Lucene search
+L

21112 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.364 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
NVD
NVD
added 1 hour ago4 views

CVE-2024-23575

HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...

5.3CVSS
Exploits0References1
CVE
CVE
added 2 hours ago8 views

CVE-2024-23575

The vulnerability CVE-2024-23575 affects HCL Aftermarket EPC, where the application returns detailed error messages that reveal server-side processing details. This information leakage can aid an attacker in crafting more focused attacks. The available sources do not specify affected versions, ex...

5.3CVSS5.3AI score
Exploits0References1
Nuclei
Nuclei
added 11 hours ago43 views

Ghost CMS - User Enumeration

Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...

5.3CVSS5.9AI score0.20196EPSS
Exploits1References3
Nuclei
Nuclei
added 11 hours ago38 views

WordPress User Messages <= 1.2.4 - Reflected XSS

WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...

6.1CVSS8AI score0.00562EPSS
Exploits1References2
NVD
NVD
added yesterday5 views

CVE-2026-44435

Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake messages received over a CRYPTO stream of a single packet number space exceeds 32KB, causing a...

7.5CVSS0.00052EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages

A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...

7.5CVSS6.9AI score0.00621EPSS
Exploits0References8
CVE
CVE
added yesterday9 views

CVE-2026-56456

Technical details such as affected versions, components, root cause, and remediation are not provided in the supplied documents. Monitor for updates.

5.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-44924

HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...

5.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-35141

HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. A remote attacker could intercept, delay, or fraudulent retransmit valid authentication data to gain unauthorized access. The documented mitigation requires including timestamps with every message and rejecting messages that exc...

2.6CVSS6.2AI score
Exploits0References1
NVD
NVD
added 2 days ago7 views

CVE-2026-52887

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api/myInAppChannels:list, where the filterlatestMsgReceiveTimestamp$lt value was inserted into a...

10CVSS0.00593EPSS
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-62389

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS0.0045EPSS
Exploits0References4
OSV
OSV
added 2 days ago5 views

MGASA-2026-0253 Updated openssl packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion. CVE-2026-7383 Out-of-Bounds Read in CMS Password-Based Decryption. CVE-2026-9076 Heap Buffer Over-read in ASN.1 Content Parsing. CVE-2026-34180 PKCS12 Files with PBMAC1 Are...

9.1CVSS6.1AI score0.02719EPSS
Exploits0References8
CVE
CVE
added 2 days ago5 views

CVE-2026-62389

CVE-2026-62389 affects the ws WebSocket library up to version 8.21.0 (pre-8.21.1). Root cause: in lib/receiver.js, the fragment guard only triggers when fragment count reaches maxFragments, allowing memory exhaustion by sending incomplete fragmented messages; each fragment is stored as a separate...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References4
OSV
OSV
added 2 days ago4 views

CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS

ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...

8.7CVSS6.1AI score0.0045EPSS
Exploits0References7
NVD
NVD
added 3 days ago4 views

CVE-2026-48069

@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...

7.5CVSS0.00625EPSS
Exploits0References13
CVE
CVE
added 3 days ago142 views

CVE-2026-48069

@grpc/grpc-js (pure JavaScript implementation) is affected by a crash when processing an invalid incoming compressed message. Affected versions: prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Remediation: upgrade to the ...

7.5CVSS6.1AI score0.00625EPSS
Exploits0References13
CVE
CVE
added 3 days ago6 views

CVE-2026-15058

The CVE-2026-15058 affects Devolutions Server versions 2026.2.11 and 2026.1.22, where the secure messages deletion endpoint incorrectly authorizes access. An authenticated user can delete another user’s messages by directly referencing the message identifier, due to an improper authorization flaw...

3.1CVSS6.1AI score0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-15058

Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier...

0.00162EPSS
Exploits0References1
CVE
CVE
added 3 days ago5 views

CVE-2026-10573

The vulnerability CVE-2026-10573 affects the 1734 POINT I/O module. The issue arises from improper handling of crafted CIP messages, which can cause the module to enter a faulted state. Exploitation leads to a denial-of-service condition, with the module requiring a restart to recover. Connected ...

8.7CVSS6.1AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder