Lucene search
K

35866 matches found

Github Security Blog
Github Security Blog
added 2026/07/02 1:50 p.m.7 views

GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward

Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...

5.3CVSS5.7AI score0.00455EPSS
Exploits0References2Affected Software2
F5 Networks
F5 Networks
added 2026/07/02 8:45 a.m.10 views

K000162041: Spring Framework vulnerabilities CVE-2026-41843 and CVE-2026-41846

Security Advisory Description CVE-2026-41843 Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48. CVE-2026-41846 Spri...

6.1CVSS5.9AI score0.00341EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood

A flaw was found in Netty. A remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume...

8.7CVSS6.8AI score0.01125EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 7:27 p.m.22 views

CVE-2026-58593

NodeBB is affected by CVE-2026-58593 where inbound ActivityPub objects are not correctly bound to the authenticated remote actor. The middleware verifies the HTTP-signature actor and origin of object.id but does not validate that attributedTo corresponds to the sender, treating attributedTo as a ...

8.7CVSS6AI score0.00191EPSS
Exploits1References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/07/01 5:48 p.m.9 views

CVE-2026-47262

containerd is an open-source container runtime. Versions prior to 1.7.33, 2.0.10, 2.1.9, 2.2.5 and 2.3.2, contain a vulnerability that allows a maliciously crafted image to cause a Denial of Service DoS condition. When creating a container from this image, memory exhaustion occurs, leading to an...

5.5CVSS5.7AI score0.00317EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/01 5:14 p.m.8 views

Important: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.4AI score0.0078EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:27 p.m.5 views

CVE-2026-20213

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

7.5CVSS6AI score0.00463EPSS
Exploits0References2Affected Software1
F5 Networks
F5 Networks
added 2026/07/01 4:15 p.m.10 views

K000162026: Multiple Go vulnerabilities

Security Advisory Description CVE-2026-33811 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-39820 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU...

7.5CVSS7AI score0.00813EPSS
Exploits0
CVE
CVE
added 2026/07/01 2:51 p.m.14 views

CVE-2026-58037

MediaWiki up to versions older than 1.46.0 (including 1.45.4, 1.44.6, 1.43.9) is affected by CVE-2026-58037, an XSS in log/locale-related rendering code (files such as includes/Language/Language.php and several LogFormatter classes) that allows improper neutralization of user input during web pag...

6.1CVSS5.8AI score0.00228EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/07/01 2:8 p.m.8 views

EUVD-2026-41003

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00242EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 11:16 a.m.9 views

CVE-2026-10095

The WP Photo Album Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'subtext' parameter in all versions up to, and including, 9.1.13.005 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00241EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-54929

Name of the Vulnerable Software and Affected Versions FatFs versions R0.16 and earlier Description A stack-based buffer overflow occurs in the f getlabel function. This issue arises because the exFAT label length XDIR NumLabel is trusted without enforcing the maximum limits defined by the...

7.6CVSS6.4AI score0.00232EPSS
Exploits2References8
CVE
CVE
added 2026/06/30 10:37 p.m.17 views

CVE-2026-13844

CVE-2026-13844 describes a use-after-free flaw in the Google Chrome Updater on Windows, before version 150.0.7871.47, enabling a local attacker to achieve OS-level privilege escalation via a malicious file. Affected software: Google Chrome and its Updater components on Windows. Root cause: use-af...

7.8CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 5:21 p.m.8 views

Low: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

7.5CVSS5.9AI score0.02298EPSS
Exploits1References2
NVD
NVD
added 2026/06/30 5:16 p.m.12 views

CVE-2026-10654

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS0.00128EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/06/30 12:26 p.m.15 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.20.27 bug fix and security update

Red Hat OpenShift Container Platform release 4.20.27 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.20. Red Hat Product Security has rated this update as having a...

8.7CVSS5.8AI score0.01041EPSS
Exploits1References3
Akamai Blog
Akamai Blog
added 2026/06/30 9:0 a.m.4 views

Moving Forward Responsibly: Our 2025 Impact Report

...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/30 7:49 a.m.13 views

CVE-2026-55276

A flaw was found in Apache Tomcat. Due to an always-incorrect control flow implementation, special roles and empty authorization constraints were not accurately included when the effective web.xml configuration was logged. This could lead to a security oversight where administrators might...

9.1CVSS5.8AI score0.00368EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/30 5:53 a.m.7 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact

Summary IBM® SDK, Java™ Technology Edition is shipped as a component of IBM Tivoli Business Service Manager and IBM Tivoli Netcool Impact. Information about security vulnerabilities affecting IBM® SDK, Java™ Technology Edition has been published in a security bulletin. Vulnerability Details...

9.8CVSS7.1AI score0.00864EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/29 10:57 p.m.3 views

mariadb: MariaDB: Privilege bypass allows unauthorized file write via subqueries

A flaw was found in MariaDB server. This vulnerability allows a low-privileged authenticated user to bypass a security control that normally restricts file operations. Specifically, the system failed to verify the necessary 'FILE' privilege when certain 'SELECT' statements, which write data to...

8.1CVSS5.8AI score0.00399EPSS
Exploits0References6
Rows per page
Query Builder