Lucene search
K

3928 matches found

CVE
CVE
added 6 days ago11 views

CVE-2026-14940

Affected software/component: 389 Directory Server (389-ds-base). Vulnerability: heap-buffer-overflow in DN normalization when processing a legacy-quoted value encoding a multivalued nested RDN, causing writes past the end of a heap allocation. Attack scenario: an unauthenticated remote attacker c...

5.3CVSS5.9AI score0.00294EPSS
Exploits0References2Affected Software3
Cvelist
Cvelist
added 6 days ago42 views

CVE-2026-14940 389-ds-base: 389-ds-base: heap-buffer-overflow in dn normalization via quoted multivalued rdn

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS0.00294EPSS
Exploits0References2
Debian CVE
Debian CVE
added 6 days ago5 views

CVE-2026-14940

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS5.9AI score0.00294EPSS
Exploits0
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-14940

A heap-buffer-overflow flaw was found in 389 Directory Server 389-ds-base. When normalizing a Distinguished Name DN that contains a legacy-quoted value encoding a multivalued nested Relative Distinguished Name RDN, the server can write past the end of a heap allocation while sorting RDN...

5.3CVSS5.8AI score0.00294EPSS
Exploits0References3
OSV
OSV
added 6 days ago3 views

BIT-VAULT-2026-5051 Audit Log Plugin Directory Guard Bypass via Legacy path Option

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS6AI score0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56194

Name of the Vulnerable Software and Affected Versions 389 Directory Server 389-ds-base affected versions not specified Description A heap-buffer-overflow occurs during the normalization of a Distinguished Name DN containing a legacy-quoted value that encodes a multivalued nested Relative...

5.3CVSS6.1AI score0.00294EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/06 7:51 p.m.7 views

EUVD-2026-24978

comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6
OSV
OSV
added 2026/07/06 3:27 p.m.10 views

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
OSV
OSV
added 2026/07/03 11:34 a.m.2 views

SUSE-SU-2026:2745-1 Security update for firewalld-legacy

This update for firewalld-legacy fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...

5.5CVSS6.1AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-52830

fast-mcp-telegram is a Telegram MCP Server. Prior to 0.19.1, fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. The verifier rejects the exact reserved token telegram, but it does not reject path separators or normalize the path before checkin...

9.4CVSS0.00423EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:39 p.m.29 views

CVE-2026-52830

The CVE describes a path-traversal in fast-mcp-telegram prior to 0.19.1 where HTTP Bearer tokens are joined into a session-file path. The verifier rejects only the exact reserved token, not path separators or normalized paths, enabling a remote client to authenticate as the default legacy session...

9.4CVSS5.8AI score0.00423EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55313

Name of the Vulnerable Software and Affected Versions fast-mcp-telegram versions prior to 0.19.1 Description fast-mcp-telegram validates HTTP Bearer tokens by joining the raw token string into a session-file path. While the verifier rejects the exact reserved token telegram, it fails to reject pa...

9.4CVSS6AI score0.00423EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, the MNG decoder contain...

5.3CVSS5.9AI score0.00197EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 8:33 p.m.12 views

CVE-2026-5051

A flaw was found in HashiCorp Vault and Vault Enterprise. The audit device validation logic did not consistently apply plugin directory protections when a legacy file audit path option was used. This inconsistency could allow an attacker to bypass security controls, potentially leading to...

4.4CVSS5.6AI score0.00278EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/01 7:14 p.m.33 views

CVE-2026-54164 API Platform Core: Missing IRI type check enables resource type confusion

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. In versions prior to 4.1.30, 4.2.26 and 4.3.12, the serializer's AbstractItemNormalizer does not validate the resource type returned when resolving relation IRIs, allowing type confusion where a resource of an...

6.5CVSS0.00195EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 6:16 p.m.10 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:10 p.m.75 views

CVE-2026-5051

CVE-2026-5051 affects HashiCorp Vault and Vault Enterprise prior to 2.0.1. The audit device plugin directory guard could be bypassed when using the legacy file audit path option, because the file audit backend accepted the legacy path as a fallback and did not validate the destination against the...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 5:10 p.m.48 views

CVE-2026-5051

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/07/01 5:10 p.m.8 views

EUVD-2026-41098

HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17...

4.4CVSS5.8AI score0.00278EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/01 5:8 p.m.47 views

Vault Audit Device Plugin Directory Guard Bypass via Legacy Path Option

Summary HashiCorp Vault and Vault Enterprise prior to 2.0.1 audit device validation logic did not consistently apply plugin directory protections when the legacy file audit path option was used. This vulnerability CVE-2026-5051 is fixed in 2.0.1, 1.21.6, 1.20.11, and 1.19.17. Background Vault...

4.4CVSS6.1AI score0.00278EPSS
Exploits0Affected Software1
Rows per page
Query Builder