Lucene search
K
OsvMost viewed

907431 matches found

OSV
OSV
added 2019/02/12 5:26 p.m.55 views

GHSA-W5M8-5V9M-XHX5 Critical severity vulnerability that affects Haraka

Haraka version 2.8.8 and earlier comes with a plugin for processing attachments for zip files. Versions 2.8.8 and earlier can be vulnerable to command injection...

9.8CVSS9.6AI score0.13377EPSS
Exploits4References3
OSV
OSV
added 2018/12/16 12:0 a.m.55 views

DLA-1608-1 php5 - security update

Bulletin has no description...

8.5CVSS7AI score0.9523EPSS
Exploits7
OSV
OSV
added 2018/05/30 12:0 a.m.55 views

DLA-1389-1 apache2 - security update

Bulletin has no description...

9.8CVSS7.9AI score0.18197EPSS
Exploits0
OSV
OSV
added 2017/10/24 6:33 p.m.55 views

GHSA-PR3R-4WRP-R2PV ActiveRecord in Ruby on Rails allows database-query bypass

Active Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly consider differences in parameter handling between the Active Record component and the JSON implementation, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks or trigger missing...

7.5CVSS7.6AI score0.03903EPSS
Exploits0References7
OSV
OSV
added 2017/03/11 2:59 a.m.55 views

CVE-2017-5638

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows remote attackers to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or...

9.8CVSS8.2AI score0.99999EPSS
Exploits44References34
OSV
OSV
added 2016/12/18 12:0 a.m.55 views

DSA-3739-1 tomcat8 - security update

Bulletin has no description...

9.8CVSS8.2AI score0.90338EPSS
Exploits7
OSV
OSV
added 2016/09/22 12:0 a.m.55 views

DSA-3673-1 openssl - security update

Bulletin has no description...

9.8CVSS6.9AI score0.63029EPSS
Exploits2
OSV
OSV
added 2016/05/03 12:0 a.m.55 views

DLA-456-1 openssl - security update

Bulletin has no description...

10CVSS7.2AI score0.89058EPSS
Exploits7
OSV
OSV
added 2015/07/23 12:0 a.m.55 views

DSA-3313-1 linux - security update

Bulletin has no description...

7.8CVSS6.8AI score0.06267EPSS
Exploits4
OSV
OSV
added 2015/06/17 12:0 a.m.55 views

DLA-247-1 openssl - security update

Bulletin has no description...

7.5CVSS6.7AI score0.9986EPSS
Exploits2
OSV
OSV
added 2015/03/20 12:0 a.m.55 views

DSA-3198-1 php5 - security update

Bulletin has no description...

7.5CVSS7.6AI score0.27869EPSS
Exploits10
OSV
OSV
added 2014/05/12 12:0 a.m.55 views

DSA-2926-1 linux - security update

Bulletin has no description...

7.2CVSS6.3AI score0.22475EPSS
Exploits14
OSV
OSV
added 2014/04/22 12:0 a.m.55 views

DSA-2911-1 icedove - security update

Bulletin has no description...

10CVSS8.8AI score0.83633EPSS
Exploits17
OSV
OSV
added 2010/02/22 12:0 a.m.55 views

DSA-2003-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

7.8CVSS6.8AI score0.12EPSS
Exploits8
OSV
OSV
added 2009/05/15 12:0 a.m.55 views

DSA-1800-1 linux-2.6 user-mode-linux - several vulnerabilities

Bulletin has no description...

7.8CVSS6.2AI score0.04268EPSS
Exploits12
OSV
OSV
added 2006/06/27 12:0 a.m.55 views

DSA-1103 kernel-source-2.6.8 - several vulnerabilities

Bulletin has no description...

10CVSS5.8AI score0.06797EPSS
Exploits3
OSV
OSV
added 2006/05/21 12:0 a.m.55 views

DSA-1070-1 kernel-source-2.4.19 - several vulnerabilities

Bulletin has no description...

10CVSS6.1AI score0.04078EPSS
Exploits8
OSV
OSV
added 2026/06/06 6:13 a.m.54 views

MAL-2026-5315 Malicious code in ensmallen (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f844af5d6142ffdd36c3697ff26feabb3d79b6f75e5ac403d2ade6460023e04c Versions 0.8.101 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using...

