Lucene search
K

13380 matches found

IBM AIX
IBM AIX
added 2 days ago6 views

Multiple vulnerabilities impact AIX due to ISC BIND (CVE-2025-13878 CVE-2026-1519 CVE-2026-3592 CVE-2026-5946 CVE-2026-5950)

IBM SECURITY ADVISORY First Issued: Fri Jul 3 04:02:10 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/bindadvisory30.asc Security Bulletin: Multiple vulnerabilities impact AIX due to ISC BIND CVE-2025-13878, CVE-2026-1519,...

7.5CVSS7AI score0.08219EPSS
Exploits1
EUVD
EUVD
added 3 days ago3 views

EUVD-2026-41262

The WP Database Backup – Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to OS Command Injection in all versions up to and including 7.11 via the wpdbexcludetable parameter. This is due to the direct concatenation of user-supplied $POST'wpdbexcludetable' valu...

7.2CVSS6.3AI score0.01588EPSS
Exploits0References8
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-41100

Uncontrolled Resource Consumption CWE-400 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process request...

6.5CVSS5.8AI score0.00251EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-56150 Allocation of Resources Without Limits or Throttling in Fleet Server Leading to Denial of Service

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS0.00302EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago4 views

golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip

A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...

6.5CVSS6.7AI score0.00643EPSS
Exploits1References8
RedHat Linux
RedHat Linux
added 4 days ago5 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS6.1AI score0.0068EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...

5.3CVSS0.00343EPSS
Exploits0References11
EUVD
EUVD
added 4 days ago6 views

EUVD-2025-210388

Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing.private.utils.runstring within the reduce method to...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References3
CVE
CVE
added 5 days ago8 views

CVE-2025-71355

CVE-2025-71355 : Picklescan prior to 0.0.25 fails to detect unsafe global functions in the Numpy library, enabling an attacker to bypass static analysis and execute arbitrary code during deserialization. Attackers can craft malicious pickle files using numpy.testing._private.utils.runstring withi...

7.6CVSS6.1AI score0.00552EPSS
Exploits0References2
CVE
CVE
added 5 days ago8 views

CVE-2026-57204

CVE-2026-57204 affects the Python PDF library pypdf. Before version 6.13.3, a malicious PDF can trigger a DoS by causing excessive memory usage when parsing a content stream without a /Length value, due to MAX_DECLARED_STREAM_LENGTH being ignored. The issue is resolved in pypdf 6.13.3. The vulner...

6.9CVSS5.7AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

DEBIAN-CVE-2026-53433

fzf is vulnerable to a Denial of Service DoS due to inefficient HTTP body processing in the --listen mode due to inefficient HTTP body processing using repeated string concatenation, resulting in quadratic time complexity On². A crafted POST request with many small segments can trigger excessive...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS0.00193EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-40145

Hi.Events through 1.9.0 public check-in list endpoints use shortid as sole access control, allowing unauthenticated access to retrieve full attendee lists including emails and personal information. Attackers with knowledge of the shortid can call GET /api/public/check-in-lists/shortid/attendees t...

8.3CVSS5.8AI score0.00339EPSS
Exploits0References3
CVE
CVE
added 6 days ago14 views

CVE-2026-57959

CVE-2026-57959 affects Hi.Events up to version 1.9.0. The vulnerability arises in promo code validation where the reservation path checks the usage count before the asynchronous UpdateEventStatisticsJob increments it, enabling a race condition. Attackers can sequentially reserve multiple orders u...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 6 days ago7 views

CVE-2026-54370

A time-of-check to time-of-use TOCTOU race condition vulnerability was found in acl. By replacing a pathname component with a symbolic link between a security check and subsequent file operations, an attacker can redirect file access control list operations. This occurs when privileged processes...

7.2CVSS5.7AI score0.00091EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 6 days ago6 views

urllib3: urllib3: Information disclosure via cross-origin redirects forwarding sensitive headers

A flaw was found in urllib3, an HTTP client library for Python. When using the low-level API via ProxyManager.connectionfromurl.urlopen with assertsamehost=False, cross-origin redirects can still forward sensitive headers. This could allow a remote attacker to gain unauthorized access to sensitiv...

8.2CVSS5.8AI score0.00527EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago8 views

urllib3: urllib3: Denial of Service due to excessive HTTP response decompression

A flaw was found in urllib3, an HTTP client library for Python. This vulnerability allows a remote attacker to cause excessive resource consumption, such as high CPU usage and massive memory allocation, on the client side. This occurs when urllib3 attempts to decompress an entire HTTP response,...

8.9CVSS5.8AI score0.0068EPSS
Exploits0References5
Veeam
Veeam
added 6 days ago10 views

Release Information for Veeam Backup for Microsoft 365 8.5

Requirements This release can be used to: upgrade an existing v8, v8.1, v8.2, v8.3, or v8.4 deployment of Veeam Backup for Microsoft 365 to v8.5. install a new deployment of Veeam Backup for Microsoft 365 v8.5. After installing this release, the Veeam Backup for Microsoft 365 build number will be...

5.7AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding...

6AI score0.00172EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-53131

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: require Ethernet MAC header before using ethhdr ip6teui64, xtmac, the bitmap:ip,mac, hash:ip,mac, and hash:mac ipset types, and nflogsyslog access...

9.4CVSS6AI score0.00431EPSS
Exploits0References4
Rows per page
Query Builder