Lucene search
K
OsvMost viewed

907757 matches found

OSV
OSV
•added 2020/02/24 7:12 p.m.•50 views

GHSA-7553-JR98-VX47 libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. The Nokogiri RubyGem has patched its vendored copy of libxml2 in order to prevent this issue from affecting nokogiri...

7.5CVSS7.7AI score0.07836EPSS
Exploits0References19
OSV
OSV
•added 2020/02/10 8:15 a.m.•50 views

CVE-2020-7059

When using fgetss function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash...

9.1CVSS6.3AI score
Exploits0References14
OSV
OSV
•added 2020/01/29 12:0 a.m.•50 views

DLA-2085-1 zlib - security update

Bulletin has no description...

9.8CVSS8.5AI score0.07489EPSS
Exploits0
OSV
OSV
•added 2020/01/27 12:0 a.m.•50 views

DLA-2077-1 tomcat7 - security update

Bulletin has no description...

7.5CVSS7.5AI score0.10687EPSS
Exploits0
OSV
OSV
•added 2020/01/16 4:15 p.m.•50 views

CVE-2019-18282

The flowdissector feature in the Linux kernel 4.3 through 5.x before 5.3.10 has a device tracking vulnerability, aka CID-55667441c84f. This occurs because the auto flowlabel of a UDP IPv6 packet relies on a 32-bit hashrnd value as a secret, and because jhash instead of siphash is used. The hashrn...

5.3CVSS6.4AI score
Exploits0References5
OSV
OSV
•added 2019/12/07 12:0 a.m.•50 views

DLA-2023-1 openjdk-7 - security update

Bulletin has no description...

6.8CVSS6.3AI score0.03749EPSS
Exploits0
OSV
OSV
•added 2019/11/06 1:15 p.m.•50 views

RLSA-2019:3735 Critical: php:7.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: underflow in envpathinfo in fpmmain.c CVE-2019-11043 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to...

8.1CVSS9.6AI score0.9947EPSS
Exploits54References2
OSV
OSV
•added 2019/08/13 12:0 a.m.•50 views

DLA-1884-1 linux - security update

Bulletin has no description...

9.3CVSS6.8AI score0.05111EPSS
Exploits9
OSV
OSV
•added 2019/07/20 12:0 a.m.•50 views

DSA-4484-1 linux - security update

Bulletin has no description...

7.8CVSS8.3AI score0.52199EPSS
Exploits21
OSV
OSV
•added 2019/06/18 4:36 p.m.•50 views

ALSA-2019:1529 Important: pki-deps:10.6 security update

The Public Key Infrastructure PKI Deps module contains fundamental packages required as dependencies for the pki-core module by AlmaLinux Certificate System. Security Fixes: tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up CVE-2018-8037 tomcat: Insecure...

9.8CVSS7.2AI score0.94494EPSS
Exploits3References5
OSV
OSV
•added 2019/05/09 12:0 a.m.•50 views

DLA-1781-1 qemu - security update

Bulletin has no description...

9.8CVSS7.5AI score0.04428EPSS
Exploits0
OSV
OSV
•added 2019/03/25 12:0 a.m.•50 views

DLA-1728-1 openssh - security update

Bulletin has no description...

6.8CVSS6.3AI score0.58204EPSS
Exploits9
OSV
OSV
•added 2019/01/11 12:0 a.m.•50 views

DLA-1633-1 sqlite3 - security update

Bulletin has no description...

9.8CVSS8.8AI score0.08609EPSS
Exploits0
OSV
OSV
•added 2018/08/17 7:29 p.m.•50 views

CVE-2018-15473

OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, related to auth2-gss.c, auth2-hostbased.c, and auth2-pubkey.c...

5.3CVSS3.5AI score
Exploits0References18
OSV
OSV
•added 2018/03/29 12:0 a.m.•50 views

DSA-4156-1 drupal7 - security update

Bulletin has no description...

9.8CVSS9.9AI score0.99993EPSS
Exploits46
OSV
OSV
•added 2017/10/24 6:33 p.m.•50 views

GHSA-4936-RJ25-6WM6 nori contains Improper Input Validation

The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before 1.0.3 for Ruby does not properly restrict casts of string values, which allows remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service memory and CPU consumption involving...

7.5CVSS7.8AI score0.02312EPSS
Exploits0References12
OSV
OSV
•added 2017/10/06 12:0 a.m.•50 views

DSA-3992-1 curl - security update

Bulletin has no description...

7.5CVSS7.3AI score0.08465EPSS
Exploits0
OSV
OSV
•added 2017/03/08 12:0 a.m.•50 views

DLA-849-1 linux - security update

Bulletin has no description...

7.8CVSS7.1AI score0.04666EPSS
Exploits2
OSV
OSV
•added 2017/02/22 12:0 a.m.•50 views

DSA-3791-1 linux - security update

Bulletin has no description...

9.8CVSS6.9AI score0.0596EPSS
Exploits13
OSV
OSV
•added 2016/12/30 7:59 p.m.•50 views

CVE-2016-10045

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOT...

9.8CVSS10AI score0.99714EPSS
Exploits59References15
OSV
OSV
•added 2016/10/05 12:0 a.m.•50 views

DSA-3688-1 nss - security update

Bulletin has no description...

9.8CVSS7.7AI score0.9986EPSS
Exploits1
OSV
OSV
•added 2016/06/07 12:0 a.m.•50 views

DSA-3597-1 expat - security update

Bulletin has no description...

7.8CVSS7AI score0.06539EPSS
Exploits0
OSV
OSV
•added 2016/02/21 12:0 a.m.•50 views

DSA-3486-1 chromium-browser - security update

Bulletin has no description...

10CVSS6.7AI score0.02639EPSS
Exploits1
OSV
OSV
•added 2015/11/01 12:0 a.m.•50 views

DSA-3388-1 ntp - security update

Bulletin has no description...

9.8CVSS6.9AI score0.81762EPSS
Exploits7
OSV
OSV
•added 2015/08/01 12:0 a.m.•50 views

DSA-3323-1 icu - security update

Bulletin has no description...

10CVSS7.4AI score0.2447EPSS
Exploits4
OSV
OSV
•added 2015/07/26 12:0 a.m.•50 views

DSA-3318-1 expat - security update

Bulletin has no description...

6.8CVSS7.9AI score0.19069EPSS
Exploits0
OSV
OSV
•added 2015/07/04 12:0 a.m.•50 views

DSA-3300-1 iceweasel - security update

Bulletin has no description...

10CVSS5.7AI score0.9986EPSS
Exploits2
OSV
OSV
•added 2015/03/20 12:0 a.m.•50 views

DLA-177-1 openssl - security update

Bulletin has no description...

7.5CVSS6.8AI score0.44503EPSS
Exploits1
OSV
OSV
•added 2014/11/18 12:0 a.m.•50 views

DSA-3074-1 php5 - security update

Bulletin has no description...

5CVSS8.4AI score0.14013EPSS
Exploits0
OSV
OSV
•added 2014/09/26 12:0 a.m.•50 views

DLA-63-1 bash - security update

Bulletin has no description...

10CVSS7.6AI score0.9994EPSS
Exploits19
OSV
OSV
•added 2014/06/20 12:0 a.m.•50 views

DLA-0008-1 openssl - security update

Bulletin has no description...

7.4CVSS6.8AI score0.95326EPSS
Exploits11
OSV
OSV
•added 2013/08/02 12:0 a.m.•50 views

DSA-2733-1 otrs2 - SQL injection

Bulletin has no description...

8.8CVSS6.5AI score0.01322EPSS
Exploits0
OSV
OSV
•added 2013/02/17 12:0 a.m.•50 views

DSA-2626-1 lighttpd - several issues

Bulletin has no description...

9.8CVSS7.4AI score0.87264EPSS
Exploits16
OSV
OSV
•added 2011/01/30 12:0 a.m.•50 views

DSA-2154-1 exim4 - privilege escalation

Bulletin has no description...

7.8CVSS7.4AI score0.17794EPSS
Exploits4
OSV
OSV
•added 2009/08/24 12:0 a.m.•50 views

DSA-1872-1 fai-kernels linux-2.6 user-mode-linux - several vulnerabilities

Bulletin has no description...