5.5AI score
Exploits0References4
OSV
OSV
added 2026/05/13 7:0 a.m.54 views

MGASA-2026-0130 Updated perl-Gazelle packages fix security vulnerability

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. CVE-2026-40562...

7.5CVSS5.8AI score0.00319EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 4:47 p.m.54 views

CGA-9C65-97PV-F3RG

Bulletin has no description...

7.2CVSS5.7AI score0.00497EPSS
Exploits0
OSV
OSV
added 2025/08/18 8:7 a.m.54 views

BIT-NGINX-2025-53859 NGINX ngx_mail_smtp_module vulnerability

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS7.5AI score0.00371EPSS
Exploits0References3
OSV
OSV
added 2024/11/13 10:13 a.m.54 views

SUSE-SU-2024:3985-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48879: efi: fix NULL-deref in init error path bsc1229556. - CVE-2022-48956: ipv6: avoid use-after-free in ip6fragment bsc1231893. - CVE-2022-48957:...

9.1CVSS8AI score0.03651EPSS
Exploits6References464
OSV
OSV
added 2024/10/02 11:23 a.m.54 views

RHSA-2023:5979 Red Hat Security Advisory: Satellite 6.12.5.2 Async Security Update

Bulletin has no description...

9.1CVSS8.5AI score0.99999EPSS
Exploits25References50
OSV
OSV
added 2024/09/25 5:30 a.m.54 views

CGA-PFMC-9PXP-XX2W

Bulletin has no description...

7.5CVSS7.3AI score0.06748EPSS
Exploits0
OSV
OSV
added 2024/08/21 4:3 p.m.54 views

GO-2022-1032 Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package in github.com/cloudflare/goflow

Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package in github.com/cloudflare/goflow...

7.5CVSS7.4AI score0.00803EPSS
Exploits0References5
OSV
OSV
added 2024/08/20 8:26 p.m.54 views

GO-2023-1577 Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd

Users with any cluster secret update access may update out-of-bounds cluster secrets in github.com/argoproj/argo-cd...

9.1CVSS8.9AI score0.00671EPSS
Exploits0References3
OSV
OSV
added 2024/08/19 5:26 p.m.54 views

GO-2024-3058 Gorush uses deprecated TLS versions in github.com/appleboy/gorush

An issue in the RunHTTPServer function in Gorush allows attackers to intercept and manipulate data due to the use of a deprecated TLS version...

9.1CVSS9.1AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2024/07/18 10:15 a.m.54 views

CVE-2024-40725

A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local...

5.3CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2024/07/18 12:0 a.m.54 views

ALSA-2024:4620 Important: libndp security update

Libndp is a library used by NetworkManager that provides a wrapper for the IPv6 Neighbor Discovery Protocol. It also provides a tool named ndptool for sending and receiving NDP messages. Security Fixes: libndp: buffer overflow in route information length field CVE-2024-5564 For more details about...

8.1CVSS8.6AI score0.01165EPSS
Exploits0References4
OSV
OSV
added 2024/07/17 12:0 a.m.54 views

ALSA-2024:4563 Important: java-1.8.0-openjdk security update

The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: OpenJDK: RangeCheckElimination array index overflow 8323231 CVE-2024-21147 OpenJDK: potential UTF8 size overflow 8314794 CVE-2024-21131 OpenJDK: Excessiv...

7.4CVSS6.9AI score0.01257EPSS
Exploits0References15
OSV
OSV
added 2024/07/03 7:16 a.m.54 views

BIT-APACHE-2024-39573 Apache HTTP Server: mod_rewrite proxy handler substitution

Potential SSRF in modrewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to cause unsafe RewriteRules to unexpectedly setup URL's to be handled by modproxy. Users are recommended to upgrade to version 2.4.60, which fixes this issue...

7.5CVSS7.4AI score0.35447EPSS
Exploits0References5
OSV
OSV
added 2024/06/14 1:41 p.m.54 views

GO-2024-2902 Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd

Unauthenticated Access to sensitive settings in Argo CD in github.com/argoproj/argo-cd...

7.5CVSS6AI score0.02348EPSS
Exploits0References3
OSV
OSV
added 2024/06/06 12:30 p.m.54 views

CGA-XWXC-6M8M-G938

Bulletin has no description...

7.5CVSS7AI score0.01042EPSS
Exploits0
OSV
OSV
added 2024/06/03 6:30 a.m.54 views

GHSA-4W54-WWC9-X62C Silverpeas authentication bypass

Silverpeas before 6.3.5 allows authentication bypass by omitting the Password field to AuthenticationServlet, often providing an unauthenticated user with superadmin access...

