Lucene search
K
OsvMost viewed

907645 matches found

OSV
OSV
added 2009/07/12 12:0 a.m.48 views

DSA-1830-1 icedove - several vulnerabilities

Bulletin has no description...

10CVSS7.1AI score0.09282EPSS
Exploits10
OSV
OSV
added 2009/03/22 12:0 a.m.48 views

DSA-1751-1 xulrunner - several vulnerabilities

Bulletin has no description...

10CVSS9.6AI score0.05789EPSS
Exploits1
OSV
OSV
added 2008/05/05 12:0 a.m.48 views

DSA-1568-1 b2evolution - cross site scripting

Bulletin has no description...

4.3CVSS6.4AI score0.01291EPSS
Exploits0
OSV
OSV
added 2008/02/22 12:0 a.m.48 views

DSA-1504-1 kernel-image-2.6.8 - several issues

Bulletin has no description...

7.8CVSS6.8AI score0.02589EPSS
Exploits8
OSV
OSV
added 2008/01/29 12:0 a.m.48 views

DSA-1479-1 linux-2.6

Bulletin has no description...

7.2CVSS5.9AI score0.00881EPSS
Exploits5
OSV
OSV
added 2007/11/09 12:0 a.m.48 views

DSA-1406-1 horde3 - several vulnerabilities

Bulletin has no description...

6.8CVSS6AI score0.05154EPSS
Exploits2
OSV
OSV
added 2007/08/26 12:0 a.m.48 views

DSA-1358-1 asterisk

Bulletin has no description...

10CVSS7.4AI score0.3152EPSS
Exploits3
OSV
OSV
added 2006/07/18 12:0 a.m.48 views

DSA-1112 mysql-dfsg-4.1 - several vulnerabilities

Bulletin has no description...

4CVSS7.9AI score0.26815EPSS
Exploits1
OSV
OSV
added 2006/03/24 12:0 a.m.48 views

DSA-1018-1 kernel-source-2.4.27 - several

Bulletin has no description...

7.8CVSS5.6AI score0.05357EPSS
Exploits11
OSV
OSV
added 2026/06/04 10:8 a.m.47 views

RHSA-2026:22721 Red Hat Security Advisory: expat security update

Bulletin has no description...

7.5CVSS5.7AI score0.00428EPSS
Exploits1References8
OSV
OSV
added 2025/06/01 12:0 a.m.47 views

ASB-A-373467684

In createIntentsList of PackageParser.java , there is a possible way to bypass lazy bundle hardening, allowing modified data to be passed to the next process due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User...

7.8CVSS7AI score0.00092EPSS
Exploits0References2
OSV
OSV
added 2025/06/01 12:0 a.m.47 views

ASB-A-309407957

In writeToParcel of CursorWindow.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score0.00079EPSS
Exploits0References2
OSV
OSV
added 2025/06/01 12:0 a.m.47 views

ASB-A-370477460

In CredentialManagerServiceStub of CredentialManagerService.java, there is a possible way to retrieve candidate credentials due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS6.1AI score0.00074EPSS
Exploits0References2
OSV
OSV
added 2025/06/01 12:0 a.m.47 views

ASB-A-331730488

In onInputEvent of IInputMethodSessionWrapper.java, there is a possible way for an untrusted app to inject key and motion events to the default IME due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...

7.8CVSS7AI score0.00076EPSS
Exploits0References2
OSV
OSV
added 2025/04/11 5:58 a.m.47 views

BELL-CVE-2025-32728

Bulletin has no description...

3.8CVSS5.5AI score0.0016EPSS
Exploits0References1
OSV
OSV
added 2025/03/20 12:32 p.m.47 views

GHSA-QCCG-9M4Q-XFM6 DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /api/v1/editor/sql/run allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the...

9.1CVSS9.7AI score0.01083EPSS
Exploits2References5
OSV
OSV
added 2025/02/19 5:57 a.m.47 views

BELL-CVE-2025-26465

Bulletin has no description...

6.8CVSS7.2AI score0.06997EPSS
Exploits4References1
OSV
OSV
added 2025/02/11 7:10 a.m.47 views

BIT-GITLAB-2025-1072 Allocation of Resources Without Limits or Throttling in GitLab

A Denial of Service DoS issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content using the Fogbugz importer...

