Lucene search
K

11098 matches found

EUVD
EUVD
added 2026/06/08 3:23 p.m.14 views

EUVD-2026-35100

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:23 p.m.85 views

CVE-2026-42536

Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 3:19 p.m.14 views

CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

5.4AI score0.00486EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/08 3:19 p.m.10 views

CVE-2026-44631

Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

9.8CVSS5.4AI score0.00486EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/08 3:16 p.m.8 views

CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash

Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67...

5.4AI score0.00525EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/08 2:12 p.m.8 views

CVE-2026-43972 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection

Origin Validation Error vulnerability in ninenines gun gunhttp2 module allows cross-origin cookie injection via unvalidated HTTP/2 PUSHPROMISE authority. In gunhttp2:pushpromiseframe/7, the :authority pseudo-header from an incoming PUSHPROMISE frame is stored verbatim into the promised stream...

6.3CVSS5.7AI score0.00215EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 12:50 p.m.2 views

CLEANSTART-2026-JL47330 Security fixes for CVE-2025-22868, CVE-2025-47911, CVE-2025-47912, CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-58183, CVE-2025-58185, CVE-2025-58186, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-58190, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-25681, CVE-2026-27136, CVE-2026-27139, CVE-2026-27142, CVE-2026-27145, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32288, CVE-2026-32289, CVE-2026-33186, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, CVE-2026-42502, CVE-2026-42507, CVE-2026-46598 applied in versions: 2.15.0-r0, 2.15.0-r1, 2.15.0-r2, 2.15.0-r3, 2.16.0-r3

Multiple security vulnerabilities affect the kube-state-metrics package. These issues are resolved in later releases. See references for individual vulnerability details...

10CVSS6.6AI score0.01945EPSS
Exploits7References101
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

req 安全漏洞

“req” is a simple Go HTTP client developed by a Roc individual using Black Magic. Versions of “req” from 0.1.0 to 0.6.1 contained security vulnerabilities. These vulnerabilities stemmed from improper handling of highly compressed data, which could allow an attacker-controlled HTTP server to exhau...

8.2CVSS5.4AI score0.00438EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/06/08 12:0 a.m.98 views

📄 ProjeQtor 12.4.3 SQL Injection

This Metasploit auxiliary module targets an unauthenticated SQL injection vulnerability in ProjeQtor login functionality and is structured as a scanner-style module with multiple operational modes. Version 12.4.3 is affected...

9.8CVSS5.6AI score0.00558EPSS
Exploits2
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.7 views

Fides 跨站脚本漏洞

Fides is an open-source privacy engineering platform developed by Ethyca, used to manage the implementation of data privacy requests in the runtime environment and the enforcement of privacy regulations within code. Versions of Fides from 2.33.0 to 2.84.5 contained a cross-site scripting...

7CVSS5AI score0.00297EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.12 views

PT-2026-47300

Name of the Vulnerable Software and Affected Versions gun versions 2.0.0 through 2.3.x Description An issue in the gun http module allows a malicious HTTP server to force a client into raw protocol mode by sending an unsolicited 101 Switching Protocols response. In the handle inform/8 function, t...

8.7CVSS5.6AI score0.00381EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.7 views

Apache HTTP Server 缓冲区错误漏洞

Apache HTTP Server is an open-source web server developed by the Apache Foundation in the United States. This server is known for its speed, reliability, and ability to be expanded through simple APIs. Versions of Apache HTTP Server from 2.4.0 to 2.4.67 contained a buffer error vulnerability, whi...

6.5CVSS5.5AI score0.00525EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.16 views

PT-2026-47323

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description A buffer over-read occurs during outbound OCSP Online Certificate Status Protocol requests sent to an attacker-controlled OCSP server. A buffer over-read is a condition where a syste...

8.2CVSS5.6AI score0.82295EPSS
Exploits1References132
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.13 views

CVE-2026-45777

OpenXDMoD is an open framework for collecting and analyzing HPC metrics. Starting in version 9.5.0 and prior to version 11.0.3, an attacker can remotely execute arbitrary system commands on the web server hosting Open XDMoD with the privileges of the web server process. This could allow an attack...

9.8CVSS5.8AI score0.00388EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/06/06 5:19 p.m.114 views

Exploit for CVE-2026-42926

CVE-2026-42926 NGINX HTTP/2 Frame Injection Lab A controlled...

6.3CVSS5.7AI score0.00339EPSS
Exploits1
OSV
OSV
added 2026/06/06 3:56 a.m.7 views

JLSEC-2026-575

A flaw was found in Nettle in versions before 3.7.2, where several Nettle signature verification functions GOST DSA, EDDSA & ECDSA result in the Elliptic Curve Cryptography point ECC multiply function being called with out-of-range scalers, possibly resulting in incorrect results. This flaw allow...

8.1CVSS6.5AI score0.01607EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2026/06/06 2:45 a.m.8 views

SUSE CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.1CVSS5.5AI score0.00112EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.13 views

Fedora 44 : rust (2026-e251935c8f)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e251935c8f advisory. Update to Rust 1.96.0: New Range types Assert matching patterns Changes to WebAssembly targets Stabilized APIs Cargo CVE-2026-5222 and CVE-2026-5223...

6.5CVSS5.6AI score0.00328EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/06/05 9:15 p.m.7 views

io.camunda:camunda-zeebe (>=8.9.0 <=8.10.0-alpha1-rc3), org.finos.legend.engine:legend-engine-xt-relationalStore-aurora-execution (>=4.128.0 <=4.131.0) +3 more potentially affected by CVE-2026-11400 via software.amazon.jdbc:aws-advanced-jdbc-wrapper (>=3.2.0 <=4.0.0)

software.amazon.jdbc:aws-advanced-jdbc-wrapper MAVEN version =3.2.0, =8.9.0, =4.128.0, =4.131.0 - org.wildfly:wildfly-datasources-galleon-pack =11.4.0.Final - org.wildfly:wildfly-datasources-galleon-pack-common =11.4.0.Final - org.wildfly:wildfly-datasources-preview-galleon-pack =11.4.0.Final...

8.6CVSS5.7AI score0.00305EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:58 p.m.8 views

CVE-2023-54342

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...

9.8CVSS6.7AI score0.00455EPSS
Exploits0References1
Rows per page
Query Builder