12649 matches found
quic-go 安全漏洞
Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...
quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion
Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. The implementation builds an http.Header for t...
USN-8375-1 nginx vulnerabilities
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...
USN-8375-1: nginx vulnerabilities
It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...
Cisco Finesse 安全漏洞
Cisco Finesse is a call center management software developed by the American company Cisco. There is a security vulnerability in Cisco Finesse, which stems from insufficient validation of HTTP request inputs provided to users. This vulnerability could allow unauthorized remote attackers to load...
Linux Distros Unpatched Vulnerability : CVE-2026-46057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is...
EEF-CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...
CVE-2026-10622
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...
SUSE CVE-2026-45352
cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...
[SECURITY] Fedora 43 Update: postfix-3.10.10-1.fc43
Postfix is a Mail Transport Agent MTA...
Windows BITS Persistence Tool
This script implements a BITS-based persistence mechanism with an embedded HTTP server and remote payload delivery for Windows...
PT-2026-45787
Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the END HEADERS flag, the unparse...
Windows BITS Jobs Persistence Scanner
This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...
Mint 安全漏洞
Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...
Backdoor Unlearning Generalization: A Path toward the Removal of Unknown Triggers in LLMs
Backdoor attacks in Large Language Models LLMs are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
No d...
CVE-2026-42251
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
CVE-2026-42251
The CVE concerns KS-SOMED where hard-coded credentials in KSPLUPDFTP.exe (up to 30.00.00.056) and ANEKSKLIENT.EXE (up to 29.00.02.026) allowed an unauthorized actor to access an FTP server hosting update packages. This could enable uploading a malicious update that might be distributed and instal...
CVE-2026-42251 Hard-coded credentials in KS-SOMED
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...
EUVD-2026-33642
Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...