Lucene search
K
OsvMost viewed

907637 matches found

OSV
OSV
•added 2017/01/30 12:0 a.m.•65 views

DLA-809-1 tcpdump - security update

Bulletin has no description...

9.8CVSS7.4AI score0.06196EPSS
Exploits0
OSV
OSV
•added 2015/12/04 12:0 a.m.•65 views

DLA-359-1 mysql-5.5 - packages as an option announcement

Bulletin has no description...

7.2CVSS6.9AI score0.30146EPSS
Exploits6
OSV
OSV
•added 2009/05/02 12:0 a.m.•65 views

DSA-1787-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

10CVSS6.4AI score0.1673EPSS
Exploits30
OSV
OSV
•added 2026/05/18 8:56 a.m.•64 views

BIT-TOMCAT-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References53
OSV
OSV
•added 2026/01/08 9:52 p.m.•64 views

GHSA-6475-R3VJ-M8VF AWS SDK for JavaScript v3 adopted defense in depth enhancement for region parameter value

CVSSv3.1 Rating: 3.7 LOW Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement h...

3.7CVSS6.6AI score
Exploits0References4
OSV
OSV
•added 2025/04/16 4:54 p.m.•64 views

GO-2025-3595 Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS6.7AI score0.0045EPSS
Exploits0References3
OSV
OSV
•added 2024/09/30 4:32 p.m.•64 views

RHSA-2023:1043 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7

Bulletin has no description...

9.8CVSS8.1AI score0.99615EPSS
Exploits41References147
OSV
OSV
•added 2024/09/29 5:48 p.m.•64 views

RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release

Bulletin has no description...

8.8CVSS6.7AI score0.45732EPSS
Exploits9References398
OSV
OSV
•added 2024/08/21 4:3 p.m.•64 views

GO-2022-1208 gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server

gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server...

6.1CVSS5.5AI score0.00502EPSS
Exploits0References4
OSV
OSV
•added 2024/07/01 3:25 p.m.•64 views

CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.9AI score0.99813EPSS
Exploits26References9
OSV
OSV
•added 2024/06/25 8:50 a.m.•64 views

SUSE-SU-2024:2190-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds bsc1225506 - CVE-2022-48689: Fixed data-race in lruaddfn bsc1223959 - CVE-2022-48691: Fixed memory leak in...

9.8CVSS8.7AI score0.17563EPSS
Exploits7References1157
OSV
OSV
•added 2024/06/04 10:48 p.m.•64 views

GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS8.4AI score0.01952EPSS
Exploits0References3
OSV
OSV
•added 2024/05/01 5:5 p.m.•64 views

GHSA-2XP3-57P7-QF4V xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing

Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/sec-CoreValidation. As such, without additional validation steps, the default configuration allows a...

10CVSS9.2AI score0.00833EPSS
Exploits1References10
OSV
OSV
•added 2023/09/12 12:0 a.m.•64 views

ALSA-2023:5091 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References22
OSV
OSV
•added 2023/07/25 9:15 p.m.•64 views

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS6.9AI score0.00487EPSS
Exploits1References2
OSV
OSV
•added 2023/05/09 12:0 a.m.•64 views

ALSA-2023:2167 Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS7AI score0.02513EPSS
Exploits1References12
OSV
OSV
•added 2022/07/26 12:0 a.m.•64 views

GHSA-WW2V-FRV5-PJ5X Joplin is vulnerable to arbitrary code execution

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

9CVSS9.2AI score0.02133EPSS
Exploits2References6
OSV
OSV
•added 2022/06/20 6:20 p.m.•64 views

MAL-2022-275 Malicious code in @flameshot/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8bbca4a9cd0a35a35928860188f38aa877f6edfa6b4eb2b65c110d2d83990bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2022/05/14 1:10 a.m.•64 views

GHSA-6GJJ-C5MJ-4CVP Improper Input Validation in Apache Tomcat

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL...

4.3CVSS7.6AI score0.09895EPSS
Exploits1References19
OSV
OSV
•added 2022/05/03 12:0 a.m.•64 views

DSA-5128-1 openjdk-17 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.46677EPSS
Exploits6
OSV
OSV
•added 2022/04/01 12:0 a.m.•64 views

DSA-5111-1 zlib - security update

Bulletin has no description...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
OSV
OSV
•added 2021/12/14 9:36 p.m.•64 views

GHSA-5CQM-CRXM-6QPV Buffer overrun in CGI.escape_html

A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...

9.8CVSS9.5AI score0.04766EPSS
Exploits1References17
OSV
OSV
•added 2021/11/01 12:0 a.m.•64 views

ASB-A-180745296

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS9.4AI score0.01602EPSS
Exploits0References1
OSV
OSV
•added 2021/09/14 8:25 p.m.•64 views

GHSA-2GHC-6V89-PW9J body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

7.6CVSS9.4AI score0.01257EPSS
Exploits1References4
OSV
OSV
•added 2021/07/17 3:3 p.m.•64 views

UVI-2021-1001147 CWE-89 in Secure Remote Access (SRA) version 8.x, 9.0.0.9-26sv and earlier

SonicWall is aware of improper neutralization of a SQL Command leading to SQL Injection vulnerability, reported by CrowdStrike, impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware or an old version of firmware 9.x 9.0.0.9-26sv or...

8.3AI score
Exploits0References1
OSV
OSV
•added 2021/04/30 5:28 p.m.•64 views

GHSA-P9W3-GWC2-CR49 HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS6.2AI score0.01147EPSS
Exploits0References4
OSV
OSV
•added 2021/02/16 12:0 a.m.•64 views

DLA-2560-1 qemu - security update

Bulletin has no description...