6.5CVSS6AI score0.00496EPSS
Exploits0References4
OSV
OSV
added 2025/01/29 4:11 p.m.47 views

SUSE-SU-2025:0289-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52489: mm/sparsemem: fix race in accessing memorysection-usage bsc1221326. - CVE-2024-26596: net: dsa: fix netdevpriv dereference...

9.8CVSS8.2AI score0.03558EPSS
Exploits3References806
OSV
OSV
added 2024/10/28 3:20 p.m.47 views

GO-2024-3215 Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana

Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

9.9CVSS8.7AI score0.97781EPSS
Exploits10References5
OSV
OSV
added 2024/09/15 8:47 p.m.47 views

RHSA-2013:0770 Red Hat Security Advisory: java-1.6.0-openjdk security update

Bulletin has no description...

10CVSS7.4AI score0.86963EPSS
Exploits15References84
OSV
OSV
added 2024/09/13 11:27 p.m.47 views

RHSA-2023:2951 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

7.8CVSS7.8AI score0.03763EPSS
Exploits17References1006
OSV
OSV
added 2024/09/13 10:2 p.m.47 views

RHSA-2019:3299 Red Hat Security Advisory: rh-php72-php security update

Bulletin has no description...

8.1CVSS7.9AI score0.9947EPSS
Exploits76References89
OSV
OSV
added 2024/09/13 9:58 p.m.47 views

RHSA-2017:1161 Red Hat Security Advisory: httpd24-httpd security, bug fix, and enhancement update

Bulletin has no description...

7.5CVSS6.8AI score0.7907EPSS
Exploits8References39
OSV
OSV
added 2024/09/13 9:19 p.m.47 views

RHSA-2024:0554 Red Hat Security Advisory: kpatch-patch security update

Bulletin has no description...

8.8CVSS7AI score0.09141EPSS
Exploits3References43
OSV
OSV
added 2024/09/12 4:56 p.m.47 views

CVE-2024-5435 Generation of Error Message Containing Sensitive Information in GitLab

An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirror configuration...

4.5CVSS6.6AI score0.0043EPSS
Exploits0References6
OSV
OSV
added 2024/08/30 3:15 a.m.47 views

CVE-2024-45490

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XMLParseBuffer...

7.5CVSS6.7AI score
Exploits0References9
OSV
OSV
added 2024/08/21 4:4 p.m.47 views

GO-2022-1248 usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos

usememos/memos vulnerable to Improper Authorization in github.com/usememos/memos...

9.1CVSS5.3AI score0.00568EPSS
Exploits1References4
OSV
OSV
added 2024/08/20 8:26 p.m.47 views

GO-2023-1552 Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer

Answer has Cross-site Scripting vulnerability in github.com/answerdev/answer...

9CVSS8.8AI score0.00871EPSS
Exploits1References4
OSV
OSV
added 2024/07/23 7:16 a.m.47 views

BIT-APACHE-2024-40898 Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

SSRF in Apache HTTP Server on Windows with modrewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue...

9.1CVSS7.3AI score0.01536EPSS
Exploits5References4
OSV
OSV
added 2024/07/11 12:0 a.m.47 views

DSA-5729-1 apache2 - security update

Bulletin has no description...

9.8CVSS7.5AI score0.99957EPSS
Exploits2
OSV
OSV
added 2024/07/01 12:0 a.m.47 views

ASB-A-317048338

In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

7.8CVSS7.8AI score0.00115EPSS
Exploits1References2
OSV
OSV
added 2024/06/14 1:41 p.m.47 views

GO-2024-2903 Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos

Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos...

7.5CVSS7.4AI score0.00618EPSS
Exploits1References3
OSV
OSV
added 2024/06/11 10:56 a.m.47 views

SUSE-SU-2024:1983-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26921: Preserve kabi for skbuff bsc1223138. - CVE-2022-48686: Fix UAF when detecting digest errors bsc1223948. - CVE-2021-47074: Fixed memory leak in...

9.8CVSS8AI score0.01358EPSS
Exploits6References425
OSV
OSV
added 2024/06/06 12:28 p.m.47 views

CGA-PM7P-QWHH-C8X2

Bulletin has no description...

7.5CVSS8.3AI score0.91969EPSS
Exploits1
OSV
OSV
added 2024/06/05 12:0 a.m.47 views

ALSA-2024:3618 Moderate: kernel update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Marvin vulnerability side-channel leakage in the RSA decryption operation CVE-2023-6240 kernel: Information disclosure in vhost/vhost.c:vhostnewmsg CVE-2024-0340 kernel: untrusted VMM can...

8.8CVSS7.3AI score0.00969EPSS
Exploits0References116
OSV
OSV
added 2024/06/04 3:19 p.m.47 views

GO-2024-2641 Insecure Variable Substitution in Vela in github.com/go-vela/worker

Insecure Variable Substitution in Vela in github.com/go-vela/worker...

7.7CVSS6.7AI score0.00716EPSS
Exploits0References3
OSV
OSV
added 2024/06/02 10:30 p.m.47 views

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

8.1CVSS8.3AI score0.7939EPSS
Exploits1References9
OSV
OSV
added 2024/05/27 4:11 p.m.47 views

CVE-2024-35219 OpenAPI Generator Online - Arbitrary File Read/Delete

OpenAPI Generator allows generation of API client libraries SDK generation, server stubs, documentation and configuration automatically given an OpenAPI Spec. Prior to version 7.6.0, attackers can exploit a path traversal vulnerability to read and delete files and folders from an arbitrary,...

8.3CVSS7.9AI score0.03592EPSS
Exploits0References5
OSV
OSV
added 2024/05/24 12:0 a.m.47 views

DLA-3818-1 apache2 - security update

Bulletin has no description...

7.5CVSS6.8AI score0.91327EPSS
Exploits3
OSV
OSV
added 2024/05/23 12:0 a.m.47 views

ALSA-2024:3339 Important: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc: Ou...

8.1CVSS7.7AI score0.8833EPSS
Exploits16References12
OSV
OSV
added 2024/05/10 2:32 p.m.47 views

RLSA-2024:2562 Important: golang security update

The golang packages provide the Go programming language compiler. Security Fixes: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads CVE-2024-1394 golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 golang: net/http/cookiejar: incorrect...

7.5CVSS8.2AI score0.91969EPSS
Exploits1References8
OSV
OSV
added 2024/05/10 2:32 p.m.47 views

RLSA-2024:2551 Important: bind security update

The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...

7.5CVSS7.4AI score0.99995EPSS
Exploits1References7
OSV
OSV
added 2024/05/08 2:16 p.m.47 views

CVE-2024-34347 @hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE

@hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.js vm module. However, the vm module is not safe for sandboxing untrusted Javascript code. This is because code inside th...

8.3CVSS8AI score0.00611EPSS
Exploits0References5
OSV
OSV
added 2024/05/03 5:51 p.m.47 views

CVE-2024-34075 kurwov vulnerable to Denial of Service due to improper data sanitization

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the MarkovDatagetNext method used in Markovgenerate and Markovchoose allows a maliciously crafted string on the dataset to throw and stop the function from running properly. If a...

6.2CVSS6.3AI score0.00299EPSS
Exploits0References5
OSV
OSV
added 2024/04/30 12:0 a.m.47 views

ALSA-2024:2348 Moderate: python-jinja2 security update

The python-jinja2 package contains Jinja2, a template engine written in pure Python. Jinja2 provides a Django inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. Security Fixes: jinja2: HTML attribute injection when passing user input as keys to xmlattr...

6.1CVSS6.8AI score0.00892EPSS
Exploits0References4
OSV
OSV
added 2024/04/18 12:0 a.m.47 views

ALSA-2024:1872 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: CONTINUATION frames DoS CVE-2024-27316 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...

7.5CVSS7AI score0.91327EPSS
Exploits2References4
OSV
OSV
added 2024/04/06 12:0 a.m.47 views

DLA-3779-1 tomcat9 - security update

Bulletin has no description...

7.5CVSS7.2AI score0.23072EPSS
Exploits1
OSV
OSV
added 2024/03/19 4:15 p.m.47 views

CVE-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

7.8CVSS6.3AI score
Exploits0References14
OSV
OSV
added 2024/03/14 5:15 p.m.47 views

CVE-2023-28746

Information exposure through microarchitectural state after transient execution from some register files for some IntelR AtomR Processors may allow an authenticated user to potentially enable information disclosure via local access...

6.5AI score
Exploits0References8
Total number of security vulnerabilities5000