Lucene search
K

3045 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday3 views

Malicious code in cookie-parser-js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c6c2bd7c1b5b363e72753401f6edebf816965a625227e6523210e4620ce9bb8a cookie-parser-js impersonates the widely used cookie-parser package: it copies TJ Holowaychuk / Doug Wilson author metadata, the description, the...

6.6AI score
Exploits0References7
RedHat Linux
RedHat Linux
added yesterday3 views

netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payload with deeply nested arrays

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending a specially crafted Redis payload containing deeply nested arrays. This action forces the server to allocate a large number of state objects and collections, leading to memory exhaustion...

7.5CVSS5.9AI score0.00371EPSS
Exploits0References7
Nuclei
Nuclei
added 3 days ago113 views

MOVEit Transfer - SQL Injection

In Progress MOVEit Transfer before 2020.1.11 12.1.11, 2021.0.9 13.0.9, 2021.1.7 13.1.7, 2022.0.7 14.0.7, 2022.1.8 14.1.8, and 2023.0.4 15.0.4, a SQL injection vulnerability has been identified in the MOVEit Transfer web application that could allow an unauthenticated attacker to gain unauthorized...

9.1CVSS7.3AI score0.95EPSS
Exploits0References5
OSV
OSV
added 2026/06/30 9:8 a.m.2 views

OPENSUSE-SU-2026:21175-1 Security update for python-zeroconf

This update for python-zeroconf fixes the following issues: Changes in python-zeroconf: - CVE-2026-47180: zeroconf has unbounded recursion in DNS compression-pointer decoder that allows LAN-local denial of service bsc1268341 - CVE-2026-47183: zeroconf: Unbounded exception-dedup state retains pack...

5.8AI score0.00023EPSS
Exploits0References10
NVD
NVD
added 2026/06/29 11:16 p.m.34 views

CVE-2026-51219

A heap buffer overflow in the HighPriorityASDUQueuehasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service DoS via a crafted payload...

6.5CVSS0.00348EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 4:49 a.m.7 views

CVE-2026-54270

A flaw was found in protobufjs. This library compiles protobuf definitions into JavaScript JS functions. A remote attacker could send a specially crafted protobuf payload containing numerous unknown fields. This could cause the decoded message to retain substantially more memory than expected,...

5.3CVSS5.8AI score0.00293EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 12:0 a.m.21 views

CVE-2026-51219

A heap buffer overflow in the HighPriorityASDUQueuehasUnconfirmedIMessages function of lib60870 v2.3.3 to v2.3.6 allows attackers to cause a Denial of Service DoS via a crafted payload...

0.00348EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 12:0 a.m.9 views

CVE-2026-51219

CVE-2026-51219 affects lib60870 (versions 2.3.3–2.3.6) and arises from a heap buffer overflow in HighPriorityASDUQueue_hasUnconfirmedIMessages. The issue can allow a Denial of Service via a crafted payload. The connected documents identify the affected component and function, and specify the vuln...

6.5CVSS6AI score0.00348EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 5:31 p.m.8 views

EUVD-2026-39820

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.23.0 until 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability has been identified in Envoy's zstd decompressor implementation ZstdDecompressorImpl. When zstd decompression is enabled, processing a...

7.5CVSS5.8AI score0.00486EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5264 Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus

Prometheus: Remote read endpoint allows denial of service via crafted snappy payload in github.com/prometheus/prometheus...

7.5CVSS5.8AI score0.00761EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/23 9:13 a.m.10 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
CVE
CVE
added 2026/06/22 4:21 p.m.27 views

CVE-2026-48712

The CVE-2026-48712 vulnerability affects protobufjs (JavaScript) in the toObject() conversion path and the google.protobuf.Any JSON conversion path. Prior to versions 7.6.1 and 8.4.1, protobufjs could recurse without a depth limit when converting decoded messages to plain objects/JSON, allowing a...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 6:26 a.m.5 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 2:32 a.m.6 views

redis: RESTORE invalid memory access may allow remote code execution

A flaw was found in Redis. An authenticated attacker with permission to execute the RESTORE command can send a crafted serialized payload that may lead to an invalid memory access due to an improper validation of the serialized values. This flaw can cause the server to crash and may allow arbitra...

8.8CVSS6.1AI score0.02995EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in pyxdg

A code injection issue was discovered in PyXDG before version 0.26, through crafted Python code within a Category element of a Menu XML document in a .menu file. The XDGCONFIGDIRS must be set up to trigger the xdg.Menu.parse parsing within the directory containing this file. This issue occurred d...

7.5CVSS7AI score0.02105EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50511

Name of the Vulnerable Software and Affected Versions NVIDIA Spatial Intelligence Lab's SIL GEN3C affected versions not specified Description The inference API server contains an unauthenticated remote code execution flaw. The endpoints '/request-inference' and '/seed-model' deserialize raw HTTP...

9.8CVSS6.8AI score0.00685EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

5.7AI score0.00374EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36774

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.3AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

9.6CVSS0.00374EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 8:16 p.m.11 views

CVE-2026-50876

A cross-site scripting XSS vulnerability in Deck9 Input v2.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS0.00162EPSS
Exploits0References1
Rows per page
Query Builder