Lucene search
K

12640 matches found

CVE
CVE
added 2026/06/15 11:40 p.m.12 views

CVE-2026-9262

CVE-2026-9262 affects Canon EOS Network Setting Tool (Version 1.5.0 or earlier). The issue is the use of a non-secure protocol by default in FTP configuration. Reported CVSS metrics indicate a Network attack with high confidentiality impact (CVSS 3.1: 6.5 base, MEDIUM) and a notable impact under ...

7.5CVSS5.3AI score0.00264EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/15 11:40 p.m.31 views

CVE-2026-9262

Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier...

7.1CVSS0.00264EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 8:43 p.m.10 views

EUVD-2026-36459

Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 5:24 p.m.7 views

Use of Weak Hash

Overview Affected versions of this package are vulnerable to Use of Weak Hash due to the use of a weak 32-bit hash in the HttpTransferCache. When a victim visits a crafted link containing the colliding parameter, the SSR process executes both the search request and the profile request. Due to the...

9.2CVSS5.9AI score0.0009EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:24 p.m.75 views

@angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:24 p.m.5 views

GHSA-39PV-4J6C-2G6V @angular/common: Weak 32-Bit Cache Key Hashing in `HttpTransferCache` Leading to Cross-Request Data Leakage and State Poisoning

Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during client-side hydration. This avoids repeating the same HTTP requests on the client. The cached responses are stored in TransferState using a cache key generated by hashing reque...

8.8CVSS5.3AI score0.0009EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.9 views

@angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

8.2CVSS5.4AI score0.00303EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 4:51 p.m.9 views

GHSA-Q6F4-QQRG-JV6X @angular/common: Information Leak via Default Caching of Credentialed Requests in HttpTransferCache

A vulnerability was discovered in @angular/common when Server-Side Rendering SSR and hydration are enabled. The HttpTransferCache utility optimizes hydration by caching outgoing HTTP requests performed during SSR and transferring the cached state to the client-side application via TransferState...

8.2CVSS5.5AI score0.00303EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/15 3:16 p.m.8 views

Modification of Assumed-Immutable Data

Overview @angular/core is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this...

8.6CVSS6.1AI score0.00179EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/15 3:16 p.m.10 views

Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.4AI score0.00179EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 3:16 p.m.4 views

GHSA-RGJC-H3X7-9MWG Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.5AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49548

Name of the Vulnerable Software and Affected Versions Canon EOS Network Setting Tool versions prior to 1.5.1 Description The software uses a non-secure protocol as the default FTP configuration, which may allow sensitive data to be transmitted without encryption. Recommendations Update to a versi...

7.5CVSS6.6AI score0.00264EPSS
Exploits0References8
AlmaLinux
AlmaLinux
added 2026/06/15 12:0 a.m.4 views

Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.8 views

RHEL 8 : postfix (RHSA-2026:25932)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25932 advisory. The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffe...

7.5CVSS5.7AI score0.00415EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 12:0 a.m.3 views

ALSA-2026:25932 Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.6 views

Fedora 44 : bind9-next (2026-dbb0776ac5)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-dbb0776ac5 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

9.8CVSS5.5AI score0.01844EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.7 views

SUSE SLES12 Security Update : google-osconfig-agent (SUSE-SU-2026:2347-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2347-1 advisory. This update for google-osconfig-agent fixes the following issue - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improp...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.8 views

SUSE CVE-2026-46433

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS5.4AI score0.00225EPSS
Exploits0References3
Mageia
Mageia
added 2026/06/13 1:38 a.m.9 views

Updated packages fix security vulnerabilities

CVE-2026-49261 MariaDB server has unsafe parameter handling in wsrepnotifycmd CVE-2026-48165 MariaDB: unsafe usage of wsrepsstreceiveaddress values on the joiner side CVE-2026-48163 MariaDB: wsrep SST unsafe parameter handling on the donor side rsync...

10CVSS5.3AI score0.00703EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/13 12:34 a.m.10 views

EUVD-2026-36606

An attacker could cooperatively pass data from one secure GPU process to another secure GPU process through shared secure memory allocations in the kernel module. Additionally, an attacker could disrupt the operation of another secure GPU process leading to image corruption / GPU hardware recover...

5.4AI score0.00106EPSS
Exploits0References2
Rows per page
Query Builder