Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/06/01 7:57 a.m.46 views

CVE-2026-49361 Apache Fluss Netty Frame Decoder Memory Exhaustion Vulnerability

Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAXVALUE as the maximum frame length, allowing unauthenticated remote attackers to exhaust JVM heap memory on TabletServer and CoordinatorServer by sending specially crafted frame headers, resulting...

0.0058EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.19 views

PT-2026-45385

Name of the Vulnerable Software and Affected Versions Apache Fluss versions prior to 0.9.1 Description The Netty LengthFieldBasedFrameDecoder is configured with Integer.MAX VALUE as the maximum frame length. This allows unauthenticated remote attackers to exhaust JVM heap memory on TabletServer a...

7.5CVSS5.8AI score0.0058EPSS
Exploits0References4
Snyk
Snyk
added 2025/05/01 6:28 a.m.2 views

Race Condition

Overview @genkit-ai/firebase is a Genkit AI framework plugin for Firebase including Firestore trace/state store and deployment helpers for Cloud Functions for Firebase. Affected versions of this package are vulnerable to Race Condition via the asynchronous user engagement collection in the...

8.3CVSS6.9AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.3 views

PT-2022-28106 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue concerns the incorrect use of privileged APIs in the usememos/memos GitHub repository. A user can archive any private memos, delete any shortcut, and edit any shortcut from other...

7.3CVSS7.3AI score0.00507EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.4 views

PT-2022-28096 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue involves the incorrect use of privileged APIs, allowing a user with login permission to delete all notes of the whole application. This can be achieved via the API endpoint...

8.1CVSS8.1AI score0.00761EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.2 views

PT-2022-28103 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to improper authorization, allowing for authorization bypass through a user-controlled key. This affects the usememos/memos GitHub repository. Recommendations: For...

9.1CVSS9.3AI score0.00568EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2022/12/28 12:0 a.m.4 views

PT-2022-28115 · Unknown · Usememos/Memos

Name of the Vulnerable Software and Affected Versions: usememos/memos versions prior to 0.9.1 Description: The issue is related to improper access control in the GitHub repository usememos/memos. Recommendations: For versions prior to 0.9.1, update to version 0.9.1 or later to resolve the issue...

8.6CVSS8.7AI score0.00534EPSS
Exploits1References11
Rows per page
Query Builder