Lucene search
K
OsvMost viewed

907794 matches found

OSV
OSV
added 2008/04/24 12:0 a.m.47 views

DSA-1534-2 iceape - regression

Bulletin has no description...

9.3CVSS9.8AI score0.06055EPSS
Exploits4
OSV
OSV
added 2007/11/27 12:0 a.m.47 views

DSA-1415-1 tk8.4 - buffer overflow

Bulletin has no description...

4.3CVSS9.4AI score0.02643EPSS
Exploits0
OSV
OSV
added 2007/08/31 12:0 a.m.47 views

DSA-1363-1 linux-2.6

Bulletin has no description...

4.7CVSS5.9AI score0.02624EPSS
Exploits0
OSV
OSV
added 2007/05/17 12:0 a.m.47 views

DSA-1294-1 xfree86

Bulletin has no description...

9.3CVSS7.7AI score0.05586EPSS
Exploits0
OSV
OSV
added 2006/11/15 12:0 a.m.47 views

DSA-1212 openssh

Bulletin has no description...

9.3CVSS8.3AI score0.44963EPSS
Exploits8
OSV
OSV
added 2006/10/04 12:0 a.m.47 views

DSA-1189-1 openssh-krb5

Bulletin has no description...

9.3CVSS8.3AI score0.44963EPSS
Exploits8
OSV
OSV
added 2006/04/27 12:0 a.m.47 views

DSA-1046-1 mozilla - several

Bulletin has no description...

10CVSS6.6AI score0.12589EPSS
Exploits5
OSV
OSV
added 2005/09/08 12:0 a.m.47 views

DSA-805-1 apache2 - several

Bulletin has no description...

10CVSS9.6AI score0.30576EPSS
Exploits1
OSV
OSV
added 2004/10/20 12:0 a.m.47 views

DSA-570-1 libpng - integer overflow

Bulletin has no description...

5CVSS6AI score0.062EPSS
Exploits1
OSV
OSV
added 2026/06/01 1:3 p.m.46 views

USN-8352-1 libreoffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

7.8CVSS6.1AI score0.00078EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 10:10 a.m.46 views

RHSA-2026:19225 Red Hat Security Advisory: kernel security update

Bulletin has no description...

7.8CVSS5.9AI score0.96267EPSS
Exploits255References33
OSV
OSV
added 2026/04/21 3:20 p.m.46 views

GHSA-665X-PPC4-685W OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure

Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...

5.4CVSS5.7AI score0.00176EPSS
Exploits1References5
OSV
OSV
added 2026/04/04 10:1 a.m.46 views

RHSA-2023:5809 Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.2.2 Product Security and Bug Fix Update

Bulletin has no description...

7.5CVSS8.5AI score0.99999EPSS
Exploits19References12
OSV
OSV
added 2026/01/28 9:9 p.m.46 views

PYSEC-2026-1 A single post-release of dydx-v4-client contained obfuscated multi-stage loader

A PyPI user account compromised by an attacker and was able to upload a malicious version 1.1.5.post1 of the dydx-v4-client package. This version contains a highly obfuscated multi-stage loader that ultimately executes malicious code on the host system. While the final payload is not visible...

5.8AI score
Exploits0References1
OSV
OSV
added 2025/12/18 6:30 p.m.46 views

GHSA-F6MR-38G8-39RG Ollama Platform has missing authentication enabling attackers to perform model management operations

A critical authentication bypass vulnerability exists in Ollama platform's API endpoints in versions prior to and including v0.12.3. The platform exposes multiple API endpoints without requiring authentication, enabling remote attackers to perform unauthorized model management operations...

9.3CVSS7.2AI score0.00632EPSS
Exploits0References4
OSV
OSV
added 2025/10/23 4:25 p.m.46 views

GO-2025-3997 github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain

github.com/MANTRA-Chain/mantrachain/x/tokenfactory tx gas limit is not enforced in send hooks in github.com/MANTRA-Chain/mantrachain...

8.8CVSS7AI score0.00312EPSS
Exploits0References4
OSV
OSV
added 2025/07/31 2:34 p.m.46 views

PYSEC-2025-72 After a successful phishing attack, new versions of `num2words` were published containing malware.

The num2words project was compromised via a phishing attack and two new versions were uploaded to PyPI containing malicious code. The affected versions have been removed from PyPI, and users are advised to remove the affected versions from their environments...

