Lucene search
K

161616 matches found

EUVD
EUVD
added 2026/05/04 2:41 p.m.8 views

EUVD-2026-26963

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/04 2:41 p.m.102 views

CVE-2026-33007 Apache HTTP Server: mod_authn_socache crash

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

0.00514EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/04 2:41 p.m.6 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/05/04 2:41 p.m.6 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0
GithubExploit
GithubExploit
added 2026/05/04 2:35 p.m.107 views

Exploit for Missing Authentication for Critical Function in Cpanel

cPanel-WHM-CVE-2026-41940-AuthBypass CVE-2026-41940: cPanel...

9.8CVSS6.1AI score0.981EPSS
Exploits64
RedHat Linux
RedHat Linux
added 2026/05/04 1:55 p.m.6 views

dovecot: denial of service via crafted message before authentication

A flaw was found in dovecot. An unauthenticated and remote attacker can send a crafted message that causes managesieve to allocate an excessive amount of memory, forcing managesieve-login to be unavailable by repeatedly crashing the process, resulting in a denial of service...

7.5CVSS5.8AI score0.0079EPSS
Exploits0References5
NVD
NVD
added 2026/05/04 1:16 p.m.5 views

CVE-2026-7482

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS0.01001EPSS
Exploits3References3
OSV
OSV
added 2026/05/04 1:12 p.m.5 views

JLSEC-2026-386

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTPS redirects is used with authentication could leak credentials to other services that exist on different protocols ...

5.7CVSS5.8AI score0.01595EPSS
Exploits1References10
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-431 When doing SSH-based transfers using either SCP or SFTP, and asked to do public key...

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6.4AI score0.00413EPSS
Exploits1References6
OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-436

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

6.5CVSS7AI score0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 12:38 p.m.7 views

CVE-2026-7482 Ollama heap out-of-bounds read in GGUF tensor parsing leaks server process memory to unauthenticated remote attackers

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and...

9.1CVSS5.8AI score0.01001EPSS
Exploits3References3
Veracode
Veracode
added 2026/05/04 12:12 p.m.10 views

Authentication Bypass

Apache Camel is vulnerable to Authentication Bypass. The vulnerability is due to the authentication handler matching only the exact configured context path, not its subpaths, where unauthenticated requests to subpaths can reach protected business routes and management endpoints without being...

8.2CVSS5.8AI score0.00622EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 11:42 a.m.23 views

CVE-2026-40542

A flaw was found in Apache HttpClient. This vulnerability allows a remote attacker to bypass a critical step in the SCRAM-SHA-256 authentication process. By exploiting this, an attacker can trick the client into accepting authentication without proper mutual verification, potentially compromising...

7.3CVSS5.8AI score0.00456EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 11:40 a.m.12 views

USN-8227-1 curl vulnerabilities

It was discovered that curl incorrectly reused non-TLS connections when TLS was required in some STARTTLS configurations. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2026-4873 It was discovered that curl incorrectly reused certain HTTP Negotiate connection...

7.5CVSS5.9AI score0.00639EPSS
Exploits7References8
GithubExploit
GithubExploit
added 2026/05/04 11:25 a.m.85 views

Exploit for Missing Authentication for Critical Function in Cpanel

No d...

9.8CVSS6AI score0.981EPSS
Exploits64
GithubExploit
GithubExploit
added 2026/05/04 11:19 a.m.70 views

Exploit for Missing Authentication for Critical Function in Cpanel

CVE-2026-41940 cPanel & WHM Verification Tool This repository...

9.8CVSS6.1AI score0.981EPSS
Exploits64
GithubExploit
GithubExploit
added 2026/05/04 10:54 a.m.95 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.95645EPSS
Exploits11
GithubExploit
GithubExploit
added 2026/05/04 10:54 a.m.114 views

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 — marimo Pre-Auth Terminal WebSocket RCE Lab...

9.8CVSS7.9AI score0.95645EPSS
Exploits11
Veracode
Veracode
added 2026/05/04 10:52 a.m.11 views

Information Exposure

org.springframework.grpc, spring-grpc-core is vulnerable to information exposure through error messages. The vulnerability is due to returning raw server-side AuthenticationException messages in the gRPC status description, which allows an attacker to gather authentication failure details and...

5.3CVSS5.8AI score0.002EPSS
Exploits0References3Affected Software2
RedhatCVE
RedhatCVE
added 2026/05/04 10:17 a.m.8 views

CVE-2026-41263

A flaw was found in Traefik. A remote attacker can exploit a timing side-channel vulnerability in Traefik's BasicAuth middleware. This flaw allows an attacker to enumerate valid usernames by observing differences in authentication response times. The vulnerability arises because a constant-time...

6.3CVSS5.7AI score0.00369EPSS
Exploits0References7
Rows per page
Query Builder