. An issue was discovered in file profile.go in function GetCPUProfile in beego through 2.0.2, allows attackers to launch symlink attacks locally...

7.8CVSS7.5AI score0.00432EPSS
Exploits1References3
OSV
OSV
•added 2021/08/09 12:0 a.m.•65 views

DLA-2734-1 curl - security update

Bulletin has no description...

4.3CVSS6.2AI score0.0627EPSS
Exploits2
OSV
OSV
•added 2021/07/08 12:0 a.m.•65 views

DSA-4937-1 apache2 - security update

Bulletin has no description...

9.8CVSS7.8AI score0.68067EPSS
Exploits0
OSV
OSV
•added 2021/04/14 8:4 p.m.•65 views

GO-2020-0018

UUIDs generated using NewV1 and NewV4 may not read the expected number of random bytes. These UUIDs may contain a significantly smaller amount of entropy than expected, possibly leading to collisions...

1.8AI score
Exploits0References3
OSV
OSV
•added 2021/03/25 12:0 a.m.•65 views

DLA-2608-1 jquery - security update

Bulletin has no description...

6.9CVSS7.2AI score0.99019EPSS
Exploits11
OSV
OSV
•added 2020/04/14 3:27 p.m.•65 views

GHSA-8H56-V53H-5HHJ Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

8.8CVSS7.2AI score0.24318EPSS
Exploits3References5
OSV
OSV
•added 2019/11/04 12:0 a.m.•65 views

DSA-4558-1 webkit2gtk - security update

Bulletin has no description...

9.3CVSS7.5AI score0.10591EPSS
Exploits2
OSV
OSV
•added 2019/09/20 12:0 a.m.•65 views

DLA-1927-1 qemu - security update

Bulletin has no description...

8.8CVSS6.7AI score0.16658EPSS
Exploits4
OSV
OSV
•added 2019/07/10 12:0 a.m.•65 views

DLA-1850-1 redis - security update

Bulletin has no description...

7.2CVSS6.9AI score0.26048EPSS
Exploits0
OSV
OSV
•added 2019/03/26 12:0 a.m.•65 views

DLA-1730-1 libssh2 - security update

Bulletin has no description...

9.3CVSS7.5AI score0.09219EPSS
Exploits0
OSV
OSV
•added 2018/10/16 5:34 p.m.•65 views

GHSA-RR3C-F55V-QHV5 Denial of service vulnerability exists when .NET and .NET Core improperly process XML documents

Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka ".NET and .NET Core Denial Of Service Vulnerability". This CVE is unique from...

7.5CVSS6.5AI score0.08885EPSS
Exploits0References6
OSV
OSV
•added 2018/07/27 5:3 p.m.•65 views

GHSA-P7C9-JQHQ-VR3V Remote Code Execution in markdown-pdf

Versions of markdown-pdf prior to 9.0.0 are vulnerable to Remote Code Execution. The package fails to sanitize HTML code in markdown files. If markdown files with malicious HTML are converted to PDF, the resulting PDF file will execute any JavaScript code in the original markdown file. This may...

5.5CVSS5.7AI score0.00501EPSS
Exploits1References4
OSV
OSV
•added 2017/01/30 12:0 a.m.•65 views

DLA-809-1 tcpdump - security update

Bulletin has no description...

9.8CVSS7.4AI score0.06196EPSS
Exploits0
OSV
OSV
•added 2016/01/19 12:0 a.m.•65 views

DSA-3448-1 linux - security update

Bulletin has no description...

7.8CVSS6.9AI score0.03646EPSS
Exploits18
OSV
OSV
•added 2015/12/04 12:0 a.m.•65 views

DLA-359-1 mysql-5.5 - packages as an option announcement

Bulletin has no description...

7.2CVSS6.9AI score0.30146EPSS
Exploits6
OSV
OSV
•added 2015/08/07 12:0 a.m.•65 views

DLA-288-1 openssh - security update

Bulletin has no description...

8.5CVSS6AI score0.09302EPSS
Exploits1
OSV
OSV
•added 2009/05/02 12:0 a.m.•65 views

DSA-1787-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

10CVSS6.4AI score0.1673EPSS
Exploits30
OSV
OSV
•added 2026/05/18 8:56 a.m.•64 views

BIT-TOMCAT-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References53
OSV
OSV
•added 2026/01/08 9:52 p.m.•64 views

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

3.7CVSS6.6AI score
Exploits0References4
OSV
OSV
•added 2024/09/30 4:32 p.m.•64 views

RHSA-2023:1043 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7

Bulletin has no description...

9.8CVSS8.1AI score0.99615EPSS
Exploits41References147
OSV
OSV
•added 2024/09/29 5:48 p.m.•64 views

RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release

Bulletin has no description...

8.8CVSS6.7AI score0.45732EPSS
Exploits9References398
OSV
OSV
•added 2024/07/15 3:14 a.m.•64 views

MAL-2024-7752 Malicious code in jfrog-ci-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca6b5be5ca78626dbb231ce098412b200202572a0c8a3513b2a666e342d8004 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2024/07/01 3:25 p.m.•64 views

CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.9AI score0.99813EPSS
Exploits26References9
OSV
OSV
•added 2024/06/25 8:50 a.m.•64 views

SUSE-SU-2024:2190-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds bsc1225506 - CVE-2022-48689: Fixed data-race in lruaddfn bsc1223959 - CVE-2022-48691: Fixed memory leak in...

9.8CVSS8.7AI score0.17563EPSS
Exploits7References1157
OSV
OSV
•added 2024/06/04 10:48 p.m.•64 views

GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS8.4AI score0.01952EPSS
Exploits0References3
OSV
OSV
•added 2024/05/14 6:54 p.m.•64 views

CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

3.9CVSS6.7AI score0.00519EPSS
Exploits1References7
OSV
OSV
•added 2024/04/02 12:0 a.m.•64 views

ALSA-2024:1644 Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloa...

7.5CVSS8AI score0.01533EPSS
Exploits0References4
OSV
OSV
•added 2024/03/06 11:23 a.m.•64 views

BIT-GITLAB-2020-10084

GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerabilityfeedback endpoint could result in the exposure of a private project namespace...

5.3CVSS5AI score0.0091EPSS
Exploits0References3
OSV
OSV
•added 2023/11/27 5:25 p.m.•64 views

GHSA-R68H-JHHJ-9JVM Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...

6.4AI score
Exploits0References2
OSV
OSV
•added 2023/09/12 12:0 a.m.•64 views

ALSA-2023:5091 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References22
Total number of security vulnerabilities5000