Lucene search
K
OsvMost viewed

909763 matches found

OSV
OSV
•added 2024/10/03 6:26 p.m.•64 views

GHSA-593M-55HH-J8GV Sentry SDK Prototype Pollution gadget in JavaScript SDKs

Impact In case a Prototype Pollution vulnerability is present in a user's application or bundled libraries, the Sentry SDK could potentially serve as a gadget to exploit that vulnerability. The exploitability depends on the specific details of the underlying Prototype Pollution issue. !NOTE This...

6.3CVSS7.2AI score
Exploits0References6
OSV
OSV
•added 2024/09/30 4:32 p.m.•64 views

RHSA-2023:1043 Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update on RHEL 7

Bulletin has no description...

9.8CVSS8.1AI score0.99615EPSS
Exploits42References147
OSV
OSV
•added 2024/08/21 4:3 p.m.•64 views

GO-2022-1208 gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server

gotify/server vulnerable to Cross-site Scripting in the application image file upload in github.com/gotify/server...

6.1CVSS5.5AI score0.00502EPSS
Exploits0References4
OSV
OSV
•added 2024/08/21 2:30 p.m.•64 views

GO-2022-0298 Command injection in gh-ost in github.com/github/gh-ost

Command injection in gh-ost in github.com/github/gh-ost...

6.8CVSS6.6AI score0.01003EPSS
Exploits0References3
OSV
OSV
•added 2024/08/06 10:40 p.m.•64 views

GO-2024-3051 Meshery SQL Injection vulnerability in github.com/layer5io/meshery

Meshery SQL Injection vulnerability in github.com/layer5io/meshery. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest a...

8.1CVSS6AI score0.01552EPSS
Exploits1References7
OSV
OSV
•added 2024/07/01 1:15 p.m.•64 views

CVE-2024-6387

A security regression CVE-2006-5051 was discovered in OpenSSH's server sshd. There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period...

8.1CVSS8.2AI score0.99506EPSS
Exploits68References79
OSV
OSV
•added 2024/06/04 10:26 p.m.•64 views

GHSA-PRJP-H48F-JGF6 ActionText ContentAttachment can Contain Unsanitized HTML

Instances of ActionText::Attachable::ContentAttachment included within a richtextarea tag could potentially contain unsanitized HTML. This has been assigned the CVE identifier CVE-2024-32464. Versions Affected: = 7.1.0 Not affected: 7.1.0 Fixed Versions: 7.1.3.4 Impact ------ This could lead to a...

6.1CVSS5.9AI score0.00434EPSS
Exploits0References5
OSV
OSV
•added 2024/05/03 3:16 a.m.•64 views

CVE-2023-50230

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must...

8CVSS7.4AI score
Exploits0References3
OSV
OSV
•added 2024/05/01 5:5 p.m.•64 views

GHSA-2XP3-57P7-QF4V xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing

Summary Default configuration does not check authorization of the signer, it only checks the validity of the signature per section 3.2.2 of https://www.w3.org/TR/2008/REC-xmldsig-core-20080610/sec-CoreValidation. As such, without additional validation steps, the default configuration allows a...

10CVSS9.2AI score0.00833EPSS
Exploits1References10
OSV
OSV
•added 2023/11/02 7:24 a.m.•64 views

BIT-2023-46119

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Parse Server crashes when uploading a file without extension. This vulnerability has been patched in versions 5.5.6 and 6.3.1...

7.5CVSS6.8AI score0.01053EPSS
Exploits0References5Affected Software1
OSV
OSV
•added 2023/10/03 12:0 a.m.•64 views

DSA-5514-1 glibc - security update

Bulletin has no description...

7.8CVSS8.1AI score0.81422EPSS
Exploits27
OSV
OSV
•added 2023/10/02 6:39 p.m.•64 views

GO-2023-2077 Authentication bypass in github.com/sagernet/sing

Authentication bypass in github.com/sagernet/sing...

9.8CVSS9.5AI score0.00679EPSS
Exploits0References2
OSV
OSV
•added 2023/09/12 12:0 a.m.•64 views

ALSA-2023:5091 Important: kernel-rt security and bug fix update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: UAF in nftables when nftsetlookupglobal triggered after handling named and anonymous sets in batch requests CVE-2023-3390 kernel:...

7.8CVSS7.7AI score0.05794EPSS
Exploits5References22
OSV
OSV
•added 2023/08/22 12:0 p.m.•64 views

RUSTSEC-2023-0053 rustls-webpki: CPU denial of service in certificate path building

When this crate is given a pathological certificate chain to validate, it will spend CPU time exponential with the number of candidate certificates at each step of path building. Both TLS clients and TLS servers that accept client certificate are affected. We now give each path building operation...

7.5CVSS7.7AI score0.06325EPSS
Exploits0References2
OSV
OSV
•added 2023/07/25 9:15 p.m.•64 views

PYSEC-2023-133

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine EVM. Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means...

5.3CVSS6.9AI score0.00487EPSS
Exploits1References2
OSV
OSV
•added 2023/05/09 12:0 a.m.•64 views

ALSA-2023:2167 Moderate: grafana security and enhancement update

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fixes: golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters CVE-2022-2880 golang: net/http: handle server errors after sending GOAWAY...

7.5CVSS7AI score0.02513EPSS
Exploits1References12
OSV
OSV
•added 2022/10/29 8:15 p.m.•64 views

CVE-2022-42915

curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTPS URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request HTTP...

8.1CVSS0.1AI score0.02927EPSS
Exploits0References10
OSV
OSV
•added 2022/09/04 12:0 a.m.•64 views

DLA-3095-1 ruby-rack - security update

Bulletin has no description...

10CVSS8.5AI score0.02056EPSS
Exploits0
OSV
OSV
•added 2022/07/26 12:0 a.m.•64 views

GHSA-WW2V-FRV5-PJ5X Joplin is vulnerable to arbitrary code execution

Joplin v2.8.8 allows attackers to execute arbitrary commands via a crafted payload injected into the Node titles...

9CVSS9.2AI score0.02133EPSS
Exploits2References6
OSV
OSV
•added 2022/06/20 6:20 p.m.•64 views

MAL-2022-275 Malicious code in @flameshot/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b8bbca4a9cd0a35a35928860188f38aa877f6edfa6b4eb2b65c110d2d83990bf Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
•added 2022/05/16 12:0 a.m.•64 views

DLA-3011-1 vim - security update

Bulletin has no description...

8.4CVSS8.1AI score0.26583EPSS
Exploits9
OSV
OSV
•added 2022/05/14 1:10 a.m.•64 views

GHSA-6GJJ-C5MJ-4CVP Improper Input Validation in Apache Tomcat

org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote attackers to conduct session fixation attacks via a crafted URL...

4.3CVSS7.6AI score0.09895EPSS
Exploits1References19
OSV
OSV
•added 2022/04/07 12:0 a.m.•64 views

OSV-2022-312 Heap-buffer-overflow in dhcp_reply

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=46416 Crash type: Heap-buffer-overflow READ 1 Crash state: dhcpreply dhcppacket FuzzDhcp...

7.2AI score
Exploits0References1
OSV
OSV
•added 2021/12/14 9:36 p.m.•64 views

GHSA-5CQM-CRXM-6QPV Buffer overrun in CGI.escape_html

A buffer overrun vulnerability was discovered in CGI.escapehtml. This can lead to a buffer overflow when a user passes a very large string 700 MB to CGI.escapehtml on a platform where long type takes 4 bytes, typically, Windows...

9.8CVSS9.5AI score0.04766EPSS
Exploits1References17
OSV
OSV
•added 2021/11/01 12:0 a.m.•64 views

ASB-A-180745296

In Android TV , there is a possible silent pairing due to lack of rate limiting in the pairing flow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS9.4AI score0.01602EPSS
Exploits0References1
OSV
OSV
•added 2021/09/14 8:25 p.m.•64 views

GHSA-2GHC-6V89-PW9J body-parser-xml vulnerable to Prototype Pollution

body-parser-xml is vulnerable to Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution'...

7.6CVSS9.4AI score0.01257EPSS
Exploits1References4
OSV
OSV
•added 2021/08/25 8:55 p.m.•64 views

GHSA-5325-XW5M-PHM3 Cross-site Scripting in ammonia

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...

6.1CVSS6.1AI score0.00702EPSS
Exploits1References5
OSV
OSV
•added 2021/07/15 12:0 a.m.•64 views

DLA-2708-1 php7.0 - security update

Bulletin has no description...

7.8CVSS6.9AI score0.03179EPSS
Exploits4
OSV
OSV
•added 2021/04/30 5:28 p.m.•64 views

GHSA-P9W3-GWC2-CR49 HTTP Request Smuggling in Undertow

A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS...

4.8CVSS6.2AI score0.01147EPSS
Exploits0References4
OSV
OSV
•added 2020/11/22 12:0 a.m.•64 views

DLA-2463-1 samba - security update

Bulletin has no description...

10CVSS7.1AI score0.99512EPSS
Exploits75
OSV
OSV
•added 2020/09/03 12:0 p.m.•64 views

RUSTSEC-2020-0039 `index()` allows out-of-bound read and `remove()` has off-by-one error

Slab::index does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop...

9.1CVSS8.1AI score0.0151EPSS
Exploits0References3
OSV
OSV
•added 2020/05/26 2:49 p.m.•64 views

GHSA-2P68-F74V-9WC6 ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore

In ActiveSupport, there is potentially unexpected behaviour in the MemCacheStore and RedisCacheStore where, when untrusted user input is written to the cache store using the raw: true parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of pla...

9.8CVSS7.7AI score0.45732EPSS
Exploits5References12
OSV
OSV
•added 2020/01/31 12:0 a.m.•64 views

DLA-2091-1 libjackson-json-java - security update

Bulletin has no description...

9.8CVSS9AI score0.37925EPSS
Exploits7
OSV
OSV
•added 2020/01/08 12:0 p.m.•64 views

RUSTSEC-2020-0045 bespoke Cell implementation allows obtaining several mutable references to the same data

The custom implementation of a Cell primitive in the affected versions of this crate does not keep track of mutable references to the underlying data. This allows obtaining several mutable references to the same object which may result in arbitrary memory corruption, most likely use-after-free. T...

9.1CVSS9.1AI score0.0141EPSS
Exploits1References3
OSV
OSV
•added 2019/08/26 12:0 a.m.•64 views

DSA-4509-1 apache2 - security update

Bulletin has no description...

9.1CVSS6.9AI score0.81466EPSS
Exploits6
OSV
OSV
•added 2018/05/25 12:0 a.m.•64 views

DLA-1383-1 xen - security update

Bulletin has no description...

8.8CVSS6.6AI score0.18404EPSS
Exploits9
OSV
OSV
•added 2015/08/27 12:0 a.m.•64 views

DSA-3344-1 php5 - security update

Bulletin has no description...

10CVSS8AI score0.16948EPSS
Exploits2
OSV
OSV
•added 2012/01/31 12:0 a.m.•64 views

DSA-2399-1 php5 - several

Bulletin has no description...

7.5CVSS8.3AI score0.83911EPSS
Exploits32
OSV
OSV
•added 2009/11/25 12:0 a.m.•64 views

DSA-1940-1 php5 - multiple issues

Bulletin has no description...

7.5CVSS8.1AI score0.12041EPSS
Exploits5
OSV
OSV
•added 2008/07/27 12:0 a.m.•64 views

DSA-1621-1 icedove - several vulnerabilities

Bulletin has no description...

10CVSS9AI score0.13949EPSS
Exploits4
OSV
OSV
•added 2008/03/30 12:0 a.m.•64 views

DSA-1535-1 iceweasel

Bulletin has no description...

9.3CVSS9.8AI score0.06055EPSS
Exploits2
OSV
OSV
•added 2007/07/24 12:0 a.m.•64 views

DSA-1339-1 iceape - several

Bulletin has no description...

9.3CVSS9.6AI score0.04618EPSS
Exploits3
OSV
OSV
•added 2007/06/16 12:0 a.m.•64 views

DSA-1304 kernel-source-2.6.8 - several

Bulletin has no description...

9.4CVSS6.6AI score0.13529EPSS
Exploits4
OSV
OSV
•added 2026/06/03 6:56 p.m.•63 views

ROOT-APP-PYPI-CVE-2026-28684 CVE-2026-28684 in rootio-python-dotenv - Patched by Root

Root has patched CVE-2026-28684 in the rootio-python-dotenv package for Root:PyPI. Multiple fixed versions available...

6.6CVSS5.2AI score0.00236EPSS
Exploits1
OSV
OSV
•added 2026/05/20 10:9 a.m.•63 views

RHSA-2026:18683 Red Hat Security Advisory: libssh security update

Bulletin has no description...

6.5CVSS7.2AI score0.00582EPSS
Exploits0References55
OSV
OSV
•added 2025/08/14 6:52 p.m.•63 views

MAL-2025-28475 Malicious code in Orchestrator (npm)

The package Orchestrator was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
•added 2024/10/02 11:25 a.m.•63 views

RHSA-2023:5967 Red Hat Security Advisory: Red Hat OpenStack Platform 16.1.9 (collectd-libpod-stats, etcd) security update

Bulletin has no description...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References18
OSV
OSV
•added 2024/10/02 11:22 a.m.•63 views

RHSA-2023:5931 Red Hat Security Advisory: Satellite 6.13.5 Async Security Update

Bulletin has no description...

9.8CVSS8.3AI score0.99999EPSS
Exploits26References84
OSV
OSV
•added 2024/07/11 3:15 a.m.•63 views

UBUNTU-CVE-2016-15039

A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...

6.3CVSS5.2AI score0.00426EPSS
Exploits0References6
OSV
OSV
•added 2024/06/15 12:0 a.m.•63 views

OPENSUSE-SU-2024:10438-1 freetype2-devel-2.7-1.1 on GA media

These are all security issues fixed in the freetype2-devel-2.7-1.1 package on the GA media of openSUSE Tumbleweed...

10CVSS7.4AI score0.08541EPSS
Exploits27References55
Total number of security vulnerabilities5000