Lucene search
K

4432 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-9697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection...

7.4CVSS6.7AI score0.00431EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/19 9:17 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the upload function. An attacker can cause the server to become unresponsive for all users by sending a specially crafted multipart form-data request with an excessively long...

8.7CVSS5.9AI score0.00321EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/19 7:35 p.m.5 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following in the CRI checkpoint restore plugin due to improper validation of symlinked paths. An attacker can access arbitrary files on the host by crafting a malicious checkpoint image and leveraging the...

8.2CVSS6AI score0.00208EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 2:47 p.m.7 views

Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is affected by a HTTP Request/Response Smuggling Vulnerability in Eclipse Jetty (CVE-2026-2332)

Summary Eclipse Jetty is used by IBM DevOps Deploy / UrbanCode Deploy UCD to handle Agent Relay traffic. CVE-2026-2332. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the...

9.1CVSS5.9AI score0.01127EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/19 2:20 p.m.8 views

GHSA-HM92-R4W5-C3MJ undici vulnerable to cross-origin request routing via SOCKS5 proxy pool reuse

Impact When using Socks5ProxyAgent, undici reuses a single connection pool across different origins without verifying that the pool's origin matches the requested origin. All requests are dispatched through the pool connected to the first origin, regardless of the intended destination. This cause...

7.5CVSS6.4AI score0.00315EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Redis

Redis is an in-memory database that persists data on disk.Authenticated users who execute specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, causing Redis to attempt to allocate an impossible amount of memory and result in a Memory Out of Control OOM panic. This issue...

5.5CVSS5.9AI score0.33269EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk. Authenticated users can use the HINCRBYFLOAT command to create an invalid hash field, which will cause a crash in Redis when accessed in affected versions. This issue has been addressed in versions 7.0.11, 6.2.12, and 6.0.19...

6.5CVSS5.7AI score0.00963EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Redis

Redis is an open-source, in-memory database that persists data on disk.Authenticated users can trigger a denial-of-service attack by using specially crafted, overly long pattern matching on supported commands such as KEYS, SCAN, PSUBSCRIBE, FUNCTION LIST, COMMAND LIST, and ACL definitions. Matchi...

6.5CVSS6.3AI score0.01009EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in lxml

Lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html allowed certain crafted script content to pass through, as well as script content in SVG files embedded using data URIs. Users who use the HTML Cleaner in a security-related...

8.2CVSS6.4AI score0.02456EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Jetty9

Jetty is a Java-based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or perform unintended behaviors by tampering with the cookie parsing mechanism. If Jetty encounters a cookie value that starts with a double quot...

5.3CVSS6.5AI score0.013EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.10 views

Astra Linux – Vulnerability in docker.io

Moby is an open-source project created by Docker to enable software containerization. A bug was discovered in Moby Docker Engine, where the data directory /var/lib/docker, contained subdirectories with insufficiently restricted permissions. This allowed unprivileged Linux users to access and...

6.3CVSS6.6AI score0.02693EPSS
Exploits3References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, certain configurations of Rails::Html::Sanitizer could potentially introduce XSS vulnerabilities. An attacker could inject content if the application developer overrides the sanitizer’...

7.2CVSS6.3AI score0.00988EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in sqlparse

sqlparse is a non-validation SQL parser module for Python. In affected versions, the SQL parser contains a regular expression that is vulnerable to ReDoS Regular Expression Denial of Service. This issue was introduced by the commit e75e358. The vulnerability may lead to Denial of Service DoS. Thi...

7.5CVSS7.3AI score0.0098EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Twig

Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates whose names are user-inputs. It’s possible to use the source or include statement to read arbitrary files from outside the...

7.5CVSS7.3AI score0.01488EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue only affects clients. An integer underflow can lead to a Denial of Service DOS vulnerability, for example, an abort due to WINPRASSERT with default compilation flags. When an...

7.5CVSS6.8AI score0.01385EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. Affected versions of FreeRDP are subject to a null pointer dereference that can lead to a crash in the RemoteFX rfx handling. Within the rfxprocessmessagetileset function, the program allocates...

7.5CVSS6.7AI score0.01321EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. In affected versions, there is a Global-Buffer-Overflow in the ncrushdecompress function. Feeding crafted input into this function can trigger the overflow, which has only been shown to cause a...

7.5CVSS6.7AI score0.01196EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

5.9CVSS5.9AI score0.00612EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50974

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description The OIDC authenticator fails to validate the JWT audience aud claim when no audience is configured. In environments where a single identity provider issues tokens for multiple services, a token...

6.8CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 9:18 p.m.18 views

CVE-2026-50196 Steeltoe.Discovery.Eureka: Unrecognized DataCenterInfo.Name poisons entire registry fetch

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS
Exploits0References3
Rows per page
Query Builder