Lucene search
+L

216 matches found

nvd
nvd
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58213

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.1 and 2.12.9, an MQTT client could include protocol control characters in subscription filters that were later forwarded as NATS protocol data to route or leafnode connections, corrupti...

7.1CVSS0.00441EPSS
Exploits0References8
nvd
nvd
added 2026/07/08 8:16 p.m.6 views

CVE-2026-58252

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user could receive messages on denied subjects when a wildcard subscription overlapped with a configured wildcard deny rule but was not a subset...

6.5CVSS0.00465EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/08 8:16 p.m.33 views

CVE-2026-58211 NATS Server: `no_auth_user` pre-CONNECT fast path bypasses user connection restrictions

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a client could be registered as the configured noauthuser through a parser path used when the first client operation was not CONNECT, bypassing user-level connection...

5.4CVSS0.00292EPSS
Exploits0References1
osv
osv
added 2026/07/08 7:56 p.m.3 views

CVE-2026-58254 NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS6.1AI score0.00308EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56559

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description MQTT retained message delivery and QoS1+ durable replay may deliver messages to subscribers even if the original topics match a configured subscribe deny...

4.3CVSS6.1AI score0.00342EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.10 views

PT-2026-56537

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.0 NATS Server versions prior to 2.12.7 NATS Server versions prior to 2.11.16 Description An authenticated user with subscription deny permissions can bypass a plain subject deny rule by utilizing a queue...

6.5CVSS6.1AI score0.00463EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.13 views

PT-2026-56563

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.12.8 NATS Server versions prior to 2.11.17 Description An unauthenticated peer with network access to a leafnode listener with compression enabled can cause the server to crash. This occurs during the...

7.5CVSS6.1AI score0.00732EPSS
Exploits0References10
osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1963 TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`

Impact When the parameter summarize of tf.rawops.Print is zero, the new method SummarizeArray will reference to a nullptr, leading to a seg fault. python import tensorflow as tf tf.rawops.Printinput = tf.constant1, 1, 1, 1,dtype=tf.int32, data = False, False, False, False, False, False, False,...

7.5CVSS6.6AI score0.00391EPSS
Exploits0References6
osv
osv
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1956 TensorFlow has Null Pointer Error in SparseSparseMaximum

Impact When SparseSparseMaximum is given invalid sparse tensors as inputs, it can give an NPE. python import tensorflow as tf tf.rawops.SparseSparseMaximum aindices=1, avalues = 0.1 , ashape = 2, bindices=, bvalues =2 , bshape = 2, Patches We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00439EPSS
Exploits1References6
osv
osv
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1961 TensorFlow vulnerable to segfault when opening multiframe gif

Impact Integer overflow occurs when 2^31 = numframes height width channels 2^32, for example Full HD screencast of at least 346 frames. python import urllib.request dat =...

6.5CVSS6.7AI score0.00305EPSS
Exploits0References6
osv
osv
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-961 TensorFlow has null dereference on ParallelConcat with XLA

Impact When running with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. python import tensorflow as tf func = tf.rawops.ParallelConcat para = 'shape': 0, 'values': 1 @tf.functionjitcompile=True def test: y =...

7.5CVSS5.9AI score0.00391EPSS
Exploits0References6
osv
osv
added 2026/06/30 8:29 a.m.13 views

ROOT-APP-MAVEN-CVE-2025-27818 CVE-2025-27818 in io.root.org.apache.kafka:kafka_2.12 - Patched by Root

Root has patched CVE-2025-27818 in the io.root.org.apache.kafka:kafka2.12 package for Root:Maven. Multiple fixed versions available...

8.8CVSS6.7AI score0.00881EPSS
Exploits0
nessus
nessus
added 2026/06/06 12:0 a.m.12 views

EulerOS Virtualization 2.12.1 : libpng (EulerOS-SA-2026-2079)

According to the versions of the libpng package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via pngcreatereadstruct...

8.3CVSS7.5AI score0.00955EPSS
Exploits3References4
redhatcve
redhatcve
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39809

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEMS 7.0 all versions may allow attacker to execute unauthorized code or commands via sending crafted...

6.7CVSS5.8AI score0.00133EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/13 5:32 a.m.8 views

CVE-2026-2725

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS5.9AI score0.00116EPSS
Exploits0References2
susecve
susecve
added 2026/05/07 2:21 a.m.6 views

SUSE CVE-2026-32597

PyJWT is a JSON Web Token implementation in Python. Prior to 2.12.0, PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 �4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting...

7.5CVSS7.2AI score0.00269EPSS
Exploits1References11
vulnrichment
vulnrichment
added 2026/04/14 8:6 a.m.2 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/04/14 8:6 a.m.5 views

CVE-2026-31908

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

5.8AI score0.00521EPSS
Exploits1References2Affected Software1
cvelist
cvelist
added 2026/04/14 8:6 a.m.28 views

CVE-2026-31908 Apache APISIX: forward auth plugin allows header injection

Header injection vulnerability in Apache APISIX. The attacker can take advantage of certain configuration in forward-auth plugin to inject malicious headers. This issue affects Apache APISIX: from 2.12.0 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue...

0.00521EPSS
Exploits1References1
cnnvd
cnnvd
added 2026/04/14 12:0 a.m.8 views

Fortinet FortiClientEms 安全漏洞

Fortinet FortiClientEms is a centralized management system developed by the American company Fortinet. There is a security vulnerability in Fortinet FortiClientEms, which stems from SQL injection attacks. This vulnerability may allow for the execution of unauthorized code or commands. The followi...

6.7CVSS6.1AI score0.00133EPSS
Exploits0References1
Rows per page
Query Builder