Lucene search
K

2553 matches found

CVE
CVE
added yesterday8 views

CVE-2026-10538

This CVE affects Control-M components (Control-M/Server and Control-M/Enterprise Manager) with a deserialization vulnerability in the messaging consumer. The issue arises from deserializing user-controlled data without strict control of allowed object types in versions 9.0.20.x and potentially ea...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. One example is the regulator subsystem. If a...

5.5CVSS5AI score0.00288EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 10:16 p.m.10 views

CVE-2026-10143

A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations...

8.7CVSS5.1AI score0.00504EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/10 8:22 p.m.5 views

Unchecked Input for Loop Condition

Overview kafka-python is a Pure Python client for Apache Kafka Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SCRAM authentication handling. An attacker can cause the client's event loop to freeze by supplying an excessively large iteration count...

8.7CVSS5.5AI score0.00504EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.18 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00504EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 10:10 p.m.37 views

CVE-2026-9749

The CVE-2026-9749 entry describes a bug in MongoDB where an aggregation pipeline using the internal $exchange stage with key-range partitioning and order-preserving delivery can cause a server crash. When a single key range produces many results that fill its exchange buffer, the code path detect...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-48295

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A buffer overflow can occur during the execution of an aggregation pipeline using the internal $exchange stage. This happens when the stage is configured with key-range partitioning and...

7.1CVSS5.9AI score0.0027EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.8 views

CVE-2025-31960

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

5.3CVSS5.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS5.5AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:43 a.m.6 views

BIT-KAFKA-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.13 views

SUSE CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.8 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/02 10:16 a.m.17 views

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS0.00288EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 8:56 a.m.8 views

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

5.8AI score0.00288EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 8:56 a.m.9 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

5.8AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 8:56 a.m.10 views

EUVD-2026-33904

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 8:56 a.m.40 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 8:56 a.m.215 views

CVE-2026-41115

Summary: CVE-2026-41115 describes an improper authorization issue in Apache Kafka related to the CONSUMER_GROUP_DESCRIBE API. The vulnerability discussion notes a discrepancy between ACLs and documented permissions, but states that the correct permission for the API is DESCRIBE GROUP and that the...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond instantly to changes in data streams. There is a security...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.23 views

PT-2026-45725

Name of the Vulnerable Software and Affected Versions Apache Kafka affected versions not specified Description An improper authorization issue exists in the 'CONSUMER GROUP DESCRIBE' 69 API. The implementation validates the DESCRIBE operation on the GROUP resource, which contradicts the READ...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References7
Rows per page
Query Builder