Lucene search
K
OsvMost viewed

908024 matches found

OSV
OSV
added 2016/01/02 12:0 a.m.53 views

DSA-3433-1 samba - security update

Bulletin has no description...

7.5CVSS6.5AI score0.13584EPSS
Exploits1
OSV
OSV
added 2014/07/31 12:0 a.m.53 views

DLA-27-1 file - security update

Bulletin has no description...

6.5CVSS7.8AI score0.20805EPSS
Exploits1
OSV
OSV
added 2014/05/16 12:0 a.m.53 views

DSA-2929-1 ruby-actionpack-3.2 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.53703EPSS
Exploits2
OSV
OSV
added 2013/02/25 12:0 a.m.53 views

DSA-2632-1 linux-2.6 - several vulnerabilities

Bulletin has no description...

6.9CVSS6.7AI score0.01434EPSS
Exploits2
OSV
OSV
added 2011/11/05 12:0 a.m.53 views

DSA-2336-1 ffmpeg - several

Bulletin has no description...

9.3CVSS9.3AI score0.05846EPSS
Exploits0
OSV
OSV
added 2011/06/18 12:0 a.m.53 views

DSA-2264-1 linux-2.6 - several issues

Bulletin has no description...

9.8CVSS7AI score0.04177EPSS
Exploits23
OSV
OSV
added 2011/03/19 12:0 a.m.53 views

DSA-2195-1 php5 - several

Bulletin has no description...

6.8CVSS7AI score0.13333EPSS
Exploits10
OSV
OSV
added 2009/08/13 12:0 a.m.53 views

DSA-1861-1 libxml - several issues

Bulletin has no description...

6.5CVSS6.9AI score0.03121EPSS
Exploits2
OSV
OSV
added 2009/01/14 12:0 a.m.53 views

DSA-1704-1 xulrunner - several vulnerabilities

Bulletin has no description...

10CVSS9.8AI score0.03201EPSS
Exploits1
OSV
OSV
added 2008/07/08 12:0 a.m.53 views

DSA-1603-1 bind9 - cache poisoning

Bulletin has no description...

6.8CVSS6.9AI score0.95182EPSS
Exploits20
OSV
OSV
added 2008/06/09 12:0 a.m.53 views

DSA-1592-1 linux-2.6 - overflow conditions

Bulletin has no description...

10CVSS6.2AI score0.07091EPSS
Exploits3
OSV
OSV
added 2007/10/20 12:0 a.m.53 views

DSA-1392-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits4
OSV
OSV
added 2005/12/14 12:0 a.m.53 views

DSA-921-1 kernel-source-2.4.27 - several

Bulletin has no description...

7.5CVSS6.2AI score0.04626EPSS
Exploits4
OSV
OSV
added 2004/12/10 12:0 a.m.53 views

DSA-607-1 xfree86 - several

Bulletin has no description...

10CVSS6.1AI score0.08698EPSS
Exploits0
OSV
OSV
added 2004/04/16 12:0 a.m.53 views

DSA-486 cvs - several vulnerabilities

Bulletin has no description...

5CVSS6AI score0.02354EPSS
Exploits0
OSV
OSV
added 2026/06/12 3:7 p.m.52 views

GHSA-CQ87-8R7H-962V SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 2:27 p.m.52 views

GHSA-W7JW-789Q-3M8P shell-quote quote() does not escape newlines in object .op values

Summary shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore...

9.2CVSS5.6AI score0.00848EPSS
Exploits1References6
OSV
OSV
added 2026/04/22 2:16 p.m.52 views

DEBIAN-CVE-2026-31488

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 "drm/amd/display: Add dsc pre-validation in atomic check", amdgpu resets the CRTC state modechanged flag to false when...

7.8CVSS5.4AI score0.00135EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 10:52 p.m.52 views

MAL-2025-192349 Malicious code in qt-main (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bd1f92a69928dc8fa2a6a50cfd596c34802bc68fc28dd5dd8508fc24344bbec9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSV
OSV
added 2025/07/07 5:57 p.m.52 views

CVE-2025-53536 Roo Code allows Potential Remote Code Execution via .vscode/settings.json

Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. There were multiple ways to achieve that. One example is with...

