Lucene search
K
OsvMost viewed

909765 matches found

OSV
OSV
added 2026/03/31 10:22 p.m.65 views

GHSA-HV78-CWP4-8R7R baserCMS has Unsafe File Upload Leading to Remote Code Execution (RCE)

Details The application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacker can craft a malicious PHP file within the zip and achieve...

8.7CVSS6.5AI score0.00577EPSS
Exploits1References5
OSV
OSV
added 2026/02/03 8:53 a.m.65 views

BIT-PYTHON-2026-1299 email BytesGenerator header injection due to unquoted newlines

The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized. This is only applicable if using "LiteralHeader" writing headers that don't respect email foldin...

6CVSS5.4AI score0.00737EPSS
Exploits0References11
OSV
OSV
added 2024/11/13 10:13 a.m.65 views

SUSE-SU-2024:3986-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too bsc1226797. - CVE-2024-41031: mm/filemap: skip to create PMD-sized page...

9.1CVSS7.8AI score0.01367EPSS
Exploits4References597
OSV
OSV
added 2024/11/12 10:8 p.m.65 views

GHSA-GV7V-RGG6-548H Laravel environment manipulation via query string

Description When the registerargcargv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. Resolution The framework now ignores argv values for environment detection on...

8.7CVSS5.9AI score0.37981EPSS
Exploits1References6
OSV
OSV
added 2024/11/02 4:56 p.m.65 views

MGASA-2024-0344 Updated kernel-linus packages fix security vulnerabilities

Vanilla upstream kernel version 6.6.58 fixes bugs and vulnerabilities. For information about the vulnerabilities see the links...

9.1CVSS6.9AI score0.01367EPSS
Exploits2References8
OSV
OSV
added 2024/10/02 11:32 a.m.65 views

RHSA-2023:6818 Red Hat Security Advisory: Satellite 6.14 security and bug fix update

Bulletin has no description...

9.8CVSS8.1AI score0.99999EPSS
Exploits30References422
OSV
OSV
added 2024/09/29 5:48 p.m.65 views

RHSA-2021:1313 Red Hat Security Advisory: Satellite 6.9 Release

Bulletin has no description...

8.8CVSS6.7AI score0.45732EPSS
Exploits9References398
OSV
OSV
added 2024/08/21 2:30 p.m.65 views

GO-2023-2351 Capsule Proxy Authentication bypass using an empty token in github.com/projectcapsule/capsule-proxy

Capsule Proxy Authentication bypass using an empty token in github.com/projectcapsule/capsule-proxy...

9.8CVSS9.5AI score0.00574EPSS
Exploits1References3
OSV
OSV
added 2024/08/20 8:29 p.m.65 views

GO-2023-1721 OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator

OpenFeature Operator vulnerable to Cluster-level Privilege Escalation in github.com/open-feature/open-feature-operator...

8.8CVSS8.2AI score0.00659EPSS
Exploits0References3
OSV
OSV
added 2024/08/20 8:25 p.m.65 views

GO-2023-1292 usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos

usememos/memos Incorrect Use of Privileged APIs vulnerability in github.com/usememos/memos...

7.3CVSS4.6AI score0.00507EPSS
Exploits1References4
OSV
OSV
added 2024/07/18 12:0 p.m.65 views

RUSTSEC-2024-0355 gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

6.8CVSS8AI score0.00212EPSS
Exploits0References4
OSV
OSV
added 2024/07/15 3:14 a.m.65 views

MAL-2024-7752 Malicious code in jfrog-ci-templates (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ca6b5be5ca78626dbb231ce098412b200202572a0c8a3513b2a666e342d8004 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/07/03 12:0 a.m.65 views

ALSA-2024:4312 Important: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: Possible remote code execution due to a race condition in signal handling...

8.1CVSS8.5AI score0.99506EPSS
Exploits68References4
OSV
OSV
added 2024/07/01 3:25 p.m.65 views

CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.9AI score0.99813EPSS
Exploits26References9
OSV
OSV
added 2024/06/24 5:4 p.m.65 views

SUSE-SU-2024:2183-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47497: Fixed shift-out-of-bound UBSAN with byte size cells bsc1225355. - CVE-2021-47500: Fixed trigger reference couting bsc1225360. - CVE-2021-47383: Fiedx...

9.8CVSS8AI score0.17563EPSS
Exploits6References275
OSV
OSV
added 2024/06/04 10:48 p.m.65 views

GO-2024-2887 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

The various Is methods IsPrivate, IsLoopback, etc did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms...

9.8CVSS8.4AI score0.01952EPSS
Exploits0References3
OSV
OSV
added 2024/05/15 9:38 p.m.65 views

GHSA-H533-5V22-8VCP firebase/php-jwt: "None" Algorithm treated as valid on tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

7.3AI score
Exploits0References5
OSV
OSV
added 2024/05/14 6:54 p.m.65 views

CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a...

3.9CVSS6.7AI score0.00519EPSS
Exploits1References7
OSV
OSV
added 2024/05/10 2:32 p.m.65 views

RLSA-2024:2564 Moderate: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: modhttp2: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.91327EPSS
Exploits2References2
OSV
OSV
added 2024/04/02 12:0 a.m.65 views

ALSA-2024:1644 Important: grafana-pcp security and bug fix update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloa...

7.5CVSS8AI score0.01533EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 10:53 a.m.65 views

BIT-APACHE-2022-28330 read beyond bounds in mod_isapi

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the modisapi module...

5.3CVSS7AI score0.03398EPSS
Exploits0References4
OSV
OSV
added 2024/02/20 12:0 a.m.65 views

ALSA-2024:0889 Moderate: oniguruma security update

Oniguruma is a regular expressions library that supports a variety of character encodings. Security Fixes: oniguruma: Use-after-free in onignewdeluxe in regext.c CVE-2019-13224 oniguruma: Stack exhaustion in regcomp.c because of recursion in regparse.c CVE-2019-16163 oniguruma: integer overflow i...

9.8CVSS8.4AI score0.10539EPSS
Exploits6References12
OSV
OSV
added 2023/11/27 5:25 p.m.65 views

GHSA-R68H-JHHJ-9JVM Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...

6.4AI score
Exploits0References2
OSV
OSV
added 2023/11/27 5:25 p.m.65 views

GHSA-HFXH-RJV7-2369 Uptime Kuma Authenticated remote code execution via TailscalePing

Summary The runTailscalePing method of the TailscalePing class injects the hostname parameter inside a shell command, leading to a command injection and the possibility to run arbitrary commands on the server. Details When adding a new monitor on Uptime Kuma, we can select the "Tailscale Ping"...

8.2AI score
Exploits0References2
OSV
OSV
added 2023/04/24 12:0 a.m.65 views

DLA-3401-1 apache2 - security update

Bulletin has no description...

9.8CVSS8.7AI score0.8377EPSS
Exploits5
OSV
OSV
added 2022/12/28 3:30 p.m.65 views

GHSA-QCF5-M2C6-89F2 usememos/memos Improper Authorization vulnerability

usememos/memos 0.9.0 and prior is vulnerable to Improper Authorization...

5.3CVSS5.5AI score0.00702EPSS
Exploits1References4
OSV
OSV
added 2022/12/05 12:0 a.m.65 views

DLA-3222-1 node-fetch - security update

Bulletin has no description...

8.8CVSS7.9AI score0.01646EPSS
Exploits1
OSV
OSV
added 2022/05/03 12:0 a.m.65 views

DSA-5128-1 openjdk-17 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.48235EPSS
Exploits6
OSV
OSV
added 2022/04/01 12:0 a.m.65 views

DSA-5111-1 zlib - security update

Bulletin has no description...

7.5CVSS7.5AI score0.51733EPSS
Exploits1
OSV
OSV
added 2021/07/17 3:3 p.m.65 views

UVI-2021-1001147 CWE-89 in Secure Remote Access (SRA) version 8.x, 9.0.0.9-26sv and earlier

SonicWall is aware of improper neutralization of a SQL Command leading to SQL Injection vulnerability, reported by CrowdStrike, impacting end-of-life Secure Remote Access SRA products, specifically the SRA appliances running all 8.x firmware or an old version of firmware 9.x 9.0.0.9-26sv or...

8.3AI score
Exploits0References1
OSV
OSV
added 2021/02/16 12:0 a.m.65 views

DLA-2560-1 qemu - security update

Bulletin has no description...

7.5CVSS6.2AI score0.0183EPSS
Exploits3
OSV
OSV
added 2020/11/21 9:15 p.m.65 views

PYSEC-2020-108

DISPUTED svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service segmentation fault via a crafted model SVM introduced via pickle, json, or any other model permanence standard with a large value in the nsupport...

7.5CVSS6.2AI score0.03429EPSS
Exploits3References5
OSV
OSV
added 2020/10/22 12:0 p.m.65 views

RUSTSEC-2020-0059 MutexGuard::map can cause a data race in safe code

Affected versions of the crate had a Send/Sync implementation for MappedMutexGuard that only considered variance on T, while MappedMutexGuard dereferenced to U. This could of led to data races in safe Rust code when a closure used in MutexGuard::map returns U that is unrelated to T. The issue was...

