Lucene search
K

1041 matches found

OSV
OSV
added 2026/03/09 8:50 a.m.8 views

CLSA-2026-1773046198 kernel: Fix of 31 CVEs

smb3: fix for slab out of bounds on mount to ksmbd CVE-2025-38728 - netfilter: nftsetpipapo: clamp maximum map bucket size to INTMAX CVE-2025-38201 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too CVE-2025-38729 - net: atm: fix /proc/net/atm/lec handling CVE-2025-38180 - tcpbpf:...

7.8CVSS7AI score0.0033EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.13 views

PT-2026-24147

Name of the Vulnerable Software and Affected Versions Bucket versions prior to 2.1.1 Description Bucket is a MediaWiki extension used to store and retrieve structured data on articles. A stored cross-site scripting XSS issue exists that allows malicious code to be inserted into any Bucket table...

8.8CVSS5.8AI score0.00297EPSS
Exploits0References5
NVD
NVD
added 2026/03/07 6:16 a.m.7 views

CVE-2026-30827

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS0.00455EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/07 5:19 a.m.5 views

CVE-2026-30827

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS5.8AI score0.00455EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/03/07 5:19 a.m.27 views

CVE-2026-30827

CVE-2026-30827 affects express-rate-limit for Express. The default keyGenerator mishandles IPv4 when the system treats IPv4 addresses as IPv6 mapped (IPv4-mapped IPv6 addresses like ::ffff:x.x.x.x). On dual-stack servers, this causes a /56 subnet mask to be applied to all IPv6 addresses, making a...

7.5CVSS5.8AI score0.00455EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/07 5:19 a.m.4 views

CVE-2026-30827 express-rate-limit: IPv4-mapped IPv6 addresses bypass per-client rate limiting (all IPv4 clients share one bucket on dual-stack servers)

express-rate-limit is a basic rate-limiting middleware for Express. In versions starting from 8.0.0 and prior to versions 8.0.2, 8.1.1, 8.2.2, and 8.3.0, the default keyGenerator in express-rate-limit applies IPv6 subnet masking /56 by default to all addresses that net.isIPv6 returns true for. Th...

7.5CVSS5.7AI score0.00455EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/06 7:14 a.m.9 views

Malicious Package

Overview sap-bucket is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

9.8CVSS5.4AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.4 views

PT-2026-23791

Name of the Vulnerable Software and Affected Versions express-rate-limit versions 8.0.0 through 8.0.1 express-rate-limit versions 8.1.0 through 8.1.1 express-rate-limit versions 8.2.0 through 8.2.1 Description The default keyGenerator in express-rate-limit incorrectly applies IPv6 subnet masking ...

7.5CVSS5.8AI score0.00455EPSS
Exploits1References8
Veracode
Veracode
added 2026/02/27 2:46 p.m.6 views

Missing Cryptographic Key Commitment

Amazon.Extensions.S3.Encryption is vulnerable to Missing Cryptographic Key Commitment. The vulnerability is due to lack of cryptographic key commitment when storing encrypted data keys in instruction files instead of S3 metadata, which allows an attacker with write access to the bucket to introdu...

6CVSS5.9AI score0.00094EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.4 views

CVE-2026-27695

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/02/26 1:49 a.m.5 views

CVE-2026-27965 Vitess users with backup storage access can gain unauthorized access to production deployment environments

Vitess is a database clustering system for horizontal scaling of MySQL. Prior to versions 23.0.3 and 22.0.4, anyone with read/write access to the backup storage location e.g. an S3 bucket can manipulate backup manifest files so that arbitrary code is later executed when that backup is restored...

8.4CVSS6.2AI score0.00417EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/25 10:31 p.m.5 views

EUVD-2026-8642

zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service...

4.3CVSS5.2AI score0.00228EPSS
Exploits0References4
NVD
NVD
added 2026/02/25 3:20 p.m.13 views

CVE-2026-27695

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...

5.3CVSS0.00228EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:56 p.m.4 views

CVE-2026-27695

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...

5.3CVSS5.5AI score0.00228EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/25 2:56 p.m.7 views

CVE-2026-27695 zae-limiter: DynamoDB hot partition throttling enables per-entity Denial of Service

zae-limiter is a rate limiting library using the token bucket algorithm. Prior to version 0.10.1, all rate limit buckets for a single entity share the same DynamoDB partition key namespace/ENTITYid. A high-traffic entity can exceed DynamoDB's per-partition throughput limits 1,000 WCU/sec, causing...

4.3CVSS5.6AI score0.00228EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.4 views

PT-2026-21917

Name of the Vulnerable Software and Affected Versions zae-limiter versions prior to 0.10.1 Description zae-limiter, a rate limiting library utilizing the token bucket algorithm, is susceptible to throttling issues due to all rate limit buckets for a single entity sharing the same DynamoDB partiti...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.6 views

CVE-2026-2473

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS5.9AI score0.00438EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/20 9:31 p.m.4 views

Generation of Predictable Numbers or Identifiers

Overview google-cloud-aiplatform is a Vertex AI API client library Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers for Cloud Storage buckets. An attacker can execute code remotely, steal models, or poison data by pre-creating buckets with...

9.2CVSS6.1AI score0.00438EPSS
Exploits1References2
OSV
OSV
added 2026/02/20 9:31 p.m.7 views

GHSA-WH2J-26J7-9728 Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS6AI score0.00438EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/20 9:31 p.m.10 views

Google Cloud Vertex AI has a a vulnerability involving predictable bucket naming

Predictable bucket naming in Vertex AI Experiments in Google Cloud Vertex AI from version 1.21.0 up to but not including 1.133.0 on Google Cloud Platform allows an unauthenticated remote attacker to achieve cross-tenant remote code execution, model theft, and poisoning via pre-creating predictabl...

7.7CVSS6AI score0.00438EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder