Lucene search
K

285 matches found

NVD
NVD
added yesterday4 views

CVE-2026-9708

Mattermost versions 11.7.x = 11.7.2, 11.6.x = 11.6.4, 10.11.x = 10.11.19 fail to validate that an assigned incoming webhook user has access to the target team or channel, which allows a requester with webhook management permissions to create posts or direct messages attributed to another user via...

4.9CVSS0.0021EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 5 days ago6 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.4AI score0.00969EPSS
Exploits6References33
RedHat Linux
RedHat Linux
added 5 days ago3 views

netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/04 1:23 a.m.44 views

CVE-2025-71359 picklescan - Unsafe Deserialization via lib2to3.pgen2.grammar.Grammar.loads

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load...

8.1CVSS0.00427EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2025-210390

picklescan before 0.0.30 fails to detect the doctest.debugscript function when analyzing pickle files, allowing attackers to execute arbitrary code. Remote attackers can craft malicious pickle files embedding doctest.debugscript calls that bypass picklescan detection and execute arbitrary command...

8.1CVSS6.1AI score0.00769EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-48044 Envoy Zstd Decompressor: Ratio Check at Wrong Loop Depth lead to memory explosion

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/11 8:52 p.m.9 views

CVE-2026-44890 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.2AI score0.0038EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 8:52 p.m.65 views

CVE-2026-44890

Netty has Unbounded Direct Memory Consumption in its RedisDecoder (CVE-2026-44890). In netty-codec-redis, versions before 4.1.135.Final and 4.2.15.Final allow an attacker to cause a DoS by sending crafted Redis payloads across multiple connections that omit "\r\n", exhausting the server’s direct ...

7.5CVSS5.4AI score0.0038EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/11 8:52 p.m.3 views

CVE-2026-44890 Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Netty is a network application framework for development of protocol servers and clients. In netty-codec-redis prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/30 2:55 p.m.14 views

CVE-2018-25424

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Elastic Kibana 安全漏洞

Elastic Kibana is a data visualization dashboard software provided by the Elastic company. There is a security vulnerability in Elastic Kibana, which stems from uncontrolled resource consumption. This vulnerability may allow authenticated users to cause excessive memory and CPU resource consumpti...

6.5CVSS5.8AI score0.00296EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.18 views

Unity Linux 20.1060e / 20.1070e Security Update: xerces-j2 (UTSA-2026-016680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016680 advisory. There's a vulnerability within the Apache Xerces Java XercesJ XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser t...

7.1CVSS5.8AI score0.0444EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-14869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have...

7.5CVSS5.8AI score0.00354EPSS
Exploits0References2
OSV
OSV
added 2026/05/21 5:56 p.m.8 views

GHSA-RQ6V-X3J8-7QGF Amazon SageMaker Python SDK is missing integrity verification in its Triton inference handler

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing...

7.2CVSS6.5AI score0.0039EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/21 2:29 a.m.22 views

SUSE CVE-2026-31072

The JSONSerializer and CBORSerializer in APScheduler all versions including 3.10.x and 4.0.0a5 are vulnerable to Remote Code Execution RCE via Insecure Deserialization. The unmarshalobject function allows for arbitrary class instantiation and state injection by dynamically importing modules and...

9.8CVSS6AI score0.0081EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42642

Summary Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. An issue exists where, under certain circumstances, the Triton inference handler deserializes model artifacts without performing integrity verification, allowing...

7.2CVSS6.5AI score0.0039EPSS
Exploits0References7
OSV
OSV
added 2026/05/15 12:19 p.m.8 views

CLSA-2026-1778845249 redis: Fix of 2 CVEs

CVE-2026-23631: fix use-after-free in readSyncBulkPayload when fullsync happens while a Lua script is timed out on the replica - CVE-2026-25243: fix invalid memory access in RESTORE on crafted zipmap, listpack and stream PEL payloads...

8.8CVSS5.8AI score0.02995EPSS
Exploits0References1
NVD
NVD
added 2026/05/14 6:16 a.m.12 views

CVE-2025-14870

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted JSON payloads due to insufficient input validation...

7.5CVSS0.00339EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 a.m.9 views

CVE-2025-14869

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints...

7.5CVSS5.8AI score0.00354EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/14 5:38 a.m.64 views

CVE-2025-14869 Improper Validation of Specified Quantity in Input in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted payloads on certain API endpoints...

7.5CVSS0.00354EPSS
Exploits0References3
Rows per page
Query Builder