5146988 matches found
CVE-2026-59173 Apache Traffic Server: DoS vulnerability in HTTP/2 via stalled flow-control conditions
Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2. Users are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue...
CVE-2026-59173 Apache Traffic Server: DoS vulnerability in HTTP/2 via stalled flow-control conditions
Uncontrolled Resource Consumption vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.0.0 through 9.1.13, from 10.0.0 through 10.1.2. Users are recommended to upgrade to version 9.1.14 or 10.1.3, which fixes the issue...
CVE-2026-15631 @fastify/http-proxy vulnerable to prefix escape via WebSocket path traversal
Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...
CVE-2026-15631 @fastify/http-proxy vulnerable to prefix escape via WebSocket path traversal
Impact: @fastify/http-proxy versions from 9.4.0 up to and including 11.5.0 fail to validate the resolved WebSocket destination path against the configured rewrite prefix. The WebSocket routing path in WebSocketProxy.findUpstream resolves the destination via the WHATWG URL constructor, which...
CVE-2026-9147 uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...
CVE-2026-9147 uproot 5.7.4 and prior Code Injection via TStreamerInfo Metadata
uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...
CVE-2026-16158 @fastify/reply-from vulnerable to cross-upstream request routing via URL cache key collision
Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...
CVE-2026-16158 @fastify/reply-from vulnerable to cross-upstream request routing via URL cache key collision
Impact: @fastify/reply-from versions from 8.3.1 up to but not including 12.6.4 build the internal URL cache key by concatenating the destination and source path without a delimiter. Different destination and source pairs can therefore produce the same key while resolving to different upstream URL...
CVE-2026-16096
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub40BB50 of the file /proc/webmonrecentdomains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This project is superseded by FreshTomato...
CVE-2026-16097
A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...
Exploit for CVE-2026-63030
CVE-2026-63030: wp2shell WordPress Batch API Desynchronizat...
CVE-2026-16097 Shibby Tomato Scheduler Name sub_42537C stack-based overflow
A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...
CVE-2026-16097
A vulnerability was found in Shibby Tomato 1.28. This vulnerability affects the function sub42537C of the component Scheduler Name Handler. The manipulation of the argument a1 results in stack-based buffer overflow. It is possible to launch the attack remotely. This project is superseded by...
CVE-2026-16095
A flaw has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. Affected by this issue is the function setupconntrack of the file /sbin/rc. Executing a manipulation of the argument cttcptimeout can lead to out-of-bounds write. The attack may be performed from remote. This project is supersed...
CVE-2026-16096 Shibby Tomato webmon_recent_domains sub_40BB50 stack-based overflow
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub40BB50 of the file /proc/webmonrecentdomains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This project is superseded by FreshTomato...
CVE-2026-16096
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub40BB50 of the file /proc/webmonrecentdomains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This project is superseded by FreshTomato...
EUVD-2026-45371
A vulnerability has been found in Shibby Tomato 1.28 RT-N5x MIPSR2 Build 124. This affects the function sub40BB50 of the file /proc/webmonrecentdomains. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. This project is superseded by FreshTomato...
WordPress vulnerabilities can be addressed through Automattic.
There are two vulnerabilities present in WordPress Core 6.8.6, 6.9.5, and 7.0.2. An unauthorized malicious individual can exploit these vulnerabilities to execute arbitrary code remotely. To do this, a malicious HTTP request must be sent to the batch API of a WordPress site. Since vulnerabilities...
Exploit for Missing Authentication for Critical Function in Splunk
Splunk Enterprise — CVE-2026-20253 Training Lab Splunk En...
CVE-2026-62309
creationtimestamp| type| source ---|---|--- 2026-07-18 10:38:50+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqw35lls7a2g 2026-07-18 10:38:51+00:00| seen| https://bsky.app/profile/cybernewsroom.bsky.social/post/3mqw35oexs42u 2026-07-18 10:38:52+00:00| seen|...