Lucene search
+L

5135867 matches found

redhatcve
redhatcve
added 10 minutes ago0 views

CVE-2026-33382

A flaw in Grafana's API endpoints allows remote attackers to send excessively large request bodies without authentication. This exhausts server memory, resulting in a complete denial of service DoS. Mitigation Deploy a reverse proxy or API gateway e.g., Nginx in front of Grafana configured to...

7.5CVSS0.0038EPSS
Exploits0References4
nvd
nvd
added 22 minutes ago0 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS
Exploits0References2
nvd
nvd
added 22 minutes ago0 views

CVE-2026-56456

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-56455

HCL DFXAnalytics is affected by a Buffer Overflow vulnerability that can lead to a Denial of Service DoS. The application fails to properly validate input sizes, allowing an attacker to pass an excessive amount of information into a memory container, which can cause the system to crash or become...

5.3CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-56454

HCL DFXAnalytics is affected by a Deprecated Protocol vulnerability due to the use of TLS 1.0 and TLS 1.1. These legacy protocols contain numerous cryptographic design flaws that expose data to interception and decryption. To remediate this risk, the application must disable all support for TLS 1...

5.9CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-56453

HCL DFXAnalytics is affected by an Account Takeover via Response Manipulation vulnerability. A remote attacker can intercept and alter the contents of the server's HTTP responses before they reach the client application, allowing them to manipulate the authentication or authorization logic to...

5.5CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-35145

HCL DFXAnalytics is affected by a Missing HTTP Strict-Transport-Security Header vulnerability. The application fails to implement the HTTP Strict Transport Security HSTS policy within its responses, which could allow a remote attacker to downgrade the communication channel to an unencrypted...

3.1CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-35143

HCL DFXAnalytics is affected by a Missing SameSite Attribute vulnerability. The application fails to set the "SameSite" attribute on session cookies generated during authentication, which could allow a remote attacker to execute Cross-Site Request Forgery CSRF attacks if additional mitigations,...

3CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-35142

HCL DFXAnalytics is affected by an Internal IP Address Disclosure vulnerability. The application includes internal IP address details within its generated server responses, which could allow a remote attacker to gather sensitive network topology information and use it to map the internal...

2.6CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-35141

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. The application allows a remote attacker to intercept, delay, or fraudulently retransmit valid authentication data to achieve unauthorized access. To mitigate this risk, the application must implement a mechanism to include...

2.6CVSS
Exploits0References1
nvd
nvd
added 22 minutes ago0 views

CVE-2026-35140

HCL DFXAnalytics is affected by a Missing Secure Attribute in Encrypted Session SSL Cookie vulnerability. The application fails to set the "secure" attribute on session cookies generated during authentication, which could allow a remote attacker to intercept network traffic and capture sensitive...

3CVSS
Exploits0References1
redhatcve
redhatcve
added 39 minutes ago0 views

CVE-2026-59884

A flaw was found in pyasn1, a generic ASN.1 library for Python. The Basic Encoding Rules BER decoder, used by CER and DER codecs, processes long-form tags by accumulating continuation octets without an upper bound. A remote attacker can exploit this by providing a specially crafted input, leading...

7.5CVSS0.00354EPSS
Exploits0References6
redhatcve
redhatcve
added 56 minutes ago0 views

CVE-2026-8609

A flaw was found in Grafana. An unauthenticated attacker can repeatedly access the OAuth login route with unique values. This can lead to unbounded memory growth, eventually exhausting system memory and causing the Grafana instance to crash. This results in a denial of service for legitimate user...

7.5CVSS0.00397EPSS
Exploits0References4
thn
thn
added 1 hour ago5 views

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token from issuer A carrying a sub that belong...

7.6CVSS6AI score0.00143EPSS
Exploits0
cve
cve
added 1 hour ago2 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS6.4AI score
Exploits0References2
vulnrichment
vulnrichment
added 1 hour ago2 views

CVE-2026-5674 Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS
Exploits0References2
attackerkb
attackerkb
added 1 hour ago1 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS
Exploits0References3
cvelist
cvelist
added 1 hour ago5 views

CVE-2026-5674 Pipewire: pipewire: sandbox escape and arbitrary code execution via malicious library loading

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS
Exploits0References2
redhatcve
redhatcve
added 1 hour ago0 views

CVE-2026-5674

A flaw was found in PipeWire, a multimedia server. This vulnerability allows an attacker to escape sandboxed applications, such as Flatpak, by exploiting PipeWire's PulseAudio compatibility layer. An attacker with minimal permissions within a sandboxed environment can load a malicious library,...

8.8CVSS
Exploits0References3
nvd
nvd
added 1 hour ago6 views

CVE-2026-9494

An information disclosure vulnerability exists in Canonical ubuntu-pro-client formerly ubuntu-advantage-tools. The client validates Ubuntu Pro APT credentials by executing /usr/lib/apt/apt-helper using the download-file command. During this process, the secret bearer token is embedded directly in...

5.5CVSS
Exploits0References1
Rows per page
Query Builder