7.1AI score
Exploits0References2
OSV
OSV
added 2025/06/01 12:0 a.m.46 views

ASB-A-388828859

In offerNetwork of ConnectivityService.java, there is a possible leak of sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score0.00074EPSS
Exploits0References2
OSV
OSV
added 2025/03/12 6:17 p.m.46 views

GO-2025-3503 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

4.4CVSS6.2AI score0.00384EPSS
Exploits2References3
OSV
OSV
added 2025/02/11 4:15 p.m.46 views

CVE-2024-12797

Issue summary: Clients using RFC7250 Raw Public Keys RPKs to authenticate a server may fail to notice that the server was not authenticated, because handshakes don't abort as expected when the SSLVERIFYPEER verification mode is set. Impact summary: TLS and DTLS connections using raw public keys m...

6.3CVSS4.4AI score
Exploits0References7
OSV
OSV
added 2024/12/16 1:56 p.m.46 views

BIT-NODE-MIN-2023-46809

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/hkario/marvin/, if PCKS 1 v1.5 padding is allowed when performing RSA descryption using a privat...

7.4CVSS6.6AI score0.01302EPSS
Exploits0References4
OSV
OSV
added 2024/11/17 12:30 p.m.46 views

GHSA-HVW5-3MGW-7RCF Debezium database connector has a script injection vulnerability

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data...

5.9CVSS5.6AI score0.0038EPSS
Exploits0References5
OSV
OSV
added 2024/10/22 6:15 p.m.46 views

GHSA-3VPC-4P9P-47HC curl_cffi bundles a version of libcurl affected by High Severity vulnerability

Summary curlcffi is potentially affected by High Severity vulnerability CVE-2023-38545 in libcurl=8.5, which is not affected by this issue...

9.1AI score
Exploits0References3
OSV
OSV
added 2024/10/22 4:3 a.m.46 views

RHSA-2024:0894 Red Hat Security Advisory: mysql:8.0 security update

Bulletin has no description...

7.5CVSS5.9AI score0.01782EPSS
Exploits0References355
OSV
OSV
added 2024/10/22 1:46 a.m.46 views

RHSA-2023:5849 Red Hat Security Advisory: nodejs:18 security update

Bulletin has no description...

7.5CVSS8.1AI score0.99999EPSS
Exploits19References26
OSV
OSV
added 2024/10/07 7:51 p.m.46 views

CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis

Redis is an open source, in-memory database that persists on disk. Authenticated users can trigger a denial-of-service by using specially crafted, long string match patterns on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST and ACL definitions. Matching of extremel...

5.5CVSS4.7AI score0.01009EPSS
Exploits0References5
OSV
OSV
added 2024/10/04 4:38 p.m.46 views

BIT-PYTHON-2022-45061

An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often...

7.5CVSS7.8AI score0.02453EPSS
Exploits1References38
OSV
OSV
added 2024/09/24 2:26 p.m.46 views

RHSA-2024:4352 Red Hat Security Advisory: kernel-rt security and bug fix update

Bulletin has no description...

7CVSS7.9AI score0.01401EPSS
Exploits1References295
OSV
OSV
added 2024/09/16 6:30 a.m.46 views

RHSA-2022:1988 Red Hat Security Advisory: kernel security, bug fix, and enhancement update

Bulletin has no description...

8.2CVSS7.7AI score0.06846EPSS
Exploits14References366
OSV
OSV
added 2024/09/15 11:51 p.m.46 views

RHSA-2018:0479 Red Hat Security Advisory: JBoss Enterprise Application Platform 7.1.1 on RHEL 6

Bulletin has no description...

8.6CVSS7.9AI score0.49727EPSS
Exploits3References38
OSV
OSV
added 2024/09/13 7:52 p.m.46 views

RHSA-2019:2343 Red Hat Security Advisory: httpd security and bug fix update

Bulletin has no description...

7.1CVSS6.7AI score0.1786EPSS
Exploits0References14
OSV
OSV
added 2024/09/13 4:50 p.m.46 views

RHSA-2018:0275 Red Hat Security Advisory: jboss-ec2-eap security, bug fix, and enhancement update

Bulletin has no description...

8.1CVSS6.9AI score0.99988EPSS
Exploits28References19
OSV
OSV
added 2024/09/13 4:50 p.m.46 views

RHSA-2018:0268 Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.19 security update

Bulletin has no description...

8.1CVSS6.9AI score0.99988EPSS
Exploits28References20
OSV
OSV
added 2024/09/13 9:19 a.m.46 views

RHSA-2014:1765 Red Hat Security Advisory: php54-php security update

Bulletin has no description...

7.5CVSS7.7AI score0.30128EPSS
Exploits16References103
OSV
OSV
added 2024/08/30 5:18 p.m.46 views

GO-2024-3088 memos CORS Misconfiguration in server.go (GHSL-2024-034) in github.com/usememos/memos

memos CORS Misconfiguration in server.go GHSL-2024-034 in github.com/usememos/memos...

8.1CVSS8AI score0.00607EPSS
Exploits1References5
OSV
OSV
added 2024/08/21 4:3 p.m.46 views

GO-2022-1218 usememos/memos Improper Access Control vulnerability in github.com/usememos/memos

usememos/memos Improper Access Control vulnerability in github.com/usememos/memos...

8.8CVSS8.7AI score0.00607EPSS
Exploits1References4
OSV
OSV
added 2024/08/21 4:3 p.m.46 views

GO-2022-1200 Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go

Elrond-GO processing: fallback search of SCRs when not found in the main cache in github.com/ElrondNetwork/elrond-go...

7.2CVSS6.6AI score0.00724EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 4:3 p.m.46 views

GO-2022-1100 Vela Insecure Defaults in github.com/go-vela/server

Vela Insecure Defaults in github.com/go-vela/server...

9.9CVSS9.4AI score0.01067EPSS
Exploits0References11
OSV
OSV
added 2024/08/21 4:3 p.m.46 views

GO-2022-1099 OpenFGA Authorization Bypass in github.com/openfga/openfga

OpenFGA Authorization Bypass in github.com/openfga/openfga...

9.8CVSS9.4AI score0.0042EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 3:28 p.m.46 views

GO-2022-0781 Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) in github.com/goharbor/harbor

Harbor is vulnerable to a limited Server-Side Request Forgery SSRF CVE-2020-13788 in github.com/goharbor/harbor...

4.3CVSS4.4AI score0.01278EPSS
Exploits1References4
OSV
OSV
added 2024/08/21 3:11 p.m.46 views

GO-2022-0500 CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge

CloudCore UDS Server: Malicious Message can crash CloudCore in github.com/kubeedge/kubeedge...

5.7CVSS5.5AI score0.00614EPSS
Exploits1References3
OSV
OSV
added 2024/08/06 10:40 p.m.46 views

GO-2024-3049 memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos

memos vulnerable to Server-Side Request Forgery and Cross-site Scripting in github.com/usememos/memos...

6.1CVSS6.1AI score0.0108EPSS
Exploits1References5
OSV
OSV
added 2024/07/22 6:24 p.m.46 views

GO-2024-2987 Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper

Skupper uses a static cookie secret for the openshift oauth-proxy in github.com/skupperproject/skupper...

5.3CVSS5.4AI score0.00528EPSS
Exploits0References7
OSV
OSV
added 2024/07/01 7:15 p.m.46 views

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new...

7.5CVSS8.3AI score
Exploits0References3
OSV
OSV
added 2024/06/25 12:35 p.m.46 views

MAL-2024-2074 Malicious code in demon-slayer-kimetsu-no-yaiba-to-the-swordsmith-village-online-movie-free-on-123movies (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
OSV
OSV
added 2024/06/15 12:0 a.m.46 views

OPENSUSE-SU-2024:13707-1 dnsmasq-2.90-1.1 on GA media

These are all security issues fixed in the dnsmasq-2.90-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS8.4AI score0.99995EPSS
Exploits0References1
OSV
OSV
added 2024/06/05 3:10 p.m.46 views

GO-2024-2798 Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server

Mattermost fails to limit the number of active sessions in github.com/mattermost/mattermost-server...

6.5CVSS4.4AI score0.00611EPSS
Exploits0References7
OSV
OSV
added 2024/06/05 3:10 p.m.46 views

GO-2024-2764 Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher

Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them in github.com/rancher/rancher...

9CVSS8AI score0.01799EPSS
Exploits0References7
OSV
OSV
added 2024/06/05 3:10 p.m.46 views

GO-2024-2866 Submariner Operator sets unnecessary RBAC permissions in helm charts in github.com/submariner-io/submariner-operator

Submariner Operator sets unnecessary RBAC permissions in helm charts in github.com/submariner-io/submariner-operator...

6.6CVSS6.6AI score0.00504EPSS
Exploits0References8
OSV
OSV
added 2024/06/04 9:50 a.m.46 views

BIT-NGINX-2024-24990 NGINX HTTP/3 QUIC vulnerability

When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3...

7.5CVSS7.5AI score0.00914EPSS
Exploits0References3
Total number of security vulnerabilities5000