7.5CVSS6.2AI score0.0183EPSS
Exploits3
OSV
OSV
•added 2020/06/11 12:0 a.m.•64 views

DSA-4701-1 intel-microcode - security update

Bulletin has no description...

5.5CVSS6.5AI score0.00587EPSS
Exploits0
OSV
OSV
•added 2020/05/26 2:49 p.m.•64 views

GHSA-2P68-F74V-9WC6 ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

9.8CVSS7.7AI score0.45732EPSS
Exploits5References12
OSV
OSV
•added 2019/06/17 12:0 a.m.•64 views

DLA-1823-1 linux - security update

Bulletin has no description...

9.8CVSS6.6AI score0.98745EPSS
Exploits6
OSV
OSV
•added 2018/05/09 12:0 a.m.•64 views

DLA-1373-1 php5 - security update

Bulletin has no description...

7.5CVSS6.4AI score0.08787EPSS
Exploits0
OSV
OSV
•added 2018/01/18 11:29 p.m.•64 views

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1CVSS6AI score
Exploits0References15
OSV
OSV
•added 2016/08/07 9:59 p.m.•64 views

CVE-2016-6515

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string...

7.5CVSS5.9AI score
Exploits0References15
OSV
OSV
•added 2015/08/27 12:0 a.m.•64 views

DSA-3344-1 php5 - security update

Bulletin has no description...

10CVSS8AI score0.16948EPSS
Exploits2
OSV
OSV
•added 2012/02/28 12:0 a.m.•64 views

DSA-2420-1 openjdk-6 - several

Bulletin has no description...

10CVSS8.8AI score0.98237EPSS
Exploits19
OSV
OSV
•added 2012/01/31 12:0 a.m.•64 views

DSA-2399-1 php5 - several

Bulletin has no description...

7.5CVSS8.3AI score0.83911EPSS
Exploits32
OSV
OSV
•added 2011/01/11 12:0 a.m.•64 views

DSA-2122-2 glibc - privilege escalation

Bulletin has no description...

7.2CVSS8.5AI score0.09454EPSS
Exploits35
OSV
OSV
•added 2008/07/27 12:0 a.m.•64 views

DSA-1621-1 icedove - several vulnerabilities

Bulletin has no description...

10CVSS9AI score0.13949EPSS
Exploits4
OSV
OSV
•added 2007/06/16 12:0 a.m.•64 views

DSA-1304 kernel-source-2.6.8 - several

Bulletin has no description...

9.4CVSS6.6AI score0.13529EPSS
Exploits4
OSV
OSV
•added 2026/04/25 11:27 p.m.•63 views

GHSA-V4P8-MG3P-G94G LiteLLM: Authenticated command execution via MCP stdio test endpoints

Impact Two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio...

8.8CVSS6AI score0.80188EPSS
Exploits1References5
OSV
OSV
•added 2025/01/07 4:3 p.m.•63 views

GO-2025-3361 GoPhish sends cleartext passwords in github.com/gophish/gophish

GoPhish sends cleartext passwords in github.com/gophish/gophish...

7.5CVSS7.5AI score0.00358EPSS
Exploits0References3
OSV
OSV
•added 2024/11/12 10:8 p.m.•63 views

GHSA-GV7V-RGG6-548H Laravel environment manipulation via query string

Description When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. Resolution The framework now ignores argv values for environment detection on...

8.7CVSS5.9AI score0.37981EPSS
Exploits1References6
OSV
OSV
•added 2024/10/02 11:25 a.m.•63 views

RHSA-2023:5967 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update

Bulletin has no description...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References18
OSV
OSV
•added 2024/08/19 5:26 p.m.•63 views

GO-2024-3058 Gorush uses deprecated TLS versions in github.com/appleboy/gorush

An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version...

9.1CVSS9.1AI score0.00308EPSS
Exploits0References4
OSV
OSV
•added 2024/07/01 1:15 p.m.•63 views

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

8.1CVSS8.2AI score0.99506EPSS
Exploits68References79
OSV
OSV
•added 2024/06/15 12:0 a.m.•63 views

OPENSUSE-SU-2024:10438-1 freetype2-devel-2.7-1.1 on GA media

These are all security issues fixed in the freetype2-devel-2.7-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS7.4AI score0.08541EPSS
Exploits27References55
OSV
OSV
•added 2024/05/10 2:32 p.m.•63 views

RLSA-2024:2564 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.91327EPSS
Exploits2References2
OSV
OSV
•added 2024/05/03 3:16 a.m.•63 views

CVE-2023-50230

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

8CVSS7.4AI score
Exploits0References3
OSV
OSV
•added 2024/04/05 6:30 a.m.•63 views

GHSA-5PGG-2G8V-P4X9 SheetJS Regular Expression Denial of Service (ReDoS)

SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service ReDoS. A non-vulnerable version cannot be found via npm, as the repository hosted on GitHub and the npm package xlsx are no longer maintained. Version 0.20.2 can be downloaded via https://cdn.sheetjs.com...

7.5CVSS7.4AI score0.00843EPSS
Exploits0References6
OSV
OSV
•added 2024/03/06 10:56 a.m.•63 views

BIT-APACHE-2020-9490

Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request would result in a crash when the server actually tries to HTTP/2 PUSH a resource afterwards. Configuring the HTTP/2 feature via "H2Push off" will mitigate this vulnerability f...

7.5CVSS8.3AI score0.89744EPSS
Exploits0References30
Total number of security vulnerabilities5000