Lucene search
K

12649 matches found

CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

quic-go 安全漏洞

Quic-go is a implementation of the QUIC protocol and RFC 9000 protocol in Go, developed by Lucas Clemente. Versions of quic-go prior to 0.59.1 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size constraints on the decoded trailer fields in the HTTP/3...

7.5CVSS5.3AI score0.00279EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/03 8:59 p.m.21 views

quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion

Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame that decodes into a large trailer field section with many unique field names and/or large values. The implementation builds an http.Header for t...

7.5CVSS6.8AI score0.00279EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/03 7:11 a.m.9 views

USN-8375-1 nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS6AI score0.61469EPSS
Exploits43References13
Ubuntu
Ubuntu
added 2026/06/03 7:11 a.m.14 views

USN-8375-1: nginx vulnerabilities

It was discovered that the nginx ngxmailsmtpmodule module incorrectly handled certain memory operations when doing SMTP authentication. This could possibly result in sensitive information being sent to the authentication server. CVE-2025-53859 It was discovered that nginx incorrectly handled...

9.2CVSS7.7AI score0.61469EPSS
Exploits43
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.14 views

Cisco Finesse 安全漏洞

Cisco Finesse is a call center management software developed by the American company Cisco. There is a security vulnerability in Cisco Finesse, which stems from insufficient validation of HTTP request inputs provided to users. This vulnerability could allow unauthorized remote attackers to load...

6.1CVSS5.4AI score0.0018EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-46057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - landlock: Fix LOGSUBDOMAINSOFF inheritance across fork hookcredtransfer only copies the Landlock security blob when the source credential has a domain. This is...

3.3CVSS5.9AI score0.00118EPSS
Exploits0References2
OSV
OSV
added 2026/06/02 2:15 p.m.9 views

EEF-CVE-2026-49754 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the ENDHEADERS flag, the unparsed...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:1 p.m.15 views

CVE-2026-10622

Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed '/rest/ endpoints...

5.8AI score0.00442EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 2026/06/02 1:38 a.m.12 views

SUSE CVE-2026-45352

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.43.4, negative chunk-size in chunked Transfer-Encoding causes unbounded memory allocation and process crash. The ChunkedDecoder::readpayload function in cpp-httplib httplib.h parses the chunk-size field o...

7.5CVSS5.7AI score0.00327EPSS
Exploits1References3
Fedora
Fedora
added 2026/06/02 1:11 a.m.13 views

[SECURITY] Fedora 43 Update: postfix-3.10.10-1.fc43

Postfix is a Mail Transport Agent MTA...

7.5CVSS5.8AI score0.00415EPSS
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.8 views

Windows BITS Persistence Tool

This script implements a BITS-based persistence mechanism with an embedded HTTP server and remote payload delivery for Windows...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.16 views

PT-2026-45787

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client HTTP/2 CONTINUATION flood. When Mint's HTTP/2 receive path observes a HEADERS frame without the END HEADERS flag, the unparse...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References6
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.13 views

Windows BITS Jobs Persistence Scanner

This is a Windows BITS Job auditing tool that scans all Background Intelligent Transfer Service BITS tasks using bitsadmin, then analyzes them for suspicious behavior such as executable downloads, command execution cmd.exe, powershell, and remote URLs. It classifies jobs as normal or suspicious a...

6AI score
Exploits0
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Mint 安全漏洞

Mint is a functional underlying HTTP client library developed by Elixir Mint. Versions of Mint from 0.1.0 to 1.9.0 contained security vulnerabilities. These vulnerabilities stemmed from the encoderequestline/2 function not verifying the CRLF characters in method parameters, which could lead to HT...

2.1CVSS5.4AI score0.00166EPSS
Exploits0References4
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.8 views

Backdoor Unlearning Generalization: A Path toward the Removal of Unknown Triggers in LLMs

Backdoor attacks in Large Language Models LLMs are a growing security concern, where models can generate adversary-chosen content. Existing defenses target backdoors one at a time and typically require knowledge of the trigger, leaving the defender at a structural disadvantage when unknown...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/01 6:53 p.m.86 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

No d...

7.8CVSS6AI score0.96775EPSS
Exploits228
NVD
NVD
added 2026/06/01 3:16 p.m.17 views

CVE-2026-42251

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS0.00356EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 1:22 p.m.19 views

CVE-2026-42251

The CVE concerns KS-SOMED where hard-coded credentials in KSPLUPDFTP.exe (up to 30.00.00.056) and ANEKSKLIENT.EXE (up to 29.00.02.026) allowed an unauthorized actor to access an FTP server hosting update packages. This could enable uploading a malicious update that might be distributed and instal...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 1:22 p.m.11 views

CVE-2026-42251 Hard-coded credentials in KS-SOMED

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 1:22 p.m.13 views

EUVD-2026-33642

Use of hard-coded credentials in KS-SOMED allowed an unauthorized attacker access to FTP server that hosted the application's update packages. The attacker with these credentials could upload a malicious update file, which then may have been distributed and installed on client machines as a...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder