Lucene search
K

365 matches found

EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42052

A flaw was found in 389-ds-base where the LDBM backend attribute encryption uses a hardcoded static initialization vector for AES-CBC and 3DES-CBC operations, allowing an attacker with privileged filesystem access to detect plaintext equality across encrypted entries by comparing ciphertext block...

4.4CVSS5.9AI score0.00077EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 2:42 p.m.6 views

mariadb: MariaDB server: SQL injection vulnerability via improper handling of big5 character set with mysql_real_escape_string()

A flaw was found in MariaDB server. An application processing non-validated user input, which then uses mysqlrealescapestring and sends data to the database via text protocol with the big5 character set, is vulnerable to SQL injection. This allows a remote attacker to execute malicious SQL...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/30 1:11 p.m.5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 5:48 a.m.4 views

BIT-NODE-MIN-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.3AI score0.00656EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 9:57 p.m.75 views

CVE-2026-48746 vLLM: OpenAI auth bypass

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References3
CVE
CVE
added 2026/06/20 6:27 p.m.18 views

CVE-2026-56342

AVideo

6.8CVSS6AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/18 2:44 p.m.8 views

EUVD-2026-37902

A flaw was found in 389 Directory Server. During schema reload, the attrsyntaxswapht function unconditionally frees attribute syntax information nodes, bypassing the refcount-based deferred deletion used elsewhere in the attribute syntax subsystem. If an administrator triggers schema reload while...

5CVSS5.2AI score0.00212EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 7:42 p.m.21 views

CVE-2026-48814 Network-AI: Empty default secret still authorizes all requests (Incomplete fix for CVE-2026-46701)

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions 5.7.1 and earlier, the MCP SSE server allows unauthenticated cross-origin MCP tool invocation due to an empty default secret. This issue was partially addressed by CVE-2026-46701 in version 5.4.5 by closing the CORS flaw wit...

9.1CVSS0.00297EPSS
Exploits0References3
CVE
CVE
added 2026/06/17 7:42 p.m.43 views

CVE-2026-48814

Network-AI is a TypeScript/Node.js multi-agent orchestrator. In versions

9.1CVSS5.3AI score0.00297EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/17 1:51 a.m.6 views

389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS)

A flaw was found in 389-ds-base. The getldapmessagecontrolsext function in the LDAP server does not enforce an upper bound on the number of controls per LDAP message. A remote, unauthenticated attacker can send a specially crafted LDAP request containing hundreds of thousands of minimal controls...

7.5CVSS5.2AI score0.00815EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.13 views

SUSE CVE-2026-11785

A flaw was found in 389 Directory Server. A type confusion in the SSO token extended operation handler causes partial stack address information to be disclosed in LDAP responses to authenticated users...

4.3CVSS5.3AI score0.00179EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 5:54 p.m.11 views

EUVD-2026-36293

An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server 389-ds-base. In sasliostartpacket, adding sizeofuint32t to a crafted SASL packet length prefix of 0xFFFFFFFC causes unsigned wraparound to zero, bypassing the nsslapd-maxsasliosize limit and leading to a heap buffer...

7.6CVSS5.9AI score0.01038EPSS
Exploits0References3
HackRead
HackRead
added 2026/06/10 9:20 a.m.16 views

Microsoft June 2026 Patch Tuesday Fixes 206 Flaws and 3 Zero-Days

Microsoft’s June 2026 patch Tuesday resolves 206 vulnerabilities, including 3 critical zero-days and severe 9.8 CVSS kernel, network and HTTP.sys flaws...

5.5AI score
Exploits0
NVD
NVD
added 2026/06/10 2:16 a.m.11 views

CVE-2026-45160

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS0.00246EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/09 5:4 p.m.31 views

CVE-2026-45479 Microsoft SharePoint Server Spoofing Vulnerability

...

4.6CVSS0.00505EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:16 p.m.11 views

UBUNTU-CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.2AI score0.00291EPSS
Exploits0References5
CVE
CVE
added 2026/06/09 1:9 p.m.40 views

CVE-2026-11790

The CVE-2026-11790 entry describes a vulnerability in 389 Directory Server’s PBKDF2-SHA256 password storage plugin where there is no upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user’s password hash can trigger excessive CPU usag...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References2Affected Software3
EUVD
EUVD
added 2026/06/09 1:2 p.m.13 views

EUVD-2026-35420

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

5.9CVSS5.5AI score0.00346EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/09 1:2 p.m.9 views

CVE-2026-11787

A flaw was found in 389 Directory Server. The ldaputf8prev function reads bytes before the start of a buffer without bounds checking, causing a heap buffer over-read in string filter parsing that may influence internal filter processing behavior...

6.3CVSS5.7AI score0.00177EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/09 1:2 p.m.8 views

CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS5.5AI score0.00346EPSS
Exploits0
Rows per page
Query Builder