Lucene search
K

428 matches found

Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-51926

An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid...

0.0036EPSS
Exploits0References2
OSV
OSV
added 6 days ago6 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-58471 GNU Wget 1.25.0 Heap Buffer Overflow via convert_fname() in url.c

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 6 days ago4 views

CVE-2026-58471

GNU Wget through 1.25.0, fixed in commit c2640fe, contains a heap buffer overflow vulnerability in the convertfname function within src/url.c that allows remote attackers to trigger memory corruption through a server-supplied filename requiring character set conversion. When the output buffer is...

6CVSS6.2AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56240

Name of the Vulnerable Software and Affected Versions GNU Wget versions prior to 1.25.0 commit c2640fe Description A heap buffer overflow occurs in the convert fname function within src/url.c. This issue is triggered when a server-supplied filename requires character set conversion and the output...

7.1CVSS6.3AI score0.00221EPSS
Exploits0References13
OSV
OSV
added 2026/06/29 11:50 a.m.5 views

PYSEC-2026-577 rok Python ProxyShare can be used as an SSRF proxy through absolute URL paths

Summary Alice exposes a Python SDK ProxyShare with a fixed target URL. Bob sends a request to the share with an absolute URL in the path. The Flask handler passes that path to urllib.parse.urljoin, which replaces Alice's configured target host with Bob's host and returns the server-side response ...

9.9CVSS5.7AI score0.00061EPSS
Exploits0References5
OSV
OSV
added 2026/06/28 2:16 a.m.13 views

DEBIAN-CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/28 1:32 a.m.5 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 9:39 p.m.36 views

CVE-2026-56073

CVE-2026-56073 affects Cap-go before 12.128.2. An authentication bypass in OTP verification lets an attacker bypass email verification by manipulating server responses, intercepting OTP requests and falsely marking verification as successful. This enables unauthorized 2FA enablement and potential...

9.4CVSS5.9AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45728

Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, when Algernon is invoked with a single file path instead of a directory, singleFileMode is set to true and debugMode is forcibly enabled. debugMode activates the PrettyError renderer, which on any Lua or template error respon...

7.5CVSS5.5AI score0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS5.6AI score0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 9:36 a.m.60 views

CVE-2026-46155

CVE-2026-46155 affects the Linux kernel SMB client. The vulnerability is an out-of-bounds read in smb2_compound_op() caused by memcpy reading size[0] (OutputBufferLength) when iov_len is smaller than that length after a truncated server response. This can leak adjacent kernel heap memory. Impact ...

9.1CVSS5.8AI score0.00478EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.13 views

PT-2026-40842

Four CVEs CVE-2026-29103, CVE-2026-29104, CVE-2026-29892, CVE-2026-30441 shared the same root cause. An MCP server's response to the client includes free-form text fields — tool descriptions, resource summaries, prompt argument hints. These fields are surfaced into the…...

9.1CVSS5.8AI score0.00497EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/02 1:25 a.m.23 views

SUSE CVE-2026-31708

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2ioctlqueryinfo QUERYINFO path smb2ioctlqueryinfo has two response-copy branches: PASSTHRUFSCTL and the default QUERYINFO path. The QUERYINFO branch clamps qi.inputbufferlength to the server-report...

8.1CVSS5.9AI score0.00307EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 4:16 p.m.10 views

CVE-2026-42471

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke client Connection.php:76 calls unserialize on data received from the server response, enabling client-side RCE if connecting to a malicious server...

8.1CVSS0.01757EPSS
Exploits2References3
NVD
NVD
added 2026/04/29 9:16 a.m.8 views

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS0.00482EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 8:13 a.m.10 views

CVE-2026-42513

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS5.5AI score0.00482EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/29 8:13 a.m.38 views

CVE-2026-42513 Authentication Bypass Vulnerability in e-Sushrut HMIS

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS0.00482EPSS
Exploits0References1
CVE
CVE
added 2026/04/29 8:13 a.m.26 views

CVE-2026-42513

CVE-2026-42513 affects e-Sushrut HMIS. The vulnerability stems from improper authentication logic that relies on client-side response parameters to determine login status, enabling a remote attacker to intercept and modify server responses to bypass authentication and gain unauthorized access to ...

8.8CVSS5.6AI score0.00482EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 8:13 a.m.6 views

EUVD-2026-26196

This vulnerability exists in e-Sushrut due to improper authentication logic that relies on client-side response parameters to determine authentication status. A remote attacker could exploit this vulnerability by intercepting and modifying the server response. Successful exploitation of this...

8.8CVSS5.5AI score0.00482EPSS
Exploits0References1
Rows per page
Query Builder