Lucene search
K

81 matches found

OSV
OSV
added 5 days ago3 views

EEF-CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Summary Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls\server\connection:initial\hello/3 initializes previous\cookie\secret...

6.3CVSS5.8AI score0.00389EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS0.001EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago2 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-41007

Multiple unbounded alloca calls in the PulseAudio protocol server...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server. Mitigation No practical mitigation beyond upgrading. The PulseAudio protocol server is a core module required for PulseAudio application compatibility...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51507

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.2 Description Multiple OS command injection issues exist in the Custom MCP Server feature. These occur due to incomplete command-flag validation and a regex bypass in local file access restrictions. An attacker wi...

9.9CVSS6.2AI score0.02683EPSS
Exploits1References12
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 5:57 a.m.17 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032...

9.8CVSS5.8AI score0.01325EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/05/13 6:30 p.m.9 views

EUVD-2026-30004

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 2:12 p.m.31 views

CVE-2026-42920 BIG-IP DTLS Vulnerability

When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.7CVSS0.00263EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40675

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions prior to 17.1.3.1 F5 BIG-IP versions prior to 17.5.1.4 F5 BIG-IP versions prior to 21.0.0.1 Description When a Client SSL profile is configured with Allow Dynamic Record Sizing on a UDP virtual server, undisclosed traffic ca...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/28 1:22 a.m.4 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 3:16 p.m.10 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35433

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00366EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 12:0 a.m.7 views

EUVD-2026-25855

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.3AI score0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/27 12:0 a.m.5 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

5.3AI score0.00366EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/27 12:0 a.m.30 views

CVE-2026-30350

An issue in the /store/items/search endpoint of Agent Protocol server commit e9a89f allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/04/27 12:0 a.m.16 views

CVE-2026-30350

Technical details are not publicly available in the provided documents. Monitor updates from primary sources for affected components, exact versions, and remediation guidance.

7.5CVSS5.3AI score0.00366EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 12:0 a.m.6 views

CVE-2026-30617

LangChain-ChatChat 0.3.1 is vulnerable to remote code execution via the MCP STDIO server configuration/execution handling. An attacker can reach the publicly exposed MCP management interface, configure an MCP STDIO server with attacker-controlled commands, and trigger arbitrary OS command executi...

8.6CVSS6.5AI score0.00472EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 7:40 p.m.19 views

CVE-2026-35577 Missing Host Header Validation in Apollo MCP Server for Localhost Deployments

Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run ...

6.8CVSS0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.10 views

sf-mcp-server 操作系统命令注入漏洞

sf-mcp-server is a context-based protocol server developed by Anton Kutishevsky. sf-mcp-server has an operating system command injection vulnerability. This vulnerability arises from unsafe operations when using childprocess.exec to handle user input, which may lead to command injection attacks...

7.5CVSS5.8AI score0.00911EPSS
Exploits0References2
Rows per page
Query Builder