Lucene search
K

6210 matches found

EUVD
EUVD
added 6 hours ago17 views

EUVD-2026-34067

morgan vulnerable to Log Forging via unneutralized control characters in :remote-user...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-59875

A flaw was found in node-tar, a library for manipulating tar archives in Node.js. A remote attacker could craft a malicious archive containing null characters NUL bytes in its metadata. When this archive is processed, the unstripped null characters can cause the application to terminate...

5.3CVSS5.9AI score0.00291EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday28 views

CVE-2026-50188 Kirby: Request header injection in `Http\Remote`

Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins using the Kirby Http Remote class, including Remote::request, Remote::get, and Remote::post, to send outgoing HTTP requests with untrusted data in the headers option could allow newline characters...

6.9CVSS
Exploits0References5
NVD
NVD
added 2 days ago4 views

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS0.00439EPSS
Exploits0References8
CVE
CVE
added 3 days ago12 views

CVE-2026-55427

Coder exposes SSH config injection risk via the config-ssh command: before 2.34.2, 2.33.8, 2.32.7, and 2.29.17, server-supplied values for HostnameSuffix and SSHConfigOptions could be written into ~/.ssh/config without rejecting newlines or restricting directives. This could enable a malicious or...

8.3CVSS6.1AI score0.00466EPSS
Exploits0References6Affected Software1
RedHat Linux
RedHat Linux
added 3 days ago5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

jastow: Jastow Cross-Site Scripting attack due to unsanitized URI

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References4
NVD
NVD
added 3 days ago7 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling...

6.5CVSS0.00246EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 3 days ago4 views

CVE-2025-12799

A flaw was found in Jastow. Jastow is vulnerable to Cross-Site Scripting XSS attack. If using a set of combined configuration to allow unescaped characters in URL with embedded Undertow and Jastow, a server might be vulnerable to improper input handling. Mitigation It is possible to contruct...

6.5CVSS5.9AI score0.00246EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-59711

showdown contains a cross-site scripting vulnerability in metadata title handling that allows attackers to inject arbitrary HTML and JavaScript. When completeHTMLDocument option is enabled, unescaped less-than and greater-than characters in markdown frontmatter metadata are inserted directly into...

6.1CVSS6AI score0.00187EPSS
Exploits0References4
CVE
CVE
added 4 days ago11 views

CVE-2026-59711

CVE-2026-59711 affects the showdown library. A cross-site scripting vulnerability exists in metadata title handling when the completeHTMLDocument option is enabled; unescaped characters in markdown frontmatter metadata are placed into HTML title tags, allowing script execution in the rendered pa...

6.1CVSS6AI score0.00187EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:33 a.m.8 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/02 7:33 a.m.20 views

CVE-2026-9563

Eclipse Parsson JSON parser did not enforce a default maximum on parsed characters before 1.1.8, allowing DoS from attacker-controlled JSON via very large documents. The fixed version, Parsson 1.1.8, adds a configurable limit with a default of 15 million parser-consumed characters. Affected: Ecli...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.5 views

io.quarkus/quarkus-vertx-http: Quarkus: Authorization bypass in HTTP path-based policies via encoded characters

A flaw was found in Quarkus. A remote attacker could bypass HTTP path-based authorization policies by using specially crafted encoded semicolons, slashes, or backslashes in HTTP requests. This could allow unauthorized access to protected static resources, leading to information disclosure...

7.5CVSS6AI score0.00451EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.3 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 5:14 p.m.4 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS7AI score0.00337EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 1:37 p.m.11 views

CVE-2026-35097

The CVE affects KTM System e-BOK, where the password policy allows only numeric passwords up to six digits. Root cause is a restricted character set and short max length, resulting in weak credential requirements. The issue has been addressed by a patch published in June 2026. Remediation recomme...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.4 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS7AI score0.00337EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 4:33 p.m.7 views

CVE-2026-50269

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. This vulnerability, known as CRLF Carriage Return Line Feed injection, allows an attacker to modify HTTP requests by injecting malicious input into multipart or payload headers. If an application processes user-controlled...

7.5CVSS5.8AI score0.00301EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-370 Openstack Keystone Incorrect Authorization vulnerability

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...

9.1CVSS6.6AI score0.01319EPSS
Exploits1References13
Rows per page
Query Builder