Lucene search
K

653 matches found

Nuclei
Nuclei
added 3 days ago89 views

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS8.3AI score0.98243EPSS
Exploits7References5
RedHat Linux
RedHat Linux
added 2026/06/22 5:15 p.m.12 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.01051EPSS
Exploits7References11
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References17
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift, all versions up to and including 0.12.0, a server or client may encounter an infinite loop when processing specific input data. Since this issue was partially addressed in version 0.11.0, it only affects certain language bindings, depending on the installed version...

7.8CVSS6.8AI score0.09082EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...

7.5CVSS6.6AI score0.06779EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...

7.5CVSS6.8AI score0.06793EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 1:58 p.m.12 views

ROOT-APP-GOBINARY-CVE-2026-41602 CVE-2026-41602 in rootio-github.com/apache/thrift - Patched by Root

Root has patched CVE-2026-41602 in the rootio-github.com/apache/thrift package for Root:Go. Multiple fixed versions available...

7.5CVSS5.8AI score0.01163EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.8 views

Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

7.5CVSS5.4AI score0.00665EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.13 views

Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

7.3CVSS5.3AI score0.00632EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 2:45 p.m.5 views

SUSE-SU-2026:2438-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References13
OSV
OSV
added 2026/06/17 2:9 p.m.7 views

ROOT-APP-MAVEN-CVE-2026-43869 CVE-2026-43869 in io.root.org.apache.thrift:libthrift - Patched by Root

Root has patched CVE-2026-43869 in the io.root.org.apache.thrift:libthrift package for Root:Maven. Multiple fixed versions available...

7.3CVSS5.8AI score0.00632EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

7.5CVSS5.4AI score0.01051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.6 views

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.4AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 9:58 p.m.12 views

CVE-2026-43868

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

7.5CVSS5.7AI score0.00665EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.9 views

SUSE SLES16 Security Update : alloy (SUSE-SU-2026:21852-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21852-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing...

7.5CVSS6.9AI score0.01163EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.8 views

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...

7.5CVSS5.9AI score0.01163EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 7:54 a.m.13 views

CVE-2026-43869

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

7.3CVSS5.7AI score0.00632EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 9:8 a.m.8 views

OPENSUSE-SU-2026:20816-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262955. - CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer...

7.5CVSS6.8AI score0.01163EPSS
Exploits0References4
CBLMariner
CBLMariner
added 2026/05/14 11:27 p.m.10 views

CVE-2026-41605 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41605 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

7.7CVSS5.8AI score0.00967EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/14 11:27 p.m.12 views

CVE-2026-41602 affecting package thrift for versions less than 0.15.0-6

CVE-2026-41602 affecting package thrift for versions less than 0.15.0-6. A patched version of the package is available...

7.5CVSS5.8AI score0.01163EPSS
Exploits0
Rows per page
Query Builder