8.1CVSS7.8AI score0.00656EPSS
Exploits0References5
OSV
OSV
added 2025/04/26 12:0 a.m.52 views

DLA-4139-1 imagemagick - security update

Bulletin has no description...

7.5CVSS6.7AI score0.00481EPSS
Exploits0
OSV
OSV
added 2025/04/16 2:13 p.m.52 views

CVE-2025-22126 md: fix mddev uaf while iterating all_mddevs list

In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating allmddevs list While iterating allmddevs list from mdnotifyreboot and mdexit, listforeachentrysafe is used, and this can race with deletint the next mddev, causing UAF: t1: spinlock...

7.8CVSS6.4AI score0.00163EPSS
Exploits0References9
OSV
OSV
added 2025/03/25 7:38 p.m.52 views

GO-2025-3542 LocalAI Cross-Site Scripting (XSS) vulnerability in its search functionality in github.com/mudler/LocalAI

LocalAI Cross-Site Scripting XSS vulnerability in its search functionality in github.com/mudler/LocalAI. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

6.1CVSS5.2AI score0.00491EPSS
Exploits1References4
OSV
OSV
added 2024/10/21 11:23 p.m.52 views

RHSA-2020:4847 Red Hat Security Advisory: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update

Bulletin has no description...

8.6CVSS6.9AI score0.9927EPSS
Exploits65References111
OSV
OSV
added 2024/10/15 12:24 a.m.52 views

RHSA-2024:8076 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

Bulletin has no description...

7.5CVSS6.7AI score0.17673EPSS
Exploits5References43
OSV
OSV
added 2024/09/25 5:1 p.m.52 views

RHSA-2024:5832 Red Hat Security Advisory: httpd security update

Bulletin has no description...

9.1CVSS8.8AI score0.41611EPSS
Exploits0References8
OSV
OSV
added 2024/09/24 12:0 a.m.52 views

ALSA-2024:6969 Moderate: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: crypto/x509: Verify panics on certificates with an unknown public key algorith...

7.5CVSS8.1AI score0.01414EPSS
Exploits0References12
OSV
OSV
added 2024/09/16 3:20 a.m.52 views

RHSA-2020:0962 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update

Bulletin has no description...

7.6CVSS9.1AI score0.9927EPSS
Exploits45References24
OSV
OSV
added 2024/09/15 5:20 p.m.52 views

RHSA-2008:0524 Red Hat Security Advisory: Red Hat Network Satellite Server security update

Bulletin has no description...

10CVSS6.3AI score0.90768EPSS
Exploits31References152
OSV
OSV
added 2024/09/13 9:19 p.m.52 views

RHSA-2024:0554 Red Hat Security Advisory: kpatch-patch security update

Bulletin has no description...

8.8CVSS7AI score0.09141EPSS
Exploits3References43
OSV
OSV
added 2024/08/20 8:29 p.m.52 views

GO-2023-1656 Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer

Answer vulnerable to Stored Cross-site Scripting in github.com/answerdev/answer...

8.3CVSS5.2AI score0.00536EPSS
Exploits1References4
OSV
OSV
added 2024/08/20 8:29 p.m.52 views

GO-2023-1615 Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer

Answer vulnerable to Cross-site Scripting in github.com/answerdev/answer...

6CVSS4.8AI score0.00526EPSS
Exploits1References4
OSV
OSV
added 2024/08/06 10:3 p.m.52 views

GO-2024-3036 cortex establishes TLS connections with `InsecureSkipVerify` set to `true` in github.com/cortexproject/cortex

cortex establishes TLS connections with InsecureSkipVerify set to true in github.com/cortexproject/cortex...

7.5CVSS7.4AI score0.00258EPSS
Exploits0References3
OSV
OSV
added 2024/07/04 5:57 a.m.52 views

BELL-CVE-2024-39894

Bulletin has no description...

7.5CVSS7.2AI score0.01634EPSS
Exploits0References1
OSV
OSV
added 2024/07/03 7:17 a.m.52 views

BIT-APACHE-2024-38474 Apache HTTP Server weakness with encoded question marks in backreferences

Substitution encoding issue in modrewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to...

9.8CVSS8.7AI score0.02456EPSS
Exploits0References4
OSV
OSV
added 2024/06/01 12:0 a.m.52 views

ASB-A-316153291

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS8AI score0.00779EPSS
Exploits12References2
OSV
OSV
added 2024/05/22 12:0 a.m.52 views

ALSA-2024:3166 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: openssh: scp allows command injection when using backtick characters in the destination...

7.8CVSS8AI score0.12996EPSS
Exploits6References4
OSV
OSV
added 2024/05/01 4:40 p.m.52 views

GHSA-3999-5FFV-WP2R Yamux Memory Exhaustion Vulnerability via Active::pending_frames property

Summary Attack scenario The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a numbe...

7.5CVSS7AI score0.00761EPSS
Exploits0References6
OSV
OSV
added 2024/04/30 12:0 a.m.52 views

ALSA-2024:2135 Moderate: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: QEMU: e1000e: heap use-after-free in e1000ewritepackettoguest CVE-2023-3019...

7CVSS6.4AI score0.01891EPSS
Exploits1References12
OSV
OSV
added 2024/04/30 12:0 a.m.52 views

ALSA-2024:2447 Low: openssl and openssl-fips-provider security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entri...

6.5CVSS6.2AI score0.05533EPSS
Exploits0References16
OSV
OSV
added 2024/04/04 8:15 p.m.52 views

CVE-2024-24795

HTTP Response splitting in multiple modules in Apache HTTP Server allows an attacker that can inject malicious response headers into backend applications to cause an HTTP desynchronization attack. Users are recommended to upgrade to version 2.4.59, which fixes this issue...

6.3CVSS6.7AI score
Exploits0References10
OSV
OSV
added 2024/03/25 7:40 p.m.52 views

GHSA-5JPM-X58V-624V Netty's HttpPostRequestDecoder can OOM

Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...

5.3CVSS5.8AI score0.0138EPSS
Exploits1References7
OSV
OSV
added 2024/03/20 12:0 a.m.52 views

ALSA-2024:1444 Important: nodejs:16 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks CVE-2024-22019 nodejs: HTTP/2: Multiple HTTP/2 enabled...

7.5CVSS8.7AI score0.99999EPSS
Exploits19References6
OSV
OSV
added 2024/03/14 12:0 a.m.52 views

ALSA-2024:1334 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References6
OSV
OSV
added 2024/03/06 11:20 a.m.52 views

BIT-GITLAB-2021-22176

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests...

4.3CVSS4.2AI score0.01001EPSS
Exploits0References4
OSV
OSV
added 2024/03/06 11:7 a.m.52 views

BIT-PYTHON-2020-8315

In Python CPython 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected...

5.5CVSS5.6AI score0.01345EPSS
Exploits0References2
OSV
OSV
added 2024/03/06 11:4 a.m.52 views

BIT-PYTHON-2022-48565

An XML External Entity XXE issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities...

9.8CVSS8.7AI score0.04268EPSS
Exploits3References8
OSV
OSV
added 2024/03/06 10:52 a.m.53 views

BIT-ELASTICSEARCH-2023-31417 Elasticsearch Insertion of sensitive information in audit logs

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords...

4.4CVSS4.5AI score0.00228EPSS
Exploits0References4
OSV
OSV
added 2024/02/12 8:17 p.m.52 views

RLSA-2024:0627 Moderate: gnutls security update

The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fixes: gnutls: incomplete fix for CVE-2023-5981 CVE-2024-0553 For more details about the security issues, including the impact,...

7.5CVSS7.2AI score0.01614EPSS
Exploits1References2
OSV
OSV
added 2024/02/11 3:30 a.m.52 views

GHSA-99VC-XW8J-PHJM Ghost has possible Cross-site Scripting issue

Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view th...

6.5CVSS9.1AI score0.03485EPSS
Exploits1References5
Total number of security vulnerabilities5000