7.8CVSS6.9AI score0.08156EPSS
Exploits22
OSV
OSV
•added 2008/10/20 12:0 a.m.•50 views

DSA-1656-1 cupsys - several vulnerabilities

Bulletin has no description...

10CVSS7.6AI score0.24132EPSS
Exploits1
OSV
OSV
•added 2008/02/24 12:0 a.m.•50 views

DSA-1506-1 iceape - several vulnerabilities

Bulletin has no description...

9.3CVSS9.7AI score0.08633EPSS
Exploits6
OSV
OSV
•added 2007/06/07 12:0 a.m.•50 views

DSA-1300-1 iceape

Bulletin has no description...

9.3CVSS8.2AI score0.07831EPSS
Exploits1
OSV
OSV
•added 2006/09/25 12:0 a.m.•50 views

DSA-1184-2 kernel-source-2.6.8 - several vulnerabilities

Bulletin has no description...

7.8CVSS7.6AI score0.20561EPSS
Exploits5
OSV
OSV
•added 2006/09/07 12:0 a.m.•50 views

DSA-1171 ethereal - several

Bulletin has no description...

7.5CVSS7.4AI score0.10826EPSS
Exploits0
OSV
OSV
•added 2006/05/29 12:0 a.m.•50 views

DSA-1082-1 kernel-source-2.4.17 - several vulnerabilities

Bulletin has no description...

10CVSS6.1AI score0.04078EPSS
Exploits8
OSV
OSV
•added 2006/05/20 12:0 a.m.•50 views

DSA-1067-1 kernel-source-2.4.16 - several

Bulletin has no description...

10CVSS6.1AI score0.04078EPSS
Exploits8
OSV
OSV
•added 2026/05/29 12:4 a.m.•49 views

OSV-2026-823 Heap-buffer-overflow in ihevcd_fmt_conv_422sp_to_420p

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517027631 Crash type: Heap-buffer-overflow WRITE 1 Crash state: ihevcdfmtconv422spto420p ihevcdfmtconv ihevcddecode...

5.8AI score
Exploits0References1
OSV
OSV
•added 2026/05/18 8:57 a.m.•49 views

BIT-TOMCAT-2022-25762 Response mix-up with WebSocket concurrent send and close

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling...

8.6CVSS6.7AI score0.07538EPSS
Exploits0References4
OSV
OSV
•added 2025/12/05 10:52 p.m.•49 views

MAL-2025-192349 Malicious code in qt-main (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bd1f92a69928dc8fa2a6a50cfd596c34802bc68fc28dd5dd8508fc24344bbec9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
OSV
OSV
•added 2025/11/20 9:28 p.m.•49 views

GHSA-7MV8-J34Q-VP7Q @anthropic-ai/claude-code has Sed Command Validation Bypass that Allows Arbitrary File Writes

Due to an error in sed command parsing, it was possible to bypass the Claude Code read-only validation and write to arbitrary files on the host system. Users on standard Claude Code auto-update will have received this fix automatically. Users performing manual updates are advised to update to the...

8.7CVSS7.3AI score0.00394EPSS
Exploits0References3
OSV
OSV
•added 2025/11/05 6:31 p.m.•49 views

GHSA-FVFQ-Q238-J7J3 WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks

An XML External Entity XXE vulnerability exists in multiple WSO2 products due to improper configuration of the XML parser. The application parses user-supplied XML without applying sufficient restrictions, allowing resolution of external entities. A successful attack could enable a remote,...

6.5CVSS5.9AI score0.00415EPSS
Exploits0References5
OSV
OSV
•added 2025/10/29 3:38 p.m.•49 views

GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover

Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...

7.3CVSS5.9AI score
Exploits0References2
OSV
OSV
•added 2025/06/01 12:0 a.m.•49 views

ASB-A-383080440

In loadDrawableForCookie of ResourcesImpl.java, there is a possible way to access task snapshots of other apps due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00076EPSS
Exploits0References2
OSV
OSV
•added 2025/06/01 12:0 a.m.•49 views

ASB-A-386802855

In multiple locations, there is a possible way to persistently DoS the device due to a missing length check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.6AI score0.00076EPSS
Exploits0References2
Total number of security vulnerabilities5000