4.7CVSS4.7AI score0.00261EPSS
Exploits1References3
OSV
OSV
added 2020/06/11 12:0 a.m.65 views

DSA-4701-1 intel-microcode - security update

Bulletin has no description...

5.5CVSS6.5AI score0.00587EPSS
Exploits0
OSV
OSV
added 2020/04/14 3:27 p.m.65 views

GHSA-8H56-V53H-5HHJ Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

8.8CVSS7.2AI score0.24318EPSS
Exploits3References5
OSV
OSV
added 2019/06/17 12:0 a.m.65 views

DLA-1823-1 linux - security update

Bulletin has no description...

9.8CVSS6.6AI score0.98745EPSS
Exploits6
OSV
OSV
added 2019/03/26 12:0 a.m.65 views

DLA-1730-1 libssh2 - security update

Bulletin has no description...

9.3CVSS7.5AI score0.09219EPSS
Exploits0
OSV
OSV
added 2018/05/09 12:0 a.m.65 views

DLA-1373-1 php5 - security update

Bulletin has no description...

7.5CVSS6.4AI score0.08677EPSS
Exploits0
OSV
OSV
added 2018/03/04 8:29 p.m.65 views

UBUNTU-CVE-2018-7567

In the Admin Package Manager in Open Ticket Request System OTRS 5.0.0 through 5.0.24 and 6.0.0 through 6.0.1, authenticated admins are able to exploit a Blind Remote Code Execution vulnerability by loading a crafted opm file with an embedded CodeInstall element to execute a command on the server...

7.2CVSS7.3AI score0.05385EPSS
Exploits3References3
OSV
OSV
added 2018/01/18 11:29 p.m.65 views

CVE-2012-6708

jQuery before 1.9.0 is vulnerable to Cross-site Scripting XSS attacks. The jQuerystrInput function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions, jQuery determined whether the input was HTML by looking for the '' character anywhere in the string, giving...

6.1CVSS6AI score
Exploits0References15
OSV
OSV
added 2017/01/30 12:0 a.m.65 views

DLA-809-1 tcpdump - security update

Bulletin has no description...

9.8CVSS7.4AI score0.06196EPSS
Exploits0
OSV
OSV
added 2016/08/07 9:59 p.m.65 views

CVE-2016-6515

The authpassword function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service crypt CPU consumption via a long string...

7.5CVSS5.9AI score
Exploits0References15
OSV
OSV
added 2015/12/04 12:0 a.m.65 views

DLA-359-1 mysql-5.5 - packages as an option announcement

Bulletin has no description...

7.2CVSS6.9AI score0.30146EPSS
Exploits6
OSV
OSV
added 2012/02/28 12:0 a.m.65 views

DSA-2420-1 openjdk-6 - several

Bulletin has no description...

10CVSS8.8AI score0.98113EPSS
Exploits19
OSV
OSV
added 2011/01/11 12:0 a.m.65 views

DSA-2122-2 glibc - privilege escalation

Bulletin has no description...

7.2CVSS8.5AI score0.09454EPSS
Exploits35
OSV
OSV
added 2009/05/02 12:0 a.m.65 views

DSA-1787-1 linux-2.6.24 - several vulnerabilities

Bulletin has no description...

10CVSS6.4AI score0.1673EPSS
Exploits30
OSV
OSV
added 2026/06/03 10:20 a.m.64 views

RHSA-2026:22644 Red Hat Security Advisory: samba security update

Bulletin has no description...

9CVSS5.7AI score0.12797EPSS
Exploits8References28
OSV
OSV
added 2026/05/18 8:56 a.m.64 views

BIT-TOMCAT-2020-1938

When using the Apache JServ Protocol AJP, care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that...

9.8CVSS7.7AI score0.9927EPSS
Exploits45References53
OSV
OSV
added 2025/10/23 4:25 p.m.64 views

GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...

8.8CVSS7AI score0.00312EPSS
Exploits0References4
OSV
OSV
added 2024/10/18 6:15 a.m.64 views

CVE-2024-38820

The fix for CVE-2022-22968 made disallowedFields patterns in DataBinder case insensitive. However, String.toLowerCase has some Locale dependent exceptions that could potentially result in fields not protected as expected...

5.3CVSS5.3AI score0.00631EPSS
Exploits1References2
Total number of security vulnerabilities5000