Lucene search
K
OsvMost viewed

908463 matches found

OSV
OSV
added 2006/05/20 12:0 a.m.51 views

DSA-1069-1 kernel-source-2.4.18 - several

Bulletin has no description...

10CVSS6.1AI score0.04078EPSS
Exploits8
OSV
OSV
added 2005/09/19 12:0 a.m.51 views

DSA-816-1 xfree86 - integer overflow

Bulletin has no description...

5.1CVSS6.2AI score0.03923EPSS
Exploits0
OSV
OSV
added 2005/02/04 12:0 a.m.51 views

DSA-667-1 squid - several

Bulletin has no description...

10CVSS6AI score0.40977EPSS
Exploits0
OSV
OSV
added 2025/10/29 3:38 p.m.50 views

GHSA-C2JP-C369-7PVX FastMCP Auth Integration Allows for Confused Deputy Account Takeover

Summary FastMCP documentation covers the scenario where it is possible to use Entra ID or other providers for authentication. In this context, because Entra ID does not support Dynamic Client Registration DCR, the FastMCP-hosted MCP server is acting as the authorization provider, as declared in t...

7.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2025/09/16 9:20 a.m.50 views

CGA-8X4G-GPPR-MXJC

Bulletin has no description...

6.9CVSS7AI score0.00362EPSS
Exploits0
OSV
OSV
added 2025/07/17 8:9 a.m.50 views

BIT-TOMCAT-2024-23672 Apache Tomcat: WebSocket DoS with incomplete closing handshake

Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0 through 11.0.0, from 10.1.0 through 10.1.18, from 9.0.0 through...

6.3CVSS6.6AI score0.02313EPSS
Exploits0References7
OSV
OSV
added 2025/06/01 12:0 a.m.50 views

ASB-A-387498139

In multiple locations, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6.6AI score0.00076EPSS
Exploits0References2
OSV
OSV
added 2025/06/01 12:0 a.m.50 views

ASB-A-388828203

In multiple functions of LocationProviderManager.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2025/03/21 9:42 p.m.50 views

CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.5AI score0.00693EPSS
Exploits0References6
OSV
OSV
added 2024/10/02 12:13 a.m.50 views

RHSA-2023:1325 Red Hat Security Advisory: OpenShift Container Platform 4.13.0 security update

Bulletin has no description...

8.2CVSS8.6AI score0.05623EPSS
Exploits1References84
OSV
OSV
added 2024/10/01 5:13 p.m.50 views

RHSA-2019:4126 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update

Bulletin has no description...

7.1CVSS7AI score0.81466EPSS
Exploits4References36
OSV
OSV
added 2024/09/30 2:43 p.m.50 views

RHSA-2023:1744 Red Hat Security Advisory: rh-nodejs14-nodejs security, bug fix, and enhancement update

Bulletin has no description...

8.6CVSS7AI score0.24928EPSS
Exploits3References27
OSV
OSV
added 2024/09/16 2:9 a.m.50 views

RHBA-2019:0326 Red Hat Bug Fix Advisory: OpenShift Container Platform 3.11 bug fix update

Bulletin has no description...

8.8CVSS6.4AI score0.98428EPSS
Exploits17References106
OSV
OSV
added 2024/08/21 4:4 p.m.50 views

GO-2022-1259 usememos/memos Improper Authorization vulnerability in github.com/usememos/memos

usememos/memos Improper Authorization vulnerability in github.com/usememos/memos...

8.3CVSS6.1AI score0.00564EPSS
Exploits1References4
OSV
OSV
added 2024/08/21 4:3 p.m.50 views

GO-2022-0964 SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo

SFTPGo vulnerable to recovery codes abuse in github.com/drakkan/sftpgo...

8.3CVSS8AI score0.00438EPSS
Exploits1References3
OSV
OSV
added 2024/08/20 8:26 p.m.50 views

GO-2023-1542 Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following in github.com/pterodactyl/wings

Pterodactyl Wings contains UNIX Symbolic Link Symlink Following in github.com/pterodactyl/wings...

8.8CVSS8.3AI score0.00682EPSS
Exploits0References5
OSV
OSV
added 2024/08/08 12:0 a.m.50 views

DSA-5742-1 odoo - security update

Bulletin has no description...

8.8CVSS8.4AI score0.72648EPSS
Exploits15
OSV
OSV
added 2024/07/02 12:0 a.m.50 views

ALSA-2024:4211 Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth BR/EDR PIN Pairing procedure is vulnerable to an impersonation attack CVE-2020-26555 kernel:TCP-spoofed ghost ACKs and leak leak initial sequence number...

9.1CVSS7.8AI score0.01401EPSS
Exploits1References124
OSV
OSV
added 2024/06/25 1:7 p.m.50 views

MAL-2024-3288 Malicious code in updated-tricks-roblox-robux-generator-2023-de-asw3er2 (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2024/06/05 3:11 p.m.50 views

GO-2024-2775 IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax

IBAX go-ibax vulnerable to SQL injection in github.com/IBAX-io/go-ibax...

8.8CVSS9AI score0.30082EPSS
Exploits0References5
OSV
OSV
added 2024/06/04 3:19 p.m.50 views

GO-2024-2636 1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel

1Panel is vulnerable to command injection in github.com/1Panel-dev/1Panel...

9.8CVSS8AI score0.03044EPSS
Exploits1References7
OSV
OSV
added 2024/06/02 12:0 a.m.50 views

DSA-5703-1 linux - security update

Bulletin has no description...

9.8CVSS7.8AI score0.01305EPSS
Exploits2
OSV
OSV
added 2024/06/01 12:0 a.m.50 views

ASB-A-321941232

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2024/05/24 8:44 p.m.50 views

CVE-2024-35232 github.com/huandu/facebook may expose access_token in error message

github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. accesstoken can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2...

3.7CVSS4.8AI score0.00504EPSS
Exploits0References7
OSV
OSV
added 2024/05/23 12:0 a.m.50 views

ALSA-2024:3345 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.105 and .NET Runtime 8.0.5...

6.3CVSS6.4AI score0.01688EPSS
Exploits0References6
OSV
OSV
added 2024/05/10 2:32 p.m.50 views

RLSA-2024:2562 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...

7.5CVSS8.2AI score0.91969EPSS
Exploits1References8
OSV
OSV
added 2024/03/15 7:53 p.m.50 views

GHSA-MP76-7W5V-PR75 TurboBoost Commands vulnerable to arbitrary method invocation

Impact TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted dependi...

8.1CVSS8.1AI score0.00796EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:8 a.m.50 views

BIT-WORDPRESS-2023-5561 WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS5.4AI score0.03862EPSS
Exploits4References4
OSV
OSV
added 2024/03/06 11:6 a.m.50 views

BIT-POSTGRESQL-2020-25695

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS7.3AI score0.4644EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:5 a.m.50 views

BIT-POSTGRESQL-2021-23214

When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption...

8.1CVSS7.9AI score0.01901EPSS
Exploits0References6
OSV
OSV
added 2024/03/06 11:2 a.m.50 views

BIT-POSTGRESQL-2024-0985 PostgreSQL non-owner REFRESH MATERIALIZED VIEW CONCURRENTLY executes arbitrary SQL

Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The...

8CVSS8.6AI score0.01465EPSS
Exploits0References5
OSV
OSV
added 2024/03/06 10:52 a.m.50 views

BIT-GIT-2020-5260 malicious URLs may cause Git to present stored credentials to the wrong server

Affected versions of Git have a vulnerability whereby Git can be tricked into sending private credentials to a host controlled by an attacker. Git uses external "credential helper" programs to store and retrieve passwords or other credentials from secure storage provided by the operating system...

9.3CVSS7.3AI score0.10047EPSS
Exploits2References20
OSV
OSV
added 2024/03/06 10:51 a.m.50 views

BIT-DJANGO-2023-43665

In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars and words methods when used with html=True are subject to a potential DoS denial of service attack via certain inputs with very long, potentially malformed HTML text. The chars and words...

7.5CVSS6.6AI score0.01236EPSS
Exploits0References9
OSV
OSV
added 2024/02/03 12:47 a.m.50 views

GHSA-VH55-786G-WJWJ .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NE...

5.9CVSS5.7AI score0.0192EPSS
Exploits0References6
OSV
OSV
added 2024/02/01 12:0 a.m.50 views

ALSA-2024:0647 Moderate: rpm security update

The RPM Package Manager RPM is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Security Fixes: rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls...

6.7CVSS7.4AI score0.00491EPSS
Exploits3References8
OSV
OSV
added 2024/01/30 12:0 a.m.50 views

ALSA-2024:0606 Moderate: openssh security update

OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server. Security Fixes: ssh: Prefix truncation attack on Binary Packet Protocol BPP CVE-2023-48795 openssh: potential...

6.5CVSS7.3AI score0.9378EPSS
Exploits12References6
OSV
OSV
added 2024/01/26 5:15 p.m.50 views

PYSEC-2024-21

A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...

8.8CVSS6.9AI score0.00668EPSS
Exploits0References4
OSV
OSV
added 2024/01/25 12:0 a.m.50 views

ALSA-2024:0474 Moderate: tomcat security update

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Open Redirect vulnerability in FORM authentication CVE-2023-41080 tomcat: FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 tomcat: improper...

6.1CVSS6.7AI score0.05972EPSS
Exploits2References10
OSV
OSV
added 2023/12/22 8:36 p.m.50 views

CVE-2023-50730 Grackle has StackOverflowError in GraphQL query processing

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. The GraphQL specification requires that GraphQL fragments must not form cycles, either directly or indirectly. Prior to Grackle version 0.18.0, that requirement wasn't checked, and queries with cyclic fragments...

7.5CVSS7.8AI score0.00827EPSS
Exploits0References5
OSV
OSV
added 2023/12/18 7:15 p.m.50 views

CVE-2023-51384

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS11-hosted private keys, these constraints are only applied to the first key, even if a PKCS11 token returns multiple keys...

5.5CVSS5.4AI score
Exploits0References7
OSV
OSV
added 2023/12/14 5:15 a.m.50 views

CVE-2023-49935

An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can reuse root-level authentication tokens during interaction with the slurmd process. This bypasses the RPC message hashes that protect agains...

8.8CVSS6.9AI score
Exploits0References6
OSV
OSV
added 2023/12/01 12:0 a.m.50 views

ASB-A-268724205

In OpRecordAudioMonitor::onFirstRef of AudioRecordClient.cpp, there is a possible way to record audio from the background due to a missing flag. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00197EPSS
Exploits0References5
OSV
OSV
added 2023/11/17 9:38 p.m.50 views

GHSA-RQ42-58QF-V3QX LibreNMS vulnerable to rate limiting bypass on login page

Summary Application is using two login methods and one of them is using GET request for authentication. There is no rate limiting security feature at GET request or backend is not validating that. PoC Go to /?username=admin&password=password&submit= Capture request in Burpsuite intruder and add...

5.3CVSS6.5AI score0.00599EPSS
Exploits1References6
OSV
OSV
added 2023/11/09 9:30 p.m.50 views

GHSA-5CVX-CWPX-9RJH Moodle Code Injection vulnerability

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could utilise a local file include to achieve remote code execution...

6.5CVSS8.1AI score0.0137EPSS
Exploits0References6
OSV
OSV
added 2023/11/07 12:0 a.m.50 views

ALSA-2023:6474 Moderate: podman security, bug fix, and enhancement update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http...

9.8CVSS8.2AI score0.04561EPSS
Exploits1References28
OSV
OSV
added 2023/11/06 7:32 a.m.50 views

BIT-2020-2574

Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior, 5.7.28 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise...

5.9CVSS5.9AI score0.03485EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2023/11/01 12:0 a.m.50 views

ASB-A-274006187

Bulletin has no description...

5.5CVSS7.2AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2023/10/24 6:19 p.m.50 views

BIT-2023-42497

Reflected cross-site scripting XSS vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to inject arbitrary web script or HTML via the...

9.6CVSS5.7AI score0.0046EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/23 6:17 a.m.50 views

BIT-2023-43814

Discourse is an open source platform for community discussion. Attackers with details specific to a poll in a topic can use the /polls/groupedpollresults endpoint to view the content of options in the poll and the number of votes for groups of poll participants. This impacts private polls where t...

3.7CVSS6.7AI score0.00314EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/10/23 12:0 a.m.50 views

ALSA-2023:5989 Important: varnish security update

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fixes: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack Rap...

7.5CVSS8.3AI score0.99999EPSS
Exploits19References4
Total number of security vulnerabilities5000