Lucene search
K

56 matches found

OSV
OSV
added 2026/06/25 6:52 p.m.5 views

GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...

6.3CVSS5.6AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 1:28 p.m.38 views

CVE-2026-41120

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution...

9.8CVSS0.00255EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:16 p.m.8 views

CVE-2026-48509

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 9:16 p.m.36 views

CVE-2026-48509

CVE-2026-48509 affects MessagePack for C# (ASP.NET Core MVC context). The issue is that, prior to versions 2.5.301 and 3.1.7, the parameterless MessagePackInputFormatter() uses default serializer options that resolve to Standard with MessagePackSecurity.TrustedData, which can cross HTTP trust bou...

9.1CVSS5.7AI score0.00236EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.24 views

PT-2026-51393

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description The parameterless MessagePackInputFormatter constructor uses default serializer options that resolve to MessagePackSerializerOptions.Standard wit...

9.1CVSS5.6AI score0.00236EPSS
Exploits0References6
OSV
OSV
added 2026/05/11 6:6 p.m.7 views

EEF-CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1

Summary Improper Neutralization of CRLF Sequences 'CRLF Injection' vulnerability in ninenines cowlib allows SSE event splitting and injection via unvalidated field values. cow\sse:event/1 in cowlib guards the id and event fields against \n but not against bare \r, and the internal prefix\lines/2...

6.3CVSS6.2AI score0.00266EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 6:17 p.m.2 views

CVE-2026-32162

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

8.4CVSS0.02034EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 4:58 p.m.5 views

CVE-2026-32162

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

8.4CVSS5.7AI score0.02034EPSS
Exploits0References2Affected Software14
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.8 views

Windows COM Elevation of Privilege Vulnerability

Acceptance of extraneous untrusted data with trusted data in Windows COM allows an unauthorized attacker to elevate privileges locally...

8.4CVSS6.2AI score0.02034EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.11 views

PT-2026-32831

🪟 COM EoP CVE-2026-32162 again? When Microsoft’s “trust boundaries” are just vibes, every COM hop is a potential jailbreak. Triage fast: local users turning into admins is the usual horror sequel. https://t.co/nNowXseXJj ElevationOfPrivilege MicrosoftMsrc WindowsCom https://t.co/7B8CqiBKho...

8.4CVSS6.2AI score0.02034EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 2:57 p.m.6 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 6:31 p.m.6 views

EUVD-2026-10702

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 6:18 p.m.11 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS0.00359EPSS
Exploits0References1
OSV
OSV
added 2026/03/10 6:18 p.m.6 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.7AI score0.00359EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/10 5:5 p.m.5 views

CVE-2026-26148

External initialization of trusted variables or data stores in Azure Entra ID allows an unauthorized attacker to elevate privileges locally...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.15 views

CVE-2024-41706

A stored XSS issue was discovered in Archer Platform 6 before version 2024.06. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers...

7.3CVSS5.6AI score0.00327EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/23 4:45 p.m.7 views

Security Bulletin: TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data

Summary TSSC/IMC is affected to an Acceptance of Extraneous Untrusted Data With Trusted Data. A patch was released to update the bind package. Vulnerability Details CVEID:CVE-2025-40778 DESCRIPTION: Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an...

8.6CVSS6AI score0.00509EPSS
Exploits1Affected Software1
Veracode
Veracode
added 2025/12/13 4:31 a.m.8 views

Improper Authentication

com.liferay, com.liferay.portal.cluster.multiple are vulnerable to Improper Authentication. The vulnerability is due to insufficient authentication of cluster messages, which allows a remote attacker to send unauthenticated malicious data that is processed as trusted data by the affected systems...

6.9CVSS7.3AI score0.00164EPSS
Exploits0References6Affected Software1
Veracode
Veracode
added 2025/12/13 4:23 a.m.10 views

Use Of Hardcoded Cryptographic Key

sureness is vulnerable to Use of Hardcoded Cryptographic Key. The vulnerability is due to the use of a hardcoded key within the application, allowing attackers who obtain or reverse engineer the key to bypass security protections or forge trusted data...

9.8CVSS7.7AI score0.00808EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/12/08 9:30 p.m.11 views

CVE-2025-36102

CVE-2025-36102 affects IBM Controller 11.1.0–11.1.1 and IBM Cognos Controller 11.0.0–11.0.1 FP6. The issue arises from client-side enforcement of server-side security, allowing a privileged user to bypass validation by passing user input into the application as trusted data. Impact described acro...

2.7CVSS6.2AI score0.00193EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder