Lucene search
K

3922 matches found

Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43363

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to HTTP request smuggling in the Web Server Plug-ins through a specially crafted request...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 4:16 p.m.10 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

3.1CVSS0.00133EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 4:16 p.m.15 views

CVE-2026-8477

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

2.7CVSS0.00178EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 3:27 p.m.12 views

EUVD-2026-31461

Improper enforcement of the sealed-entry workflow in the entry sensitive-data retrieval feature in Devolutions Server allows an authenticated user with access to a sealed entry to retrieve its sensitive data without triggering the unseal audit notification via a crafted API request. This issue...

2.7CVSS5.8AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:26 p.m.16 views

CVE-2026-9246

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 throug...

5.8AI score0.00152EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 3:24 p.m.10 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

5.8AI score0.00133EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:24 p.m.7 views

CVE-2026-9249

Unverified password change in Devolutions Server allows an attacker to change a user's password without providing the previous one via a crafted password change request. This issue affects : Devolutions Server 2026.1.6.0 through 2026.1.16.0 Devolutions Server 2025.3.20.0 and earlier...

3.1CVSS5.8AI score0.00133EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.17 views

PT-2026-42792

Improper access control in the entry documentation and attachment features in Devolutions Server allows an authenticated user with vault read access to retrieve the documentation and attachments of sealed entries via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 throug...

5.8AI score0.00152EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 7:34 a.m.10 views

CVE-2026-44064

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00171EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 7:34 a.m.7 views

CVE-2026-44064 ASP session ID out-of-bounds access

An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited information or cause a denial of service via a crafted ASP request...

7.1CVSS5.8AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 4:2 a.m.11 views

JLSEC-2026-515

There's a flaw in the zeromq server in versions before 4.3.3 in src/decoderallocators.hpp. The decoder static allocator could have its sized changed, but the buffer would remain the same as it is a static buffer. A remote, unauthenticated attacker who sends a crafted request to the zeromq server...

8.1CVSS7.6AI score0.43862EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

IBM WebSphere Application Server 8.5.x < 8.5.5.30 / 9.x < 9.0.5.28 / Liberty 19.0.0.7 < 26.0.0.6 DoS (7273424)

The version of IBM WebSphere Application Server running on the remote host is affected by a DoS vulnerability as referenced in the 7273424 advisory. - IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a...

7.5CVSS5.8AI score0.005EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 3:31 p.m.13 views

GHSA-RG3P-P27C-2F39 gohttp is vulnerable to directory traversal via a crafted request

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

7.3CVSS5.9AI score0.00523EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 3:31 p.m.14 views

gohttp is vulnerable to directory traversal via a crafted request

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

7.3CVSS7.4AI score0.00523EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/19 3:16 p.m.16 views

CVE-2025-70950

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

7.3CVSS0.00523EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.15 views

PT-2026-41931

Name of the Vulnerable Software and Affected Versions gohttp version 34ea51 Description An issue allows attackers to execute a directory traversal, which is a technique used to access files and directories stored outside the intended folder, by supplying a crafted request. Recommendations At the...

7.3CVSS5.9AI score0.00523EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/19 12:0 a.m.36 views

CVE-2025-70950

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

0.00523EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:0 a.m.10 views

CVE-2025-70950

An issue in gohttp commit 34ea51 allows attackers to execute a directory traversal via supplying a crafted request...

5.9AI score0.00523EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/13 9:14 p.m.10 views

CVE-2026-44441

ERPNext is a free and open source Enterprise Resource Planning tool. Prior to 15.106.0 and 16.16.0, a malicious user could send a crafted request to an endpoint, which would lead to the server making an HTTP call to a service of the user's choice. This vulnerability is fixed in 15.106.0 and 16.16...

5CVSS5.8AI score0.00162EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 5:15 a.m.9 views

CVE-2026-32661

Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud SaaS version. If a remote attacker sends a specially crafted request to the product's web service, arbitrary code may be executed when the product is configured to run pop3wallpasswd wi...

9.8CVSS7.7AI score0.00472EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder