Lucene search
K

515375 matches found

CVE
CVE
added yesterday6 views

CVE-2026-58421

CVE-2026-58421 affects Gitea via CODEOWNERS pattern matching, enabling an unauthenticated ReDoS and potential denial of service. The connected documents indicate a fix in Gitea v1.26.4 (release tag v1.26.4 and related advisories) and provide links to the security advisory and PR that introduced t...

5.9AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-58421

Unauthenticated ReDoS via CODEOWNERS pattern matching allows denial of service...

5.9AI score
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2026-41560

A flaw was found in GIMP's Paint Shop Pro PSP file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service DoS by tricking a user into opening a specially crafted PSP image file. The vulnerability occurs because the...

7.3CVSS6.7AI score
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-58379

The CVE-2026-58379 vulnerability affects GIMP 's Paint Shop Pro (PSP) file format parser. It is a heap buffer overflow caused by incorrect buffer size calculations when processing low bit-depth PSP images , which can lead to arbitrary code execution or DoS when a user opens a crafted image. The p...

7.3CVSS6.7AI score
Exploits0References4
CVE
CVE
added yesterday12 views

CVE-2026-14612

The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...

4.2CVSS6AI score
Exploits0References2
EUVD
EUVD
added yesterday5 views

EUVD-2026-41554

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-14612

Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...

4.2CVSS5.9AI score
Exploits0References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-20243

A flaw was found in ClamAV's ALZ file format parser. An unauthenticated, remote attacker can exploit this vulnerability by submitting a specially crafted ALZ Archived Link Zipped file for scanning. This improper handling of ALZ files can lead to memory corruption, causing the ClamAV scanning...

7.5CVSS5.9AI score0.00389EPSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-46463

Dell PowerProtect Data Domain vulnerabilities (versions 7.7.1.0–8.7, LTS2026 8.6.1.0–8.6.1.10, LTS2025 8.3.1.0–8.3.1.30, LTS2024 7.13.1.0–7.13.1.70) contain an integer overflow/wraparound issue. An unauthenticated, remote attacker could potentially exploit this vulnerability to cause a denial of ...

6.5CVSS6AI score
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-41547

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an integer overflow or wraparound vulnerability. An unauthenticated attacker...

6.5CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added yesterday49 views

ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure

ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...

9.4CVSS6AI score0.39797EPSS
Exploits6References5
Nuclei
Nuclei
added yesterday1410 views

Microsoft FrontPage Extensions - Information Disclosure

Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /vtibin/ virtual directory. id: CVE-2000-0114 info: name: Microsoft FrontPage Extensions - Information Disclosure author: r3naissance,matejsmycka severity...

5CVSS6AI score0.47595EPSS
Exploits1References3
Nuclei
Nuclei
added yesterday26 views

XiongMai uc-httpd 1.0.0 - Buffer Overflow

Buffer overflow in XiongMai uc-httpd 1.0.0 has unspecified impact and attack vectors, a different vulnerability than CVE-2017-16725. id: CVE-2018-10088 info: name: XiongMai uc-httpd 1.0.0 - Buffer Overflow author: 0xAkoko severity: critical description: | Buffer overflow in XiongMai uc-httpd 1.0....

10CVSS7.2AI score0.40386EPSS
Exploits8References4
Nuclei
Nuclei
added yesterday18 views

Kubernetes API Server - YAML Parsing DoS (Billion Laughs)

The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...

7.5CVSS6.7AI score0.25939EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday11 views

10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service. id: CVE-2023-5559 info: name: 10Web Booster 2.24.18 - Unauthenticated Arbitra...

9.1CVSS7.3AI score0.02811EPSS
Exploits2References2
Nuclei
Nuclei
added yesterday52 views

Grafana Unauthenticated Snapshot Creation

Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigger a Denial of Service via a remote API call if a commonly used configuration is set. id: CVE-2021-27358 info: name: Grafana Unauthenticated Snapshot Creation author: pdteam,bing0o severity: hi...

7.5CVSS7.1AI score0.83042EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday35 views

Microweber <1.2.12 - Integer Overflow

Microweber before 1.2.12 is susceptible to integer overflow. The application allows large characters to insert in the input field 'first & last name,' which can allow an attacker to cause a denial of service via a crafted HTTP request. id: CVE-2022-0968 info: name: Microweber 1.2.12 - Integer...

7.2CVSS6.8AI score0.03731EPSS
Exploits1References5
Nuclei
Nuclei
added yesterday60 views

Apache OFBiz - XML External Entity Injection

In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine org.apache.ofbiz.service.engine.HttpEngine.java handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName,...

7.5CVSS7.1AI score0.25743EPSS
Exploits0
Nuclei
Nuclei
added yesterday95 views

Oracle Fusion Middleware WebCenter Sites 12.2.1.3.0 - SQL Injection

The Oracle WebCenter Sites component of Oracle Fusion Middleware 12.2.1.3.0 is susceptible to SQL injection via an easily exploitable vulnerability that allows low privileged attackers with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can...

4.3CVSS6.3AI score0.06079EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday20 views

dash-uploader 0.1.0 - 0.7.0a2 - Denial-of-Service via flowTotalChunks

fohrloop dash-uploader v0.1.0 through v0.7.0a2 contains a remote code execution caused by improper handling in Upload function and maxfilesize parameter in dashuploader components, letting remote attackers execute arbitrary code, exploit requires crafted request. id: CVE-2026-38361 info: name:...

7.5CVSS7.8AI score0.02643EPSS
Exploits5References4
Rows per page
Query Builder