12640 matches found
PT-2026-50538
Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...
PT-2026-50239
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...
CVE-2026-10637
subsys/net/ip/ipv6mld.c:mldsend read the packet interface via netpktifacepkt after netsenddatapkt returned successfully. Per the network stack's ownership contract include/zephyr/net/netcore.h, and the explicit warning in subsys/net/ip/netcore.c:453-460 'do not use pkt after that call', a...
Denial Of Service (DoS)
Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of HTTP/2 SETTINGSMAXHEADERLISTSIZE values, which allows an attacker to trigger repeated request processing and response-header generation failures, leading to resource exhaustion similar to an HTTP/2 Rapi...
BIT-MYSQL-CLIENT-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
BIT-MARIADB-MIN-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
BIT-MARIADB-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side (rsync)
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
BIT-MARIADB-2026-44168 MariaDB: wsrep SST unsafe parameter handling on the donor side
MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. No...
firefox: Same-origin policy bypass in the Networking: HTTP component
A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Same-origin policy bypass in the Networking: HTTP component...
EUVD-2026-37022
Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...
PT-2026-50061
Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A low privileged attacker with...
PT-2026-49842
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware Identity Manager version 12.2.1.4.0 Oracle Fusion Middleware Identity Manager version 14.1.2.1.0 Description An issue in the Security component of the Identity Manager product allows a low privileged attacker with...
PT-2026-50015
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne Accounts Payable version 9.2 Description A flaw in the Accounts Payable component allows a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a ful...
PT-2026-49994
Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel Apps - Marketing versions 17.0 through 26.5 Description An issue in the Marketing component of Oracle Siebel CRM allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful...
PT-2026-50067
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials...
PT-2026-49920
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue exists in the Content Server component of Oracle WebCenter Content. An unauthenticated attacker with network access via HTTP can compromise the system, although the attack is...
PT-2026-50024
Name of the Vulnerable Software and Affected Versions Oracle Process Manufacturing Product Development versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite. A low...
PT-2026-49864
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. An unauthenticated attacker with network...
PT-2026-50025
Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Cloud Applications versions 17.0 through 26.5 Description An issue exists in the Siebel Cloud Manager component of Oracle Siebel CRM Cloud Applications. An unauthenticated attacker with network access via HTTP can...
RHEL 9 : postfix (RHSA-2026:26205)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:26205 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffe...