Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/cups@2.4.16-1
Typedeb
Namespacedebian
Namecups
Version2.4.16-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.4.17-1
Latest_non_vulnerable_version2.4.17-1
Affected_by_vulnerabilities
0
url VCID-63fa-a4pr-wqh3
vulnerability_id VCID-63fa-a4pr-wqh3
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34978.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34978
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18102
published_at 2026-04-08T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18317
published_at 2026-04-04T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18019
published_at 2026-04-07T12:55:00Z
3
value 0.00076
scoring_system epss
scoring_elements 0.22692
published_at 2026-04-21T12:55:00Z
4
value 0.00076
scoring_system epss
scoring_elements 0.22765
published_at 2026-04-13T12:55:00Z
5
value 0.00076
scoring_system epss
scoring_elements 0.2278
published_at 2026-04-16T12:55:00Z
6
value 0.00076
scoring_system epss
scoring_elements 0.22733
published_at 2026-04-18T12:55:00Z
7
value 0.00076
scoring_system epss
scoring_elements 0.22838
published_at 2026-04-09T12:55:00Z
8
value 0.00076
scoring_system epss
scoring_elements 0.22859
published_at 2026-04-11T12:55:00Z
9
value 0.00076
scoring_system epss
scoring_elements 0.22822
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34978
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34978
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454957
reference_id 2454957
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454957
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
reference_id GHSA-f53q-7mxp-9gcr
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-06T15:39:23Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-f53q-7mxp-9gcr
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34978
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63fa-a4pr-wqh3
1
url VCID-b1yf-xuc1-ykak
vulnerability_id VCID-b1yf-xuc1-ykak
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39314.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39314
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02171
published_at 2026-04-12T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02187
published_at 2026-04-08T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.02209
published_at 2026-04-09T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02186
published_at 2026-04-11T12:55:00Z
4
value 0.00016
scoring_system epss
scoring_elements 0.03682
published_at 2026-04-21T12:55:00Z
5
value 0.00016
scoring_system epss
scoring_elements 0.03555
published_at 2026-04-18T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04174
published_at 2026-04-16T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04205
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39314
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39314
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184
reference_id 1133184
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133184
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456107
reference_id 2456107
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456107
6
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-39314
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b1yf-xuc1-ykak
2
url VCID-dx89-e1nn-w7gz
vulnerability_id VCID-dx89-e1nn-w7gz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json
reference_id
reference_type
scores
0
value 4.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-39316.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-39316
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03159
published_at 2026-04-08T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03185
published_at 2026-04-09T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03043
published_at 2026-04-21T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03144
published_at 2026-04-11T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03118
published_at 2026-04-12T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02925
published_at 2026-04-18T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05318
published_at 2026-04-13T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05266
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-39316
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39316
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183
reference_id 1133183
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133183
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2456120
reference_id 2456120
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2456120
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg
reference_id GHSA-pjv5-prqp-46rg
reference_type
scores
0
value 4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-09T15:41:44Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-pjv5-prqp-46rg
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-39316
risk_score 1.8
exploitability 0.5
weighted_severity 3.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dx89-e1nn-w7gz
3
url VCID-hc4t-becn-rkcc
vulnerability_id VCID-hc4t-becn-rkcc
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, there is a heap-based buffer overflow in the CUPS scheduler when building filter option strings from job attribute. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34979.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34979
reference_id
reference_type
scores
0
value 0.00039
scoring_system epss
scoring_elements 0.11845
published_at 2026-04-04T12:55:00Z
1
value 0.00039
scoring_system epss
scoring_elements 0.11719
published_at 2026-04-08T12:55:00Z
2
value 0.00039
scoring_system epss
scoring_elements 0.11635
published_at 2026-04-07T12:55:00Z
3
value 0.00051
scoring_system epss
scoring_elements 0.15919
published_at 2026-04-12T12:55:00Z
4
value 0.00051
scoring_system epss
scoring_elements 0.15958
published_at 2026-04-11T12:55:00Z
5
value 0.00051
scoring_system epss
scoring_elements 0.15775
published_at 2026-04-16T12:55:00Z
6
value 0.00051
scoring_system epss
scoring_elements 0.15851
published_at 2026-04-13T12:55:00Z
7
value 0.00051
scoring_system epss
scoring_elements 0.15979
published_at 2026-04-09T12:55:00Z
8
value 0.00052
scoring_system epss
scoring_elements 0.16232
published_at 2026-04-21T12:55:00Z
9
value 0.00052
scoring_system epss
scoring_elements 0.16195
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34979
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34979
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454946
reference_id 2454946
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454946
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh
reference_id GHSA-6qxf-7jx6-86fh
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:19:03Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-6qxf-7jx6-86fh
