Lucene search
K

8776 matches found

NVD
NVD
added 1 hour ago4 views

CVE-2026-60065

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
NVD
NVD
added 1 hour ago5 views

CVE-2026-56434

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago6 views

CVE-2026-60065 NGINX Plus ngx_stream_mqtt_filter_module vulnerability

When NGINX Plus is configured to use the Message Queuing Telemetry Transport MQTT filter module ngxstreammqttfiltermodule, unauthenticated attackers can send requests with conditions beyond the attacker's control to cause a heap buffer over-read in the NGINX worker process, leading to a restart...

6.3CVSS
Exploits0References1
Cvelist
Cvelist
added 2 hours ago5 views

CVE-2026-56434 NGINX ngx_http_ssi_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS
Exploits0References1
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44684

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpssimodule module. This vulnerability may exist when the Server-Side Includes SSI, proxypass, and proxybuffering off directives are configured. With this configuration, an unauthenticated attacker with man-in-the-middle MITM abili...

8.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2 hours ago11 views

CVE-2026-56434

Summary: CVE-2026-56434 affects the nginx ngx_http_ssi_module in NGINX Plus and NGINX Open Source when SSI, proxy_pass, and proxy_buffering are configured off. An unauthenticated attacker with MITM control over upstream responses can trigger a heap buffer over-read in the nginx worker process, po...

8.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added 2 hours ago7 views

CVE-2026-60065

CVE-2026-60065 affects NGINX Plus when the MQTT filter module (ngx_stream_mqtt_filter_module) is enabled. Unauthenticated attackers can send crafted requests to trigger a heap buffer over-read in an NGINX worker process, potentially causing a restart. Impact is limited to data-plane availability ...

6.3CVSS6.2AI score
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-15714

An out-of-bounds read vulnerability was found in libsoup's multipart processing subsystem. The flaw exists in the soupmultipartinputstreamreadheaders function inside soup-multipart-input-stream.c, which does not adequately restrict or validate the size of incoming multipart boundary strings. When...

6.5CVSS
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-55036

Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday2 views

CVE-2026-50383

Buffer over-read in Windows Print Spooler Components allows an authorized attacker to disclose information locally...

6.1CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-15712

CVE-2026-15712 affects libsoup’s HTTP/2 connection tracking in/libsoup3 (versions 3.0–3.7.0) where the GOAWAY frame’s Additional Debug Data is parsed as a NUL-terminated C-string without strict length checks. This permits a remote, unauthenticated attacker to send malformed GOAWAY frames, causing...

5.9CVSS6.1AI score
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2025-43892

Fortinet FortiOS is affected by CVE-2025-43892: a buffer over-read in FortiOS 7.6.0–7.6.2, 7.4.0–7.4.8, and 7.2 all versions. An authenticated remote attacker could cause the device to return a portion of memory in the redirect response by submitting a specially crafted request. The CVSSv3.1 vect...

4.3CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday22 views

CVE-2026-59840

Fortinet FortiOS (7.6.0–7.6.2, 7.4.0–7.4.8, 7.2 all) and FortiProxy (7.6.0–7.6.5, 7.4.0–7.4.13, 7.2 all) are affected by a buffer over-read that may lead to information disclosure. Root cause described as a buffer over-read affecting multiple Fortinet products; the exact attack vector is not spec...

4.3CVSS6.1AI score
Exploits0References1Affected Software2
Microsoft CVE
Microsoft CVE
added yesterday3 views

Windows Redirected Drive Buffering System Elevation of Privilege Vulnerability

Buffer over-read in Windows Redirected Drive Buffering allows an authorized attacker to elevate privileges locally...

7CVSS6.1AI score
Exploits0
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58354

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A buffer over-read in Windows Redirected Drive Buffering enables an authorized attacker to elevate privileges locally, potentially allowing a low-privileged local account to obtain...

7CVSS6.2AI score
Exploits0References3
Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58364

Name of the Vulnerable Software and Affected Versions Windows Print Spooler affected versions not specified Description A buffer over-read in Windows Print Spooler components allows an authorized attacker to disclose information locally. A buffer over-read occurs when a program reads more data fr...

6.1CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2 days ago5 views

CVE-2026-15685

Ollama downloadBlob Improper Validation of Array Index Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Ollama. Authentication is not required to exploit this vulnerability. The specific flaw exists...

7.5CVSS0.00391EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2 days ago4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.2AI score0.00132EPSS
Exploits0References7
NVD
NVD
added 5 days ago6 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS0.0069EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-57158

FreeRDP is a free implementation of the Remote Desktop Protocol. From 3.21.0 before 3.28.0, FreeRDP clients using the GFX pipeline contain an incomplete fix for CVE-2026-23530 in planardecompressplanerleonly in libfreerdp/codec/planar.c, allowing a malicious RDP server to send a truncated...

9.1CVSS7AI score0.0069EPSS
Exploits1
Rows per page
Query Builder