Lucene search
K

773 matches found

Cvelist
Cvelist
added 2 days ago36 views

CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller

Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...

8.5CVSS0.00373EPSS
Exploits0References2
CVE
CVE
added 2 days ago9 views

CVE-2026-15738

The CVE-2026-15738 issue affects the AWS Load Balancer Controller prior to version 3.4.2, where incorrect behavior order in Gateway API listener-rule generation can let an authenticated remote user intercept, spoof, or deny another namespace’s gRPC traffic on a shared Gateway via a crafted HTTPRo...

8.5CVSS6.2AI score0.00373EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2 days ago12 views

PT-2026-58856

Name of the Vulnerable Software and Affected Versions VMware Avi Load Balancer affected versions not specified Description An authentication bypass allows an attacker to gain unauthorized access to the system. This issue affects the Avi Controller. Recommendations Upgrade the Avi Controller to th...

6.1AI score
Exploits0References4
EUVD
EUVD
added last week12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/08 4:38 p.m.1 views

Apache Tomcat: Apache Tomcat: Open Redirect vulnerability via LoadBalancerDrainingValve

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

6.1CVSS6AI score0.00526EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 10:30 a.m.38 views

CVE-2026-54430 Server-Site Request Forgery in liboauth2

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/07/02 10:30 a.m.20 views

CVE-2026-54430

liboauth2 is affected by a Server-Side Request Forgery in the oauth2_jose_jwks_aws_alb_resolve() function. The AWS ALB verifier reads signer and kid from the unverified JWT header; if the signer matches the configured ARN, the kid is appended to alb_base_url without URL encoding or path sanitizat...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:30 a.m.8 views

CVE-2026-54430

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/02 10:30 a.m.6 views

EUVD-2026-41276

liboauth2 is vulnerable to Server-Side Request Forgery in oauth2josejwksawsalbresolve function. The AWS ALB verifier reads both signer and kid from the unverified JWT header. If signer matches the configured ARN, kid is appended to albbaseurl without URL encoding or path sanitization, and the HTT...

5.1CVSS5.8AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 1:19 p.m.12 views

CVE-2026-8655

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursi...

9.8CVSS0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 12:46 p.m.7 views

EUVD-2026-40308

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursi...

8.8CVSS5.8AI score0.0046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 12:46 p.m.41 views

CVE-2026-8655 Multiple Memory overflow vulnerabilities leading to unpredictable or erroneous behavior and Denial of Service

Multiple Memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway leading to unpredictable or erroneous behavior and Denial of Service if NetScaler ADC is configured as an LB of type Oracle OR NetScaler ADC is configured as a DNS Proxy OR NetScaler ADC is configured as a DNS recursi...

8.8CVSS0.0046EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 12:46 p.m.53 views

CVE-2026-8655

CVE-2026-8655 corresponds to multiple memory overflow vulnerabilities in NetScaler ADC and NetScaler Gateway that can cause unpredictable behavior and DoS when the appliance is used as an Oracle load balancer, a DNS Proxy, or a DNS recursive resolver. The NVD/NIST entry and multiple security advi...

9.8CVSS5.8AI score0.0046EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.15 views

PT-2026-53881

Name of the Vulnerable Software and Affected Versions NetScaler ADC affected versions not specified NetScaler Gateway affected versions not specified Description Memory overflow issues occur when NetScaler ADC is configured as an Oracle load balancer, a DNS Proxy, or a DNS recursive resolver...

9.8CVSS6.2AI score0.0046EPSS
Exploits0References13
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:3 p.m.7 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 8:3 p.m.26 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
Chainguard
Chainguard
added 2026/06/23 8:16 a.m.7 views

GHSA-RJFV-PJVX-MJGV vulnerabilities

Vulnerabilities for packages: aws-load-balancer-controller-fips, aws-load-balancer-controller...

6.1AI score
Exploits0
NVD
NVD
added 2026/06/22 6:16 p.m.14 views

CVE-2026-54287

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 5:13 p.m.34 views

CVE-2026-54287 Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attribute...

5.3CVSS0.00186EPSS
Exploits0References1
Rows per page
Query Builder