Lucene search
K

45701 matches found

NVD
NVD
added yesterday4 views

CVE-2026-40955

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-40953

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-40954

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-40955

CVE-2026-40955 describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability allows attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent Denial of Service against their client. Affecte...

2.1CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44788

CVE-2026-40955 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-40954

The CVE-2026-40954 entry describes an integer underflow in the traffic parsing function of Secure Access clients prior to 14.55. The vulnerability can be exploited by attackers with intimate knowledge of and total control over the tunnel protocol to cause a non-persistent DoS against their client...

2.1CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44787

CVE-2026-40954 is an integer underflow vulnerability in the traffic parsing function of Secure Access clients prior to 14.55. Attackers with intimate knowledge of and total control over the tunnel protocol can create a non-persistent DoS against their client...

2.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-40953

CVE-2026-40953: heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Local access with administrator permissions can cause a denial of service on the client. Affected software is Secure Access clients (versions before 14.55); root cause is a heap overflow in ...

6.7CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday3 views

EUVD-2026-44784

CVE-2026-40953 is a heap overflow in the certificate parsing function of Secure Access clients prior to 14.55. Attackers with local access and administrator permissions can create a denial of service attack against the client over which they have control...

6.7CVSS6.1AI score
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-59955

Apollo is a reliable configuration management system suitable for microservice configuration management scenarios. Prior to 2.5.2, Apollo ConfigService may allow unauthorized access to raw configuration data when AccessKey or management key authentication is enabled because requests under...

7.5CVSS
Exploits0References3
NVD
NVD
added yesterday4 views

CVE-2026-52842

Lightpanda is a headless browser designed for AI and automation. Prior to 0.3.1, Lightpanda searched for @ across the entire URL string instead of only the authority component when computing a page origin, so a URL such as http://attacker.com/@victim.com/ was fetched from attacker.com but treated...

9.3CVSS0.00033EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday1 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7AI score0.0052EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added yesterday2 views

Important: Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (golang-github-openstack-k8s-operators-os-diff) security update

An update for golang-github-openstack-k8s-operators-os-diff is now available for Red Hat OpenStack Services on OpenShift 18.0 Antelope. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a...

8.8CVSS6.8AI score0.00813EPSS
Exploits2References11
Nuclei
Nuclei
added yesterday50 views

Apache Tomcat - HTTP Request Smuggling

Apache Tomcat from versions 8.5.0 to 8.5.93, 9.0.0-M1 to 9.0.81, 10.1.0-M1 to 10.1.13, and 11.0.0-M1 to 11.0.0-M11 contain an improper input validation caused by incorrect parsing of HTTP trailer headers, letting attackers craft headers to cause request smuggling, exploit requires sending malicio...

5.3CVSS6.7AI score0.05848EPSS
Exploits2References3
Nuclei
Nuclei
added yesterday21 views

Kubernetes API Server - YAML Parsing DoS (Billion Laughs)

The Kubernetes API server is vulnerable to a denial of service attack via YAML/JSON parsing. An attacker can send a specially crafted YAML/JSON payload that causes exponential memory consumption Billion Laughs attack, leading to API server crash. id: CVE-2019-11253 info: name: Kubernetes API Serv...

7.5CVSS6.7AI score0.25939EPSS
Exploits2References3
NVD
NVD
added 2 days ago3 views

CVE-2026-15711

A vulnerability was found in libsoup's WebSocket frame parsing implementation. The library fails to validate length rules specified in RFC 6455 §5.5, which mandates that all WebSocket control frames e.g., PING, PONG, CLOSE contain a payload of 125 bytes or less. A remote, unauthenticated attacker...

7.5CVSS0.00431EPSS
Exploits0References3
CVE
CVE
added 2 days ago34 views

CVE-2026-47737

CVE-2026-47737 affects the Puma Ruby/Rack web server. From 5.5.0 up to 7.2.1 and 8.0.2, it is vulnerable to source IP spoofing when set_remote_address proxy_protocol: :v1 is enabled and persistent connections are used. Puma re-parses PROXY protocol headers after each keep-alive on the same connec...

7.5CVSS6.1AI score0.00177EPSS
Exploits0References7
Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-47737 Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

Puma is a Ruby/Rack web server built for parallelism. From 5.5.0 until 7.2.1 and 8.0.2, Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used because Puma incorrectly re-parses PROXY protocol headers after each keep-alive...

7.5CVSS0.00177EPSS
Exploits0References7
NVD
NVD
added 2 days ago4 views

CVE-2026-47767

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 5.4.46 until 5.4.52, 6.4.40, 7.4.12, and 8.0.12, the CVE-2024-50340 fix gated runtime argv parsing on empty$GET, but parsestr and the web SAPI can disagree, allowing a crafted query string to...

9.8CVSS0.00328EPSS
Exploits0References6
NVD
NVD
added 2 days ago3 views

CVE-2026-45066

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. From 6.1.0-BETA1 until 6.4.40, 7.4.12, and 8.0.12, HtmlSanitizer URL sanitization can allow off-allowlist URLs through allowLinkHosts or allowMediaHosts because UrlSanitizer::parse follows RFC 3986...

6.1CVSS0.00454EPSS
Exploits0References5
Rows per page
Query Builder