Lucene search
K

33523 matches found

Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-53020

Name of the Vulnerable Software and Affected Versions python-engineio versions prior to 4.13.2 Description Two specific configurations of the server fail to verify the size of incoming messages before loading them into memory, which can lead to excessive memory allocations. This occurs during POS...

7.5CVSS5.8AI score
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52884

Name of the Vulnerable Software and Affected Versions Envoy versions 1.18.0 through 1.35.12 Envoy versions 1.36.0 through 1.36.8 Envoy versions 1.37.0 through 1.37.4 Envoy versions 1.38.0 through 1.38.2 Description The router filter contains a null pointer dereference—a condition where the softwa...

7.5CVSS5.9AI score0.00445EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.5 views

CVE-2026-42342

A flaw was found in React Router and @remix-run/server-runtime. A remote attacker can exploit this vulnerability by sending certain crafted requests to the manifest endpoint. This can lead to unbounded path expansion, consuming disproportionate server resources. The primary consequence is a denia...

7.5CVSS5.7AI score0.00299EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 10:18 p.m.10 views

EUVD-2026-31397

golang.org/x/crypto/ssh: Invoking client can cause server deadlock on unexpected responses...

9.1CVSS5.8AI score0.005EPSS
Exploits0References7
NVD
NVD
added 2026/06/25 10:17 p.m.8 views

CVE-2026-50176

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks or brute-force attacks to gain unauthorized access...

8.7CVSS0.00391EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/25 9:16 p.m.7 views

CVE-2026-12992 Apicurio/apicurio-registry: apicurio-registry: ssrf via wsdl4j import dereference in wsdl full validation

A flaw was found in Apicurio Registry. The WSDLReaderAccessor creates a wsdl4j WSDLReader without disabling the javax.wsdl.importDocuments feature. When the VALIDITY rule is set to FULL, an attacker with Developer-role access can upload a WSDL document containing attacker-controlled import...

7.4CVSS6AI score0.00195EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 p.m.13 views

CVE-2026-6412

Technical details about CVE-2026-6412 are not publicly available in the provided documents. Monitor for updates from the cited sources (WolfSSL, NVD, Debian tracker, CVE List, OSV, EUVD, etc.).

4.3CVSS5.8AI score0.00074EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 7:35 p.m.4 views

CVE-2026-40984

A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS5.9AI score0.00573EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 7:16 p.m.7 views

CVE-2026-56769

Huly Platform through 0.7.423, fixed in commit 68cbf8a contains an authenticated server-side request forgery vulnerability in the /import endpoint of front pod that allows workspace users to make arbitrary server requests. Attackers can exploit this by supplying malicious URLs to fetch internal...

8.5CVSS0.00216EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:38 p.m.4 views

CVE-2026-49980

A flaw was found in Rclone, a command-line program for cloud storage synchronization. When the rcd --rc-serve option is enabled, an unauthenticated remote attacker can send specially crafted GET or HEAD requests to execute arbitrary commands as the Rclone process user. This vulnerability allows f...

9.8CVSS6.5AI score0.00701EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 6:16 p.m.8 views

CVE-2026-55180

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 6:11 p.m.14 views

CVE-2026-56779

MaxKB

6.4CVSS6AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 6:5 p.m.24 views

CVE-2026-46608

CVE-2026-46608 concerns Glances XML-RPC server (glances -s) where a multi-origin CORS configuration intended to restrict browser access silently falls back to a wildcard when cors_origins has two or more entries. The issue arises from server-side logic that sets Access-Control-Allow-Origin to the...

7.4CVSS5.9AI score0.00401EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:0 p.m.5 views

CVE-2026-55180

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:0 p.m.28 views

CVE-2026-55180 pnpm: Repository config can expand victim environment secrets into registry requests before scripts run

pnpm is a package manager. Prior to 10.34.2 and 11.5.3, pnpm and pacquet expanded $ENVVAR placeholders from repository-controlled .npmrc and pnpm-workspace.yaml into registry request destinations and registry credentials. A malicious repository could cause dependency resolution to send victim...

6.5CVSS0.00212EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 5:0 p.m.13 views

CVE-2026-55180

CVE-2026-55180 affects pnpm before 10.34.2 and 11.5.3. The issue arises when pnpm and related configuration (repository-controlled .npmrc and pnpm-workspace.yaml) expand ${ENV_VAR} placeholders into registry request destinations and registry credentials. This can cause dependency resolution to se...

6.5CVSS5.8AI score0.00212EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 4:7 p.m.11 views

CVE-2026-55412

ToolJet (open-source platform) Vulnerability: SSRF in the RestAPI data source component allows authenticated users to induce server-side HTTP requests that bypass its private IP filter via DNS trickery (169.254.169.254.nip.io), potentially stealing Azure managed identity tokens for the AKS produc...

8.3CVSS5.9AI score0.00193EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:2 p.m.4 views

CVE-2026-9716

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 3:2 p.m.16 views

CVE-2026-9716

CVE-2026-9716 describes a CWE-476 NULL Pointer Dereference that could cause a denial-of-service, rendering a device’s HMI and configuration functionality unavailable when malformed requests hit exposed network interfaces. The root cause is a NULL pointer dereference; impact is high availability l...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder