Lucene search
K

363 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 3:42 p.m.10 views

CVE-2026-43967 Quadratic fragment-name uniqueness check causes denial of service in absinthe

Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for each one calls...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Absinthe 安全漏洞

Absinthe is an open-source GraphQL implementation framework based on Elixir. Versions of Absinthe from 1.2.0 to 1.10.2 contained security vulnerabilities. These vulnerabilities were due to a quadratic algorithm complexity issue in the uniqueness validation of fragment names, which could lead to...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-39148

Name of the Vulnerable Software and Affected Versions absinthe versions 1.2.0 through 1.10.1 Description An inefficient algorithmic complexity issue allows unauthenticated denial of service through quadratic fragment-name uniqueness validation. The function run/2 within...

8.7CVSS5.8AI score0.00624EPSS
Exploits1References10
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Admidio 路径遍历漏洞

Admidio is a set of open-source member management systems developed by the Admidio team. This system supports features such as member lists, event management, message boards, photo albums, and downloads. Prior to Admidio 5.0.9, there was a path traversal vulnerability. This vulnerability stemmed...

4.5CVSS5.9AI score0.00362EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/05 10:48 a.m.7 views

Improper Validation Of Certificate

Apache Thrift is vulnerable to Improper Validation of Certificate. The vulnerability is due to improper validation of certificates against the host name, which allows an attacker to perform man-in-the-middle attacks by presenting a mismatched or malicious certificate...

8.2CVSS5.8AI score0.00593EPSS
Exploits0References13Affected Software2
CloudLinux
CloudLinux
added 2026/05/02 1:4 a.m.11 views

ansible: Fix of CVE-2019-14904

CVE-2019-14904: validate solariszone name to prevent command injection...

7.3CVSS7.1AI score0.00418EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:9 p.m.3 views

CVE-2026-41382

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS5.2AI score0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.36 views

CVE-2026-41382 OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord voice ingress that allows attackers to bypass channel and member allowlist restrictions. Attackers can exploit stale-role validation gaps and improper channel name validation to gain unauthorized access to...

5.4CVSS0.00222EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35767

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An authorization bypass exists in the Discord voice ingress. This issue allows attackers to circumvent channel and member allowlist restrictions by exploiting improper channel name validation an...

5.4CVSS5.8AI score0.00222EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/04/24 10:16 a.m.12 views

CVE-2026-41044

Improper Input Validation, Improper Control of Generation of Code 'Code Injection' vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to...

8.8CVSS6.6AI score0.0098EPSS
Exploits0
CVE
CVE
added 2026/04/24 10:16 a.m.26 views

CVE-2026-41044

The CVE describes an authenticated RCE/Code Injection in Apache ActiveMQ (Classic) and related brokers via the admin web console. An attacker can craft a malicious broker name (bypassing validation) that embeds an xbean binding, which a VM transport can later load through a DestinationView MBean ...

8.8CVSS6.5AI score0.0098EPSS
Exploits0References5Affected Software2
Github Security Blog
Github Security Blog
added 2026/04/23 9:54 p.m.14 views

melange has Path Traversal via .PKGINFO in --persist-lint-results

Impact melange lint --persist-lint-results opt-in flag, also usable via melange build --persist-lint-results constructs output file paths by joining --out-dir with the arch and pkgname values read from the .PKGINFO control file of the APK being linted. In affected versions these values were not...

4.4CVSS5.9AI score0.00172EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.7 views

Tenda W30E 安全漏洞

The Tenda W30E is a router produced by the Chinese company Tenda. The Tenda W30E V2.0 V16.01.0.21 version has a security vulnerability. This vulnerability stems from the improper validation of the hostName parameter in the dopingaction function, which may lead to command injection attacks...

7.3CVSS5.8AI score0.01327EPSS
Exploits1References2
CVE
CVE
added 2026/04/17 4:43 p.m.18 views

CVE-2026-40518

Summary: ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation due to bypassed agent name validation. This allows an attacker to supply traversal-style values or absolute paths as the agent name, influenci...

9.1CVSS5.9AI score0.00356EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/17 4:43 p.m.19 views

CVE-2026-40518

ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attackers can supply traversal-style values or absolute paths as the agent name to influence directory...

7.1CVSS5.9AI score0.00356EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/17 12:0 a.m.9 views

DeerFlow 安全漏洞

DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...

7.1CVSS5.9AI score0.00356EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.8 views

KubePlus 安全漏洞

KubePlus is an open-source Kubernetes multi-tenant application management platform developed by cloud-ark. Version 4.14 of KubePlus contains a security vulnerability. This vulnerability stems from the /registercrd endpoint in the kubeconfiggenerator component, which fails to clean up or validate...

8.8CVSS5.8AI score0.02183EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/12 12:0 a.m.8 views

Nsasoft SpotFTP Password Recover 安全漏洞

Nsasoft SpotFTP Password Recover is a tool developed by the NSASoft company in the United States, designed to recover saved account passwords from FTP clients. Version 2.4.2 of Nsasoft SpotFTP Password Recover contains a security vulnerability. This vulnerability stems from insufficient input...

6.9CVSS5.8AI score0.00205EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:17 a.m.7 views

Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

5.9AI score
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/08 12:0 a.m.13 views

CVE-2025-50649

The CVE-2025-50649 entry affects D-Link DI-8003 devices (firmware 16.07.26A1). It is caused by a buffer overflow in the /shut_set.asp endpoint due to improper input validation of the vlan_name parameter. Reported as a denial of service risk in CNVD-2026-17631 and reflected in multiple feeds; CVSS...

7.5CVSS6.2AI score0.00516EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder