Lucene search
+L

7682 matches found

RedhatCVE
RedhatCVE
added yesterday7 views

CVE-2026-50525

A flaw was found in .NET where uncontrolled allocation of resources can lead to a Denial of Service DoS. An unauthorized remote attacker could exploit this vulnerability by continuously requesting resources without limits or throttling, causing the affected system to become unresponsive or crash...

7.5CVSS5.4AI score0.00617EPSS
Exploits0References4
EUVD
EUVD
added yesterday9 views

EUVD-2026-45108

OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availabili...

6.3CVSS6.1AI score0.00312EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added yesterday7 views

The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives allows attackers to execute arbitrary code or cause service interruptions.

The vulnerability of the NGINX Plus and NGINX Open Source HTTP-server directives is related to buffer overflows in dynamic memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure by sending a specially crafted HTTP request...

8.1CVSS6.3AI score0.0083EPSS
Exploits1References4Affected Software7
Positive Technologies
Positive Technologies
added yesterday8 views

PT-2026-60781

A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user to cause service disruption by supplying a repository release notes configuration file containing deeply nested YAML. When release notes were generated, the configuration file was parse...

8.3CVSS5.3AI score
Exploits0References6
NVD
NVD
added 2 days ago10 views

CVE-2026-57896

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...

6.9CVSS0.00106EPSS
Exploits0References3
CVE
CVE
added 2 days ago10 views

CVE-2026-57896

The CVE-2026-57896 relates to an out-of-bounds read in AutomationDirect Productivity Suite exploitable via a crafted IOCTL request from a local attacker, potentially causing kernel memory corruption with information disclosure and disruption. Affected component/behavior is the Productivity Suite’...

6.9CVSS6.1AI score0.00106EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-57896

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...

6.9CVSS6.1AI score0.00106EPSS
Exploits0References4
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-45035

An out-of-bounds read vulnerability in the Productivity Suite allows a local attacker to trigger kernel memory corruption by sending a crafted IOCTL request. This could lead to limited information disclosure or disruption of the affected product...

6.9CVSS6.1AI score0.00106EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2 days ago5 views

Vulnerability of the DOM component: Core and HTML browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird, allowing attackers to cause service failures.

The vulnerability of the DOM component: The Core and HTML browsers of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are vulnerable because they allow memory to be used after it is released. Exploiting this vulnerability could enable a malicious actor to cause service interruption...

7.8CVSS5.2AI score0.00586EPSS
Exploits0References11Affected Software7
RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-15685

A flaw was found in Ollama. This vulnerability allows remote attackers to create a denial-of-service DoS condition on affected installations. The issue occurs within the downloadBlob function due to improper validation of user-supplied data, which can lead to memory access beyond the bounds of an...

7.5CVSS6.9AI score0.00391EPSS
Exploits0References4
NVD
NVD
added 3 days ago5 views

CVE-2026-49445

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS0.0017EPSS
Exploits0References6
CVE
CVE
added 3 days ago34 views

CVE-2026-49445

Cilium CVE-2026-49445 : When L7 is enabled, embedded or standalone Envoy creates a world-accessible admin.sock on cluster nodes, enabling a local attacker to access Envoy admin endpoints, potentially expose TLS secrets, disrupt traffic, or terminate Envoy. Affected are Cilium releases prior to 1....

9.2CVSS6.1AI score0.0017EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-49445 Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS0.0017EPSS
Exploits0References6
OSV
OSV
added 3 days ago4 views

CVE-2026-49445 Cilium: Sensitive information disclosure and cluster disruption via local Envoy admin socket access

Cilium is a networking, observability, and security solution. Prior to 1.17.14, 1.18.8, and 1.19.2, when Cilium L7 functionality is enabled, the embedded or standalone Envoy instance creates a world-accessible admin.sock on cluster nodes, allowing a local attacker to access Envoy admin endpoints,...

9.2CVSS6.1AI score0.0017EPSS
Exploits0References8
NVD
NVD
added 3 days ago9 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score0.00264EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 3 days ago5 views

The vulnerability of the Open Asset Import Library’s 3D model import library (Assimp) lies in buffer overflows in dynamic memory, allowing attackers to execute arbitrary code and cause system failures.

The vulnerability of the Open Asset Import Library Assimp, a library for importing 3D models, is related to buffer overflow in dynamic memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code and cause service interruptions...

10CVSS7AI score0.0034EPSS
Exploits0References8Affected Software3
Microsoft CVE
Microsoft CVE
added 4 days ago4 views

Azure Active Directory Denial of Service Vulnerability

Deserialization of untrusted data in Azure Active Directory allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score0.01174EPSS
Exploits0
RedhatCVE
RedhatCVE
added 4 days ago12 views

CVE-2026-51537

A flaw was found in OpENer. An out-of-bounds read vulnerability exists in the Connection Manager when processing malformed ForwardOpen requests. A remote attacker can send a specially crafted Ethernet/IP ENIP frame with an insufficient Common Industrial Protocol CIP ForwardOpen/LargeForwardOpen...

9.1CVSS6.1AI score0.00434EPSS
Exploits0References5
Rows per page
Query Builder