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34979
risk_score 2.4
exploitability 0.5
weighted_severity 4.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hc4t-becn-rkcc
4
url VCID-r1q4-2dq2-33ca
vulnerability_id VCID-r1q4-2dq2-33ca
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34980.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34980
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05391
published_at 2026-04-21T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08209
published_at 2026-04-18T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11495
published_at 2026-04-08T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.1162
published_at 2026-04-04T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.1141
published_at 2026-04-07T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12462
published_at 2026-04-09T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12431
published_at 2026-04-12T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12391
published_at 2026-04-13T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12291
published_at 2026-04-16T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12469
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34980
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34980
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454954
reference_id 2454954
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454954
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
reference_id GHSA-4852-v58g-6cwf
reference_type
scores
0
value 6.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T13:12:31Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-4852-v58g-6cwf
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34980
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r1q4-2dq2-33ca
5
url VCID-ry9y-z4e4-yfdh
vulnerability_id VCID-ry9y-z4e4-yfdh
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That token is enough to drive /admin/ requests on localhost, and the attacker can combine CUPS-Create-Local-Printer with printer-is-shared=true to persist a file:///... queue even though the normal FileDevice policy rejects such URIs. Printing to that queue gives an arbitrary root file overwrite; the PoC below uses that primitive to drop a sudoers fragment and demonstrate root command execution. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34990.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34990
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01453
published_at 2026-04-08T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01328
published_at 2026-04-18T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01448
published_at 2026-04-07T12:55:00Z
3
value 0.00012
scoring_system epss
scoring_elements 0.01672
published_at 2026-04-21T12:55:00Z
4
value 0.00013
scoring_system epss
scoring_elements 0.02008
published_at 2026-04-13T12:55:00Z
5
value 0.00013
scoring_system epss
scoring_elements 0.01927
published_at 2026-04-04T12:55:00Z
6
value 0.00013
scoring_system epss
scoring_elements 0.01986
published_at 2026-04-16T12:55:00Z
7
value 0.00013
scoring_system epss
scoring_elements 0.02044
published_at 2026-04-09T12:55:00Z
8
value 0.00013
scoring_system epss
scoring_elements 0.02026
published_at 2026-04-11T12:55:00Z
9
value 0.00013
scoring_system epss
scoring_elements 0.02012
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34990
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34990
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454947
reference_id 2454947
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454947
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
reference_id GHSA-c54j-2vqw-wpwp
reference_type
scores
0
value 7.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value 5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:H/SI:H/SA:L
2
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2026-04-06T18:51:42Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-c54j-2vqw-wpwp
7
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-34990
risk_score 3.5
exploitability 0.5
weighted_severity 7.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ry9y-z4e4-yfdh
6
url VCID-vgtp-sjtt-73e9
vulnerability_id VCID-vgtp-sjtt-73e9
summary OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon (cupsd) contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an unprivileged user to gain unauthorized access to restricted operations by using a user with a username that differs only in case from an authorized user. At time of publication, there are no publicly available patches.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27447.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27447
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01562
published_at 2026-04-21T12:55:00Z
1
value 0.00031
scoring_system epss
scoring_elements 0.08917
published_at 2026-04-08T12:55:00Z
2
value 0.00031
scoring_system epss
scoring_elements 0.08839
published_at 2026-04-07T12:55:00Z
3
value 0.00031
scoring_system epss
scoring_elements 0.08908
published_at 2026-04-04T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09815
published_at 2026-04-09T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.09824
published_at 2026-04-11T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.09793
published_at 2026-04-12T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.09776
published_at 2026-04-13T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.0966
published_at 2026-04-16T12:55:00Z
9
value 0.00034
scoring_system epss
scoring_elements 0.09632
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27447
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27447
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
reference_id 1132716
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132716
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2454949
reference_id 2454949
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2454949
6
reference_url https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
reference_id 88516bf6d9e34cef7a64a704b856b837f70cd220
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/
url https://github.com/OpenPrinting/cups/commit/88516bf6d9e34cef7a64a704b856b837f70cd220
7
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
reference_id GHSA-v987-m8hp-phj9
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-06T18:49:46Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-v987-m8hp-phj9
8
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
fixed_packages
0
url pkg:deb/debian/cups@2.4.17-1
purl pkg:deb/debian/cups@2.4.17-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.17-1
aliases CVE-2026-27447
risk_score 2.9
exploitability 0.5
weighted_severity 5.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vgtp-sjtt-73e9
Fixing_vulnerabilities
0
url VCID-jy1y-e1nk-p3b4
vulnerability_id VCID-jy1y-e1nk-p3b4
summary CUPS: Local denial-of-service via cupsd.conf update and related issues
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61915.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61915
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.09817
published_at 2026-04-02T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.09848
published_at 2026-04-21T12:55:00Z
2
value 0.00034
scoring_system epss
scoring_elements 0.09838
published_at 2026-04-08T12:55:00Z
3
value 0.00034
scoring_system epss
scoring_elements 0.09891
published_at 2026-04-09T12:55:00Z
4
value 0.00034
scoring_system epss
scoring_elements 0.09897
published_at 2026-04-11T12:55:00Z
5
value 0.00034
scoring_system epss
scoring_elements 0.0986
published_at 2026-04-12T12:55:00Z
6
value 0.00034
scoring_system epss
scoring_elements 0.09845
published_at 2026-04-13T12:55:00Z
7
value 0.00034
scoring_system epss
scoring_elements 0.09727
published_at 2026-04-16T12:55:00Z
8
value 0.00034
scoring_system epss
scoring_elements 0.09698
published_at 2026-04-18T12:55:00Z
9
value 0.00034
scoring_system epss
scoring_elements 0.09867
published_at 2026-04-04T12:55:00Z
10
value 0.00034
scoring_system epss
scoring_elements 0.09766
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61915
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61915
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2416039
reference_id 2416039
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2416039
5
reference_url https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0
reference_id db8d560262c22a21ee1e55dfd62fa98d9359bcb0
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/
url https://github.com/OpenPrinting/cups/commit/db8d560262c22a21ee1e55dfd62fa98d9359bcb0
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc
reference_id GHSA-hxm8-vfpq-jrfc
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-hxm8-vfpq-jrfc
7
reference_url https://access.redhat.com/errata/RHSA-2026:0312
reference_id RHSA-2026:0312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0312
8
reference_url https://access.redhat.com/errata/RHSA-2026:0464
reference_id RHSA-2026:0464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0464
9
reference_url https://access.redhat.com/errata/RHSA-2026:0596
reference_id RHSA-2026:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0596
10
reference_url https://usn.ubuntu.com/7897-1/
reference_id USN-7897-1
reference_type
scores
url https://usn.ubuntu.com/7897-1/
11
reference_url https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
reference_id v2.4.15
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:52:31Z/
url https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
fixed_packages
0
url pkg:deb/debian/cups@2.4.16-1
purl pkg:deb/debian/cups@2.4.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-r1q4-2dq2-33ca
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1
aliases CVE-2025-61915
risk_score 2.7
exploitability 0.5
weighted_severity 5.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jy1y-e1nk-p3b4
1
url VCID-wr17-e776-bqh1
vulnerability_id VCID-wr17-e776-bqh1
summary cups: Slow client communication leads to a possible DoS attack
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58436.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58436
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08213
published_at 2026-04-02T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08295
published_at 2026-04-21T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08281
published_at 2026-04-08T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08299
published_at 2026-04-09T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.0829
published_at 2026-04-11T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.0827
published_at 2026-04-12T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08252
published_at 2026-04-13T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08144
published_at 2026-04-16T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.0813
published_at 2026-04-18T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08266
published_at 2026-04-04T12:55:00Z
10
value 0.00029
scoring_system epss
scoring_elements 0.08216
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58436
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58436
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2416040
reference_id 2416040
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2416040
5
reference_url https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4
reference_id 40008d76a001babbb9beb9d9d74b01a86fb6ddb4
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/
url https://github.com/OpenPrinting/cups/commit/40008d76a001babbb9beb9d9d74b01a86fb6ddb4
6
reference_url https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr
reference_id GHSA-8wpw-vfgm-qrrr
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/
url https://github.com/OpenPrinting/cups/security/advisories/GHSA-8wpw-vfgm-qrrr
7
reference_url https://access.redhat.com/errata/RHSA-2026:0312
reference_id RHSA-2026:0312
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0312
8
reference_url https://access.redhat.com/errata/RHSA-2026:0464
reference_id RHSA-2026:0464
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0464
9
reference_url https://access.redhat.com/errata/RHSA-2026:0596
reference_id RHSA-2026:0596
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:0596
10
reference_url https://access.redhat.com/errata/RHSA-2026:8814
reference_id RHSA-2026:8814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8814
11
reference_url https://usn.ubuntu.com/7912-1/
reference_id USN-7912-1
reference_type
scores
url https://usn.ubuntu.com/7912-1/
12
reference_url https://usn.ubuntu.com/7912-2/
reference_id USN-7912-2
reference_type
scores
url https://usn.ubuntu.com/7912-2/
13
reference_url https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
reference_id v2.4.15
reference_type
scores
0
value 5.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-03T15:23:36Z/
url https://github.com/OpenPrinting/cups/releases/tag/v2.4.15
fixed_packages
0
url pkg:deb/debian/cups@2.4.16-1
purl pkg:deb/debian/cups@2.4.16-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-63fa-a4pr-wqh3
1
vulnerability VCID-b1yf-xuc1-ykak
2
vulnerability VCID-dx89-e1nn-w7gz
3
vulnerability VCID-hc4t-becn-rkcc
4
vulnerability VCID-r1q4-2dq2-33ca
5
vulnerability VCID-ry9y-z4e4-yfdh
6
vulnerability VCID-vgtp-sjtt-73e9
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1
aliases CVE-2025-58436
risk_score 2.3
exploitability 0.5
weighted_severity 4.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wr17-e776-bqh1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/cups@2.4.16-1