Lucene search
K

1154 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 5:40 p.m.12 views

CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the encode function in lib/helpers/AxiosURLSearchParams.js contains a character mapping charMap at line 21 that reverses the safe percent-encoding of null bytes. After encodeURIComponent'\x00' correctly...

3.7CVSS5.3AI score0.00217EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/22 6:31 p.m.6 views

EUVD-2026-25036

A logic error in the cut utility of uutils coreutils causes the program to incorrectly interpret the literal two-byte string '' two single quotes as an empty delimiter. The implementation mistakenly maps this string to the NUL character for both the -d delimiter and --output-delimiter options. Th...

5.5CVSS5.8AI score0.00157EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/22 4:9 p.m.34 views

CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering

A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s only-delimited flag when using the -z null-terminated and -d '' empty delimiter options together. The implementation incorrectly routes this specific combination through a specialized newline-delimiter code...

3.3CVSS0.00182EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/15 6:31 p.m.4 views

EUVD-2026-22930

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 3:17 p.m.25 views

CVE-2026-20202

The CVE-2026-20202 entry concerns Splunk Enterprise (versions < 10.2.2, < 10.0.5, < 9.4.10, < 9.3.11) and Splunk Cloud Platform (versions < 10.4.2603.0, < 10.3.2512.6, < 10.2.2510.10, < 10.1.2507.20, < 10.0.2503.13,

6.6CVSS5.8AI score0.00246EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/15 3:17 p.m.31 views

CVE-2026-20202 Improper Input Validation during User Account Creation in Splunk Enterprise

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

6.6CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 3:17 p.m.7 views

CVE-2026-20202

In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, a user who holds a role that contains the high-privilege capability editusercould create a special...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/15 10:29 a.m.9 views

Security Bulletin: Vulnerabilities in OpenSSH affects IBM Netezza Appliance

Summary The OpenSSH package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVEs CVE-2025-61984, CVE-2025-61985 Vulnerability Details CVEID:CVE-2025-61984 DESCRIPTION: ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certa...

3.6CVSS6.7AI score0.00218EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/15 12:0 a.m.8 views

Splunk Enterprise 9.3.0 < 9.3.11, 9.4.0 < 9.4.10, 10.0.0 < 10.0.5, 10.2.0 < 10.2.2 (SVD-2026-0401)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0401 advisory. - In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0,...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.8 views

PT-2026-33064

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.2 Splunk Enterprise versions prior to 10.0.5 Splunk Enterprise versions prior to 9.4.10 Splunk Enterprise versions prior to 9.3.11 Splunk Cloud Platform versions prior to 10.4.2603.0 Splunk Cloud Platfo...

6.6CVSS5.8AI score0.00246EPSS
Exploits0References5
NVD
NVD
added 2026/04/14 12:16 a.m.4 views

CVE-2026-33948

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS0.00256EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/13 11:51 p.m.13 views

CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input

jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When reading JSON from files or stdin, jq uses strlen to determine buffer length instead of the actual byte...

6.3CVSS6AI score0.00256EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/03/28 12:25 a.m.4 views

SUSE CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

NewStart CGSL MAIN 7.02 : openssh Multiple Vulnerabilities (NS-SA-2026-0036)

The remote NewStart CGSL host, running version MAIN 7.02, has openssh packages installed that are affected by multiple vulnerabilities: - ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. CVE-2025-61985 - ssh ...

3.6CVSS6.8AI score0.00218EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.11 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-33191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/23 6:14 p.m.2 views

Improper Neutralization of Null Byte or NUL Character

Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character via the URL path parameter handling process. An attacker can cause the application to return a 500 Internal Server Error by injecting a null byte into the URL path parameter...

8.7CVSS5.9AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:14 p.m.10 views

GO-2026-4763 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error in github.com/free5gc/udm

free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error in github.com/free5gc/udm...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References4
NVD
NVD
added 2026/03/20 8:16 a.m.5 views

CVE-2026-33191

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS0.00354EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 7:54 a.m.4 views

CVE-2026-33191 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error

Free5GC is an open-source Linux Foundation project for 5th generation 5G mobile core networks. Versions prior to 1.4.2 are vulnerable to null byte injection in URL path parameters. A remote attacker can inject null bytes URL-encoded as %00 into the supi path parameter of the UDM's...

8.7CVSS6.3AI score0.00354EPSS
Exploits0References4
Rows per page
Query Builder