21112 matches found
GNUnet P2P Framework 0.26.2
GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...
CVE-2024-23575
HCL Aftermarket EPC is vulnerable to attack since the application returns detailed error messages that leak information about the processing on the server. An attacker may use the contents of error messages to help launch another ,more focused attack...
CVE-2024-23575
The vulnerability CVE-2024-23575 affects HCL Aftermarket EPC, where the application returns detailed error messages that reveal server-side processing details. This information leakage can aid an attacker in crafting more focused attacks. The available sources do not specify affected versions, ex...
Ghost CMS - User Enumeration
Ghost CMS 5.9.4 contains a user enumeration vulnerability in the login functionality. The application reveals whether a user account exists through different error messages, allowing attackers to enumerate valid user accounts via specially-crafted HTTP requests. id: CVE-2022-41697 info: name: Gho...
WordPress User Messages <= 1.2.4 - Reflected XSS
WordPress User Messages plugin = 1.2.4 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires victim to load a...
CVE-2026-44435
Quicly is an IETF QUIC protocol implementation intended primarily for use within the H2O HTTP server. Prior to commit 937d0e9, an assertion failure is raised when the total number of valid handshake messages received over a CRYPTO stream of a single packet number space exceeds 32KB, causing a...
crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages
A flaw was found in the crypto/tls package within the Go golang standard library, specifically affecting TLS 1.3 connections. A remote attacker can exploit this vulnerability by sending multiple key update messages in a single record after the handshake. This can cause the connection to deadlock,...
CVE-2026-56456
Technical details such as affected versions, components, root cause, and remediation are not provided in the supplied documents. Monitor for updates.
EUVD-2026-44924
HCL DFXAnalytics is affected by an Internal File Path Disclosure vulnerability. The application dashboard inadvertently leaks sensitive information regarding its internal file structure and directory paths through unhandled error messages, system logs, or debugging output, which could allow a...
CVE-2026-35141
HCL DFXAnalytics is affected by a Login Replay Attack vulnerability. A remote attacker could intercept, delay, or fraudulent retransmit valid authentication data to gain unauthorized access. The documented mitigation requires including timestamps with every message and rejecting messages that exc...
CVE-2026-52887
NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to 2.0.61, NocoBase @nocobase/plugin-notification-in-app-message exposed GET /api/myInAppChannels:list, where the filterlatestMsgReceiveTimestamp$lt value was inserted into a...
CVE-2026-62389
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
MGASA-2026-0253 Updated openssl packages fix security vulnerabilities
The updated packages fix security vulnerabilities: Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion. CVE-2026-7383 Out-of-Bounds Read in CMS Password-Based Decryption. CVE-2026-9076 Heap Buffer Over-read in ASN.1 Content Parsing. CVE-2026-34180 PKCS12 Files with PBMAC1 Are...
CVE-2026-62389
CVE-2026-62389 affects the ws WebSocket library up to version 8.21.0 (pre-8.21.1). Root cause: in lib/receiver.js, the fragment guard only triggers when fragment count reaches maxFragments, allowing memory exhaustion by sending incomplete fragmented messages; each fragment is stored as a separate...
CVE-2026-62389 ws < 8.21.1 Default maxFragments Allows Memory Exhaustion DoS
ws before 8.21.1 contains a memory exhaustion vulnerability in lib/receiver.js where the fragment guard only triggers when fragment count reaches maxFragments, allowing attackers to exhaust memory by sending incomplete fragmented WebSocket messages. Attackers can send a text frame with FIN=0...
CVE-2026-48069
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...
CVE-2026-48069
@grpc/grpc-js (pure JavaScript implementation) is affected by a crash when processing an invalid incoming compressed message. Affected versions: prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Fixed in 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4. Remediation: upgrade to the ...
CVE-2026-15058
The CVE-2026-15058 affects Devolutions Server versions 2026.2.11 and 2026.1.22, where the secure messages deletion endpoint incorrectly authorizes access. An authenticated user can delete another user’s messages by directly referencing the message identifier, due to an improper authorization flaw...
CVE-2026-15058
Improper authorization in the secure messages deletion endpoint in Devolutions Server 2026.2.11, 2026.1.22 allows an authenticated user to delete another user's messages via a direct object reference to the message identifier...
CVE-2026-10573
The vulnerability CVE-2026-10573 affects the 1734 POINT I/O module. The issue arises from improper handling of crafted CIP messages, which can cause the module to enter a faulted state. Exploitation leads to a denial-of-service condition, with the module requiring a restart to recover. Connected ...