Lucene search
+L

489 matches found

ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.12 views

PT-2026-35643

Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.81.16 through 1.83.6 Description An unauthenticated pre-auth SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixes caller-supplied values directly into the query text...

9.8CVSS6.2AI score0.86607EPSS
Exploits7References218
ptsecurity
ptsecurity
added 2026/04/24 12:0 a.m.8 views

PT-2026-34962

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the ksmbd component during the SPNEGO decoding process. When the ksmbd decode negTokenInit function processes the mechToken OCTET STRING element, the ksmbd neg...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References319
nvd
nvd
added 2026/04/23 10:16 p.m.5 views

CVE-2026-41343

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

6.9CVSS0.00459EPSS
Exploits0References3
cve
cve
added 2026/04/23 9:58 p.m.17 views

CVE-2026-41343

OpenClaw is affected prior to version 2026.3.31. The vulnerability arises from a missing shared pre-auth concurrency budget on the public LINE webhook path, allowing remote attackers to flood the webhook endpoint with concurrent requests before signature verification, which can exhaust resources ...

6.9CVSS5.8AI score0.00459EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/04/23 12:0 a.m.12 views

PT-2026-34774

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade...

6.9CVSS5.8AI score0.00459EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.18 views

PT-2026-34270

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with valid administrative credentials to execute arbitra...

9.1CVSS7.2AI score0.00748EPSS
Exploits0References25
susecve
susecve
added 2026/04/20 11:26 p.m.7 views

SUSE CVE-2026-35512

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS6.3AI score0.00583EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/04/20 6:31 a.m.7 views

CVE-2026-35512

A flaw was found in xrdp, an open-source Remote Desktop Protocol RDP server. This heap-based buffer overflow vulnerability, caused by insufficient validation of client-controlled size parameters, allows an out-of-bounds write via crafted Protocol Data Units PDUs. A remote attacker can exploit thi...

8.8CVSS6.2AI score0.00583EPSS
Exploits0References2
githubexploit
githubexploit
added 2026/04/19 9:46 a.m.166 views

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 — FortiClient EMS Pre-Auth Bypass Proof of Con...

9.8CVSS5.8AI score0.88505EPSS
Exploits8
githubexploit
githubexploit
added 2026/04/18 7:46 a.m.147 views

Exploit for CVE-2026-39987

CVE-2026-39987 marimo is a reactive Python notebook. Prior to...

9.3CVSS7.7AI score0.95645EPSS
Exploits11
cvelist
cvelist
added 2026/04/17 8:21 p.m.22 views

CVE-2026-35512 xrdp: Heap buffer overflow in EGFX channel

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS0.00583EPSS
Exploits0References2
euvd
euvd
added 2026/04/17 8:21 p.m.6 views

EUVD-2026-23519

xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX graphics dynamic virtual channel implementation due to insufficient validation of client-controlled size parameters, allowing an out-of-bounds write via crafted PDUs. Pre-authentication...

8.7CVSS6.3AI score0.00583EPSS
Exploits0References2
euvd
euvd
added 2026/04/17 6:31 p.m.26 views

EUVD-2026-22855

Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules.This issue affects BC-JAVA: before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References3
osv
osv
added 2026/04/17 6:31 p.m.4 views

GHSA-CJ8J-37RH-8475 Bouncy Castle Uncontrolled Resource Consumption vulnerability

Allocation of resources without limits or throttling vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This issue affects BC-JAVA before 1.84. Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion...

8.7CVSS5.7AI score0.00758EPSS
Exploits0References4
cve
cve
added 2026/04/17 6:14 p.m.31 views

CVE-2026-27890

Firebird CVE-2026-27890 is a pre-auth DoS flaw. In versions prior to 5.0.4, 4.0.7 and 3.0.14, during authentication the server assumes CNCT_specific_data segments arrive in strictly ascending order. If segments arrive out of order, the Array.grow() method computes a negative size, causing a SIGSE...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4Affected Software1
osv
osv
added 2026/04/15 10:16 a.m.3 views

DEBIAN-CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References1
nvd
nvd
added 2026/04/15 10:16 a.m.62 views

CVE-2026-3505

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS0.00758EPSS
Exploits0References10
cvelist
cvelist
added 2026/04/15 9:6 a.m.81 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS0.00758EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/15 9:6 a.m.4 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS5.8AI score0.00758EPSS
Exploits0References2
osv
osv
added 2026/04/15 9:6 a.m.2 views

CVE-2026-3505 Unbounded PGP AEAD chunk size leads to pre-auth resource exhaustion.

Allocation of resources without limits or throttling, Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpg on all pg modules. This vulnerability is associated with program files AEADEncDataPacket.Java, BcAEADUtil.Java, JceAEADUtil.Java,...

8.7CVSS5.9AI score0.00758EPSS
Exploits0References14
Rows per page
Query Builder