Lucene search
K

12641 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.41 views

Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on

Question Security Bulletin: Vulnerabilities in OpenSSL affect IBM Aspera Transfer Cluster Manager, faspex on Demand, Server on Demand, Application Platform on Demand, and Azure on Demand. CVE-2016-2107, CVE-2016-2106, CVE-2016-2176 "Business Unit":"code":"BU059","label":"IBM Software w/o...

8.2CVSS7.5AI score0.89058EPSS
Exploits6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.11 views

Siemens SIMATIC S7-1500 Incorrect Resource Transfer Between Spheres (CVE-2026-31431)

In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algifaead since the source and destination...

7.8CVSS6.9AI score0.96775EPSS
Exploits228References3
NVD
NVD
added 2026/06/17 8:17 p.m.9 views

CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS0.00439EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 8:17 p.m.3 views

DEBIAN-CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 7:48 p.m.9 views

EUVD-2026-37789

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.5AI score0.00439EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/17 7:48 p.m.7 views

CVE-2026-54387

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS5.6AI score0.00439EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 7:48 p.m.16 views

CVE-2026-54387 Tinyproxy - HTTP Request Smuggling via CL/TE Desynchronization

Tinyproxy through 1.11.3, fixed in commit ff45d3b, fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine how many request body bytes to consume. Remote attackers can desynchronize the...

9.3CVSS0.00439EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 7:48 p.m.26 views

CVE-2026-54387

CVE-2026-54387 affects Tinyproxy up to version 1.11.3. It fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to consume the request body. This desynchronizes frontend/backend parsers and can enab...

9.3CVSS5.6AI score0.00439EPSS
Exploits0References4
OSV
OSV
added 2026/06/17 7:9 p.m.5 views

MAL-2026-6075 Malicious code in opt-archetype-check (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6497b3f44c017bc9ba783cd75e17d4992f79542d8819558da92e152ee4d4471e On npm install, the package's postinstall hook executes node index.js, which collects the installer's public IP via api.ipify.org, hostname, username...

5.9AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.7 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 1:20 p.m.8 views

CVE-2026-50203

A path traversal in the SFTP provider SFTPHook.retrievedirectory / SFTPOperatoroperation=get let a malicious or compromised remote SFTP server write files outside the configured local destination directory via crafted directory-entry names. No Airflow account is required — the attack surface is a...

9.1CVSS0.00626EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 1:20 p.m.6 views

CVE-2026-28575

In PackageInstaller.Sessiontransfer of frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java, there is a possible memory exhaustion attack due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed...

10CVSS0.00125EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/17 11:2 a.m.6 views

firefox: Same-origin policy bypass in the Networking: HTTP component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...

9.3CVSS5.2AI score0.00194EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46961

Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

8.8CVSS0.00402EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46934

Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to...

7.5CVSS0.00311EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.9 views

CVE-2026-46859

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain component: Security. The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this...

9.8CVSS0.00508EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:53 a.m.8 views

CVE-2026-46812

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:40 a.m.8 views

CVE-2026-35319

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

9.8CVSS0.00483EPSS
Exploits0References1
NCSC
NCSC
added 2026/06/17 9:28 a.m.11 views

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

10CVSS5.9AI score0.00565EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 7:2 a.m.13 views

CVE-2026-28575

CVE-2026-28575 affects the Android framework in PackageInstaller.Session.transfer (frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java). The issue is described as a logic error causing memory exhaustion that can lead to a local denial of service without requiring...

10CVSS5.6AI score0.00125EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder