Lucene search
+L

166 matches found

snyk
snyk
added 2026/05/12 10:23 p.m.10 views

Cross-site Scripting (XSS)

Overview sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Cross-site Scripting XSS in the corsProxy file. An attacker can execute arbitrary JavaScript in the victim's browser and in the victim's context by injecting malicious content into the url...

7.1CVSS5.8AI score0.00323EPSS
Exploits0References2
nvd
nvd
added 2026/05/06 10:16 p.m.28 views

CVE-2026-41484

OpenTelemetry.Exporter.OneCollector is a .NET exporter that sends telemetry to a OneCollector back-end over HTTP. In versions 1.15.0 and earlier, when a request to the configured back-end or collector results in an unsuccessful HTTP 4xx or 5xx response, the HttpJsonPostTransport class reads the...

5.9CVSS0.00338EPSS
Exploits0References2
euvd
euvd
added 2026/05/06 6:30 p.m.18 views

EUVD-2026-27863

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/06 10:26 a.m.42 views

CVE-2025-59853 HCL DFXAnalytics is affected by an Improper Error Handling vulnerability

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

3.1CVSS0.00166EPSS
Exploits0References1
susecve
susecve
added 2026/05/06 1:41 a.m.10 views

SUSE CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2026/05/06 12:0 a.m.15 views

PT-2026-37658

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References2
redhat
redhat
added 2026/05/05 7:15 p.m.11 views

podman-desktop: Podman Desktop: Denial of Service and Information Disclosure via unauthenticated HTTP server

A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service DoS conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses...

9.1CVSS5.7AI score0.00474EPSS
Exploits1References5
github
github
added 2026/05/05 12:21 a.m.16 views

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

8.2CVSS5.9AI score0.00611EPSS
Exploits1References3Affected Software1
nessus
nessus
added 2026/04/30 12:0 a.m.9 views

RHEL 9 : ovn24.03 (RHSA-2026:11700)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11700 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

8.6CVSS5.5AI score0.00868EPSS
Exploits0References10
osv
osv
added 2026/04/24 5:55 p.m.2 views

CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS5.9AI score0.00611EPSS
Exploits1References43
cvelist
cvelist
added 2026/04/24 5:55 p.m.36 views

CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS0.00611EPSS
Exploits1References1
osv
osv
added 2026/04/23 9:26 p.m.15 views

GHSA-Q834-8QMM-V933 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References6
nvd
nvd
added 2026/04/23 6:16 p.m.8 views

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.9CVSS0.00304EPSS
Exploits0References4
cvelist
cvelist
added 2026/04/23 5:51 p.m.33 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS0.00304EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/04/23 5:51 p.m.4 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References4
osv
osv
added 2026/04/23 5:51 p.m.3 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS6AI score0.00304EPSS
Exploits0References6
susecve
susecve
added 2026/04/23 1:24 a.m.10 views

SUSE CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References3
euvd
euvd
added 2026/04/22 3:31 p.m.4 views

EUVD-2026-24933

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References2
nvd
nvd
added 2026/04/22 2:16 p.m.6 views

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS0.00371EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/22 1:47 p.m.29 views

CVE-2026-33595 DoQ/DoH3 excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

5.3CVSS0.00371EPSS
Exploits0References1
Rows per page
Query Builder