9.8CVSS9.7AI score0.00935EPSS
Exploits2References6
OSV
OSV
added 2024/05/06 1:5 p.m.54 views

RLSA-2024:1688 Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding Marvin CVE-2023-46809 nodejs: reading unprocessed HTT...

8.1CVSS7.4AI score0.03168EPSS
Exploits0References8
OSV
OSV
added 2024/03/06 11:7 a.m.54 views

BIT-PHP-2020-7059 OOB read in php_strip_tags_ex

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS8.2AI score0.07402EPSS
Exploits1References15
OSV
OSV
added 2024/03/06 11:1 a.m.54 views

BIT-NODE-2023-30585

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

7.5CVSS7.4AI score0.01467EPSS
Exploits0References3
OSV
OSV
added 2024/03/05 8:54 p.m.54 views

GHSA-M4PQ-FV2W-6HRW Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping

Summary A maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Details In the patch for CVE-2023-28446, Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to t...

8.8CVSS7AI score0.00943EPSS
Exploits1References5
OSV
OSV
added 2024/02/09 12:15 a.m.54 views

CVE-2024-23639 micronaut-core management endpoints vulnerable to drive-by localhost attack

Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical ...

5.1CVSS7.4AI score0.00261EPSS
Exploits0References4
OSV
OSV
added 2023/12/22 4:15 p.m.54 views

CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

7CVSS7.5AI score
Exploits0References13
OSV
OSV
added 2023/11/20 9:15 a.m.54 views

PYSEC-2023-240

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml https://nvd.nist.gov/vuln/detail/CVE-2022-1471 . Apache Submarine uses JAXRS to define REST endpoints. In order to handle YAML requests using application/yaml content-type, it defin...

9.8CVSS7.7AI score0.01747EPSS
Exploits1References4
OSV
OSV
added 2023/11/08 12:0 a.m.55 views

DSA-5550-1 cacti - security update

Bulletin has no description...

9.8CVSS6.3AI score0.87575EPSS
Exploits14
OSV
OSV
added 2023/10/24 7:21 p.m.54 views

GHSA-5PR3-M5HM-9956 WPS Server Side Request Forgery vulnerability

Summary The OGC Web Processing Service WPS specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. Details This vulnerability requires: The WPS extension to be installed The WPS security setting...

8.6CVSS9.1AI score0.67715EPSS
Exploits0References5
OSV
OSV
added 2023/10/24 6:37 p.m.54 views

RLSA-2023:5738 Important: go-toolset and golang security and bug fix update

Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. The golang packages provide the Go programming language compiler. Security Fixes: golang: net/http, x/net/http2: rapid stream resets can cause excessive work CVE-2023-44487 CVE-2023-39325...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
added 2023/10/05 8:35 p.m.54 views

GO-2023-2095 Arbitrary code execution during build via line directives in cmd/go

Line directives "//line" can be used to bypass the restrictions on "//go:cgo" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of...

8.1CVSS8.3AI score0.01762EPSS
Exploits0References3
OSV
OSV
added 2023/09/21 11:15 p.m.54 views

CVE-2023-4504

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023...

7CVSS7.5AI score0.00663EPSS
Exploits2References11
OSV
OSV
added 2023/09/12 3:15 p.m.54 views

CVE-2023-4863

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

8.8CVSS7.2AI score0.99694EPSS
Exploits9References47
OSV
OSV
added 2023/07/31 4:49 a.m.54 views

MAL-2023-1011 Malicious code in docusaurus-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 051d35253b6ae2ef5d7366a3879b1783f91c35cc5fa1346198db3d6326e0e589 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2023/07/06 11:15 p.m.54 views

PYSEC-2023-115

Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the access-control-allow-credentials: true HTTP header if the Origin request header ends with the system.base-hostname option of Sentry...

6.8CVSS6.6AI score0.00543EPSS
Exploits0References4
OSV
OSV
added 2023/04/06 12:0 a.m.54 views

ALSA-2023:1670 Important: httpd and mod_http2 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP request splitting with modrewrite and modproxy CVE-2023-25690 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...

9.8CVSS8.8AI score0.8377EPSS
Exploits5References4
Total number of security vulnerabilities5000