13 matches found
CVE-2026-55838
CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...
PT-2026-52966
Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...
PT-2026-49095
Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...
PT-2026-47853
Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...
CVE-2026-25771
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...
CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...
CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...
CVE-2021-33509
Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...
Vulnerability of the `close_ctree()` function (fs/btrfs/disk-io.c) in the Linux kernel, which allows an attacker to increase their privileges
The vulnerability of the closectree function fs/btrfs/disk-io.c in the Linux kernel relates to the possibility of using memory after it has been freed. Exploiting this vulnerability can allow an attacker to increase their privileges...
PT-2025-37980
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the XFS file system related to the handling of ENODATA errors. Specifically, the code does not properly differentiate between ENODATA errors...
QEMU: improper IDE controller reset can lead to MBR overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...
bitcoind/Bitcoin-Qt 'CTransaction::FetchInputs' method denied service
Bitcoin is an e-currency generated using open source P2P software. A vulnerability in the 'CTransaction::FetchInputs' method in bitcoind and Bitcoin-Qt versions prior to 0.8.0rc1 stems from the program's failure to incrementally check the consumed predecessor signals, i.e., copying transactions...
Unexpected ASP.Net application shutdown after many App_Data file changes occur on a server that is running Windows Server 2012 R2
Unexpected ASP.Net application shutdown after many AppData file changes occur on a server that is running Windows Server 2012 R2 Symptoms Consider the following scenario: You have a server that is running Windows Server 2012 R2. You set up a website on Internet Information Services IIS. You creat...