Lucene search
+L

489 matches found

osv
osv
added 2026/06/22 5:47 a.m.3 views

BIT-MONGODB-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.8AI score0.00347EPSS
Exploits0References2
nvd
nvd
added 2026/06/19 8:16 p.m.15 views

CVE-2026-48773

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS0.00358EPSS
Exploits0References2
osv
osv
added 2026/06/19 7:27 p.m.3 views

CVE-2026-48773 ProxySQL pre-auth heap overflow in MySQL and PostgreSQL first-packet handling

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. Versions 2.0.18 through 3.0.8 have a pre-authentication heap memory corruption vulnerability in the MySQL and PostgreSQL protocol first-read paths. A remote unauthenticated client can declare an oversized first packet length, and...

9.8CVSS7.3AI score0.00358EPSS
Exploits0References4
nuclei
nuclei
added 2026/06/19 11:10 a.m.13 views

Splunk Enterprise & Cloud Platform - Unrestricted File Upload

In Splunk Enterprise versions below 10.2.4 and 10.0.7, and Splunk Cloud Platform versions below 10.4.2604.3 and 10.2.2510.14, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.The vulnerability exists because the PostgreSQL sidecar...

9.8CVSS6.2AI score0.88171EPSS
Exploits5References2
debiancve
debiancve
added 2026/06/17 6:44 p.m.11 views

CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.3AI score0.00408EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/06/17 6:44 p.m.7 views

CVE-2026-55199

libssh2 through 1.11.1, fixed in commit 1762685, contains a pre-authentication denial of service vulnerability in the SSHMSGEXTINFO handler in src/packet.c that allows a malicious SSH server to cause a client CPU exhaustion loop by sending a crafted extension count value. A malicious server can s...

8.2CVSS5.8AI score0.00408EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/06/12 9:3 p.m.16 views

CVE-2026-53519 Nezha Monitoring: Pre-auth path traversal via /dashboard.. prefix confusion leaks jwt_secret_key

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. Prior to version 2.0.13, fallbackToFrontend in the dashboard's NoRoute handler treats any URL whose raw string starts with /dashboard as an admin-frontend asset request. The check uses strings.HasPrefi...

9.1CVSS5.2AI score0.00451EPSS
Exploits1References1
debiancve
debiancve
added 2026/06/10 8:24 p.m.8 views

CVE-2026-48108

Russh is a Rust SSH client & server library. From version 0.34.0-beta.1 to before version 0.61.0, russh did not enforce the SSH identification-string rules as deliberately as OpenSSH. In particular, the server-side identification reader used the same permissive path as the client, allowing...

5.3CVSS5.5AI score0.00277EPSS
Exploits0
githubexploit
githubexploit
added 2026/06/10 7:2 a.m.76 views

Exploit for Uncontrolled Resource Consumption in Solarwinds Serv-U

CVE-2026-28318 — SolarWinds Serv-U "Content-Encoding: deflate"...

7.5CVSS6.5AI score0.10659EPSS
Exploits2
euvd
euvd
added 2026/06/10 12:31 a.m.18 views

EUVD-2026-35860

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References2
osv
osv
added 2026/06/09 11:17 p.m.7 views

UBUNTU-CVE-2026-9742

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.3AI score0.00347EPSS
Exploits0References3
osv
osv
added 2026/06/09 10:43 p.m.2 views

CVE-2026-9740 Unbounded recursion in BSONColumn interleaved-reference causes pre-auth stack overflow

A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain nested binary data structures permits uncontrolled mutual recursion between validation functions,...

8.7CVSS5.9AI score0.00345EPSS
Exploits0References3
cve
cve
added 2026/06/09 4:4 p.m.28 views

CVE-2026-49843

FreeSWITCH vulnerability CVE-2026-49843 affects mod_verto before version 1.11.1. The JSON-RPC handler binds the client-supplied sessid on the first frame prior to authentication, inserting the connection into the global session hash and evicting any prior occupant on key collision (sending verto....

5.3CVSS5.4AI score0.00284EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/09 4:0 p.m.34 views

CVE-2026-49840

CVE-2026-49840 affects FreeSWITCH libesl before version 1.11.1. The flaw occurs in esl_recv_event(): Content-Length is parsed with atol() and the result is passed to malloc(len + 1) without sign or magnitude checks, allowing a pre-authentication, remote attacker to corrupt the heap or crash the p...

9.1CVSS5.4AI score0.0031EPSS
Exploits0References2Affected Software1
githubexploit
githubexploit
added 2026/06/09 2:14 p.m.72 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.4AI score0.72253EPSS
Exploits32
githubexploit
githubexploit
added 2026/06/05 11:2 a.m.94 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.4AI score0.72253EPSS
Exploits32
githubexploit
githubexploit
added 2026/06/04 6:56 p.m.83 views

Exploit for Stack-based Buffer Overflow in Microsoft

CVE-2026-41089 !TIP If the setup does not start, add t...

9.8CVSS6.3AI score0.72253EPSS
Exploits32
githubexploit
githubexploit
added 2026/06/03 5:14 a.m.106 views

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 분석 포트폴리오 Erlang/OTP SSH 사전인증 원격 코드 실행 취약점 분석...

10CVSS7.1AI score0.97859EPSS
Exploits36
nessus
nessus
added 2026/06/03 12:0 a.m.54 views

Fedora 44 : roundcubemail (2026-2b956d89d3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2b956d89d3 advisory. Release 1.7.1 - Enigma: Support automatic public key lookup import using HKP v1 protocol 5314 - Managesieve: Fix error when a mail message contains...

8.1CVSS6AI score0.00764EPSS
Exploits1References9
vulnrichment
vulnrichment
added 2026/06/01 5:9 p.m.13 views

CVE-2026-45691 Nextcloud: Bypass of second factor authentication on DAV endpoints

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, a pre-2FA session cookie created after successful password authentication but before TOTP completion could be reused as a Bearer token to authenticat...

5.9CVSS5.7AI score0.0029EPSS
Exploits0References3
Rows per page
Query Builder