Lucene search
K
OsvMost viewed

907648 matches found

OSV
OSV
•added 2009/08/13 12:0 a.m.•52 views

DSA-1861-1 libxml - several issues

Bulletin has no description...

6.5CVSS6.9AI score0.03121EPSS
Exploits2
OSV
OSV
•added 2008/07/08 12:0 a.m.•52 views

DSA-1603-1 bind9 - cache poisoning

Bulletin has no description...

6.8CVSS6.9AI score0.95182EPSS
Exploits20
OSV
OSV
•added 2008/06/09 12:0 a.m.•52 views

DSA-1592-1 linux-2.6 - overflow conditions

Bulletin has no description...

10CVSS6.2AI score0.07091EPSS
Exploits3
OSV
OSV
•added 2007/10/20 12:0 a.m.•52 views

DSA-1392-1 xulrunner - several vulnerabilities

Bulletin has no description...

9.3CVSS6.4AI score0.12736EPSS
Exploits4
OSV
OSV
•added 2007/05/02 12:0 a.m.•52 views

DSA-1286-1 linux-2.6

Bulletin has no description...

7.8CVSS7.5AI score0.13529EPSS
Exploits8
OSV
OSV
•added 2005/09/01 12:0 a.m.•52 views

DSA-797-1 zsync - buffer overflow

Bulletin has no description...

7.5CVSS8.7AI score0.05476EPSS
Exploits3
OSV
OSV
•added 2004/12/10 12:0 a.m.•52 views

DSA-607-1 xfree86 - several

Bulletin has no description...

10CVSS6.1AI score0.08698EPSS
Exploits0
OSV
OSV
•added 2002/08/05 12:0 a.m.•52 views

DSA-143 krb5 - integer overflow

Bulletin has no description...

10CVSS9.4AI score0.58133EPSS
Exploits3
OSV
OSV
•added 2026/05/19 3:40 p.m.•51 views

GHSA-XMPW-2VMM-P4P6 Malicious code in guardrails-ai 0.10.1 (supply chain compromise)

Impact On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of guardrails-ai 0.10.1 to PyPI. Affected: any user who installed guardrails-ai==0.10.1 from PyPI on May 11, 2026. Security researchers identified the malicious package within approximately 2 hours ...

9.6CVSS5.8AI score0.00276EPSS
Exploits0References6
OSV
OSV
•added 2026/04/22 2:16 p.m.•51 views

DEBIAN-CVE-2026-31488

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not skip unrelated mode changes in DSC validation Starting with commit 17ce8a6907f7 "drm/amd/display: Add dsc pre-validation in atomic check", amdgpu resets the CRTC state modechanged flag to false when...

7.8CVSS5.4AI score0.00135EPSS
Exploits0References1
OSV
OSV
•added 2026/02/03 4:4 p.m.•51 views

BIT-PYTHON-2007-4559

Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. dot dot sequence in filenames in a TAR archive, a related issue to CVE-2001-1267...

9.8CVSS5.6AI score0.27095EPSS
Exploits3References14
OSV
OSV
•added 2026/01/29 12:43 a.m.•51 views

CGA-4CM4-PXM6-X3MP

Bulletin has no description...

9.8CVSS5.8AI score0.01812EPSS
Exploits0
OSV
OSV
•added 2025/11/14 2:45 p.m.•51 views

HSEC-2024-0002 out-of-bounds write when there are many bzip2 selectors

out-of-bounds write when there are many bzip2 selectors A malicious bzip2 payload may produce a memory corruption resulting in a denial of service and/or remote code execution. Network services or command line utilities decompressing untrusted bzip2 payloads are affected. Note that the exploitati...

9.8CVSS7.6AI score0.08042EPSS
Exploits0References4
OSV
OSV
•added 2025/06/19 6:15 p.m.•51 views

PYSEC-2025-186

A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publi...

4.8CVSS4.6AI score0.00184EPSS
Exploits1References6
OSV
OSV
•added 2025/04/16 2:13 p.m.•51 views

CVE-2025-22126 md: fix mddev uaf while iterating all_mddevs list

In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating allmddevs list While iterating allmddevs list from mdnotifyreboot and mdexit, listforeachentrysafe is used, and this can race with deletint the next mddev, causing UAF: t1: spinlock...

7.8CVSS6.4AI score0.00163EPSS
Exploits0References9
OSV
OSV
•added 2025/04/01 12:0 a.m.•51 views

PUB-A-385736329

In n/a of n/a, there is a possible n/a due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.3AI score
Exploits0References1
OSV
OSV
•added 2025/01/10 1:3 p.m.•51 views

OESA-2025-1039 spark security update

Apache Spark achieves high performance for both batch and streaming data, using a state-of-the-art DAG scheduler, a query optimizer, and a physical execution engine. Security Fixes: Signing cookies is an application security feature that adds a digital signature to cookie data to verify its...

5.9CVSS6.8AI score0.01468EPSS
Exploits1References2
OSV
OSV
•added 2024/12/09 6:51 a.m.•51 views

MAL-2024-11695 Malicious code in rk-pairip (PyPI)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
•added 2024/11/15 6:45 p.m.•51 views

RHSA-2024:8870 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

7.3CVSS7.7AI score0.01483EPSS
Exploits0References212
OSV
OSV
•added 2024/10/15 12:24 a.m.•51 views

RHSA-2024:8076 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.19 Security update

Bulletin has no description...

7.5CVSS6.7AI score0.17673EPSS
Exploits5References43
OSV
OSV
•added 2024/10/02 11:24 a.m.•51 views

RHSA-2023:5970 Red Hat Security Advisory: Red Hat OpenStack Platform 17.1.1 (collectd-libpod-stats) security update

Bulletin has no description...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References18
OSV
OSV
•added 2024/09/30 2:52 p.m.•51 views

RHSA-2023:5485 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.13 security update on RHEL 8

Bulletin has no description...

7.5CVSS7.7AI score0.02761EPSS
Exploits4References57
OSV
OSV
•added 2024/09/29 5:29 p.m.•51 views

RHSA-2020:2060 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 8 security update

Bulletin has no description...

8.1CVSS7.8AI score0.9927EPSS
Exploits46References82
OSV
OSV
•added 2024/09/29 5:29 p.m.•51 views

RHSA-2020:2059 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.8 on RHEL 7 security update

Bulletin has no description...

8.1CVSS7.8AI score0.9927EPSS
Exploits46References82
OSV
OSV
•added 2024/09/25 5:1 p.m.•51 views

RHSA-2024:5832 Red Hat Security Advisory: httpd security update

Bulletin has no description...

9.1CVSS8.8AI score0.41611EPSS
Exploits0References8
OSV
OSV
•added 2024/09/24 12:0 a.m.•51 views

ALSA-2024:6969 Moderate: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fixes: golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: crypto/x509: Verify panics on certificates with an unknown public key algorith...

7.5CVSS8.1AI score0.01414EPSS
Exploits0References12
OSV
OSV
•added 2024/09/16 9:2 a.m.•51 views

RHSA-2023:2458 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS7.7AI score0.03763EPSS
Exploits13References2067
OSV
OSV
•added 2024/09/10 7:42 p.m.•51 views

GHSA-M6FV-JMCG-4JFG send vulnerable to template injection that can lead to XSS

Impact passing untrusted user input - even after sanitizing it - to SendStream.redirect may execute untrusted code Patches this issue is patched in send 0.19.0 Workarounds users are encouraged to upgrade to the patched version of express, but otherwise can workaround this issue by making sure any...

5CVSS6.9AI score0.00511EPSS
Exploits0References5
OSV
OSV
•added 2024/08/20 8:26 p.m.•51 views

GO-2023-1553 Answer vulnerable to Race Condition in github.com/answerdev/answer

Answer vulnerable to Race Condition in github.com/answerdev/answer...

8.1CVSS6.5AI score0.0069EPSS
Exploits1References4
OSV
OSV
•added 2024/07/23 12:0 a.m.•51 views

ALSA-2024:4720 Important: httpd:2.4 security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: Encoding problem in modproxy CVE-2024-38473 httpd: Substitution encoding issue in modrewrite CVE-2024-38474 httpd: Improper escaping of output in modrewrite CVE-2024-38475...

9.8CVSS8AI score0.99957EPSS
Exploits2References12
OSV
OSV
•added 2024/07/18 12:0 p.m.•51 views

RUSTSEC-2024-0355 gix-path can use a fake program files location

Summary When looking for Git for Windows so it can run it to report its paths, gix-path can be tricked into running another git.exe placed in an untrusted location by a limited user account. Details Windows permits limited user accounts without administrative privileges to create new directories ...

6.8CVSS8AI score0.00212EPSS
Exploits0References4
OSV
OSV
•added 2024/03/14 12:0 a.m.•51 views

ALSA-2024:1334 Important: dnsmasq security update

The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server. Security Fixes: dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator CVE-2023-50387 dnsmasq: bind9: Preparing an NSEC3 closest encloser proof...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References6
OSV
OSV
•added 2024/03/06 11:20 a.m.•51 views

BIT-GITLAB-2021-22176

An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper access control allows demoted project members to access details on authored merge requests...

4.3CVSS4.2AI score0.01001EPSS
Exploits0References4
OSV
OSV
•added 2024/03/06 10:56 a.m.•51 views

BIT-GITLAB-2023-5332 Dependency on Vulnerable Third-Party Component in GitLab

Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE...

8.1CVSS7.7AI score0.00742EPSS
Exploits1References3
OSV
OSV
•added 2024/03/06 10:56 a.m.•51 views

BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template

Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...

9.8CVSS8.8AI score0.02281EPSS
Exploits0References7
OSV
OSV
•added 2024/03/01 12:0 a.m.•51 views

ASB-A-273935108

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.6AI score0.00126EPSS
Exploits0References2
OSV
OSV
•added 2024/02/01 12:0 a.m.•51 views

ASB-A-297524203

In attpbuildreadbytypevaluecmd of attprotocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS9.6AI score0.00613EPSS
Exploits0References2
OSV
OSV
•added 2024/01/23 6:15 p.m.•51 views

PYSEC-2024-18

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the window endpoint does not sanitize user-supplied input from the location variable and passes it to the send method which sends a GET request on lines 339-343 in request.py, which leads to a server-side request...

9.8CVSS9.2AI score0.0098EPSS
Exploits1References8
OSV
OSV
•added 2024/01/12 3:15 a.m.•51 views

PYSEC-2024-10

In Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable...

9.8CVSS9.5AI score0.00464EPSS
Exploits0References5
OSV
OSV
•added 2024/01/09 6:30 p.m.•51 views

GHSA-98G6-XH36-X2P7 Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability...

8.7CVSS9.5AI score0.0118EPSS
Exploits0References3
OSV
OSV
•added 2023/11/11 11:0 p.m.•51 views

RLSA-2023:6077 Moderate: toolbox security update

The toolbox container image can be used with Toolbox to obtain Rocky Linux based containerized command line environments to aid with development and software testing. Toolbox is built on top of Podman and other standard container technologies from OCI. This updates the toolbox image in the Rocky...

7.5CVSS7.9AI score0.99999EPSS
Exploits19References3
OSV
OSV
•added 2023/11/06 7:31 a.m.•51 views

BIT-2021-2144

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Parser. Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL...

7.2CVSS6.3AI score0.01886EPSS
Exploits0References2Affected Software1
OSV
OSV
•added 2023/10/30 3:25 p.m.•51 views

GHSA-JQ35-85CJ-FJ4P /sys/devices/virtual/powercap accessible by default to containers

Intel's RAPL Running Average Power Limit feature, introduced by the Sandy Bridge microarchitecture, provides software insights into hardware energy consumption. To facilitate this, Intel introduced the powercap framework in Linux kernel 3.13, which reads values via relevant MSRs model specific...

5.8AI score
Exploits0References8
OSV
OSV
•added 2023/10/19 4:8 p.m.•51 views

GHSA-R344-XW3P-2FRJ Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions

Impact The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Affected versions are subject to a Denial-of-Service DoS type vulnerability which causes the Router to panic and terminate when a multi-part respons...

7.5CVSS7.5AI score0.00726EPSS
Exploits0References6
OSV
OSV
•added 2023/10/19 12:0 a.m.•51 views

ALSA-2023:5929 Important: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 For more details about the security issues, including the impact, a CVSS...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
OSV
OSV
•added 2023/10/18 12:0 a.m.•51 views

ALSA-2023:5849 Important: nodejs:18 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rapid Reset Attack CVE-2023-44487 nodejs: integrity checks according t...

7.5CVSS8.6AI score0.99999EPSS
Exploits19References10
OSV
OSV
•added 2023/10/10 6:23 p.m.•51 views

GHSA-VX74-F528-FXQG github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset

Impact Rapidly creating and cancelling streams HEADERS frame immediately followed by RSTSTREAM without bound cause denial of service. See https://vulners.com/cve/CVE-2023-44487 for details. Patches nghttp2 v1.57.0 mitigates this vulnerability by default. Workarounds If upgrading to nghttp2 v1.57....

7.5CVSS7.9AI score0.99999EPSS
Exploits19References4
OSV
OSV
•added 2023/10/04 6:50 p.m.•51 views

GHSA-M755-GXXG-R5QH Zope management interface vulnerable to stored cross site scripting via the title property

Impact The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI because the title property is displayed unquoted in the breadcrumbs element. All versions of Zope 4 and Zope 5 are...

3.1CVSS4.5AI score0.00404EPSS
Exploits0References6
OSV
OSV
•added 2023/09/29 9:14 p.m.•51 views

PYSEC-2023-183

opencv-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...

8.8CVSS6.8AI score0.99694EPSS
Exploits9References3
OSV
OSV
•added 2023/09/28 5:15 a.m.•51 views

PYSEC-2023-179

This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke and pydash.collections.invokemap accept dotted paths Deep Path Strings to target a nested Python object, relative to the original source object. These paths can be used to target...

8.1CVSS7.4AI score0.02919EPSS
Exploits1References4
Total number of security vulnerabilities5000