Lucene search
+L

552 matches found

EUVD
EUVD
added 2026/06/17 4:58 p.m.13 views

EUVD-2026-37765

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a vulnerability in Envoy's HTTP/2 downstream request processing allows an unauthenticated remote client to trigger excessive memory consumption, potentiall...

7.5CVSS5.8AI score0.00815EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/16 11:53 a.m.3 views

CVE-2026-12328

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

8.1CVSS5.9AI score0.00476EPSS
Exploits0References7
OSV
OSV
added 2026/06/16 9:46 a.m.6 views

ROOT-OS-DEBIAN-12-CVE-2026-34380 CVE-2026-34380 in rootio-openexr - Patched by Root

Root has patched CVE-2026-34380 in the rootio-openexr package for Root:Debian:12. Multiple fixed versions available...

5.3CVSS5.8AI score0.00255EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/06/16 2:19 a.m.10 views

SUSE CVE-2026-48059

Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing nest...

7.5CVSS5.5AI score0.00606EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-37000

Spring Cloud Gateway Server forwards the X-Forwarded-For and Forwarded headers from untrusted proxies in certain configuration scenarios. This affects both the WebMVC and WebFlux Gateway Servers. Affected versions: Spring Cloud Gateway 3.1.x fix 3.1.13. Spring Cloud Gateway 4.1.x fix 4.1.13. Spri...

8.6CVSS5.2AI score0.00139EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 11:53 a.m.7 views

ROOT-APP-MAVEN-CVE-2020-36181 CVE-2020-36181 in io.root.com.fasterxml.jackson.core:jackson-databind - Patched by Root

Root has patched CVE-2020-36181 in the io.root.com.fasterxml.jackson.core:jackson-databind package for Root:Maven. Multiple fixed versions available...

8.8CVSS7.9AI score0.05018EPSS
Exploits2
EUVD
EUVD
added 2026/06/11 3:33 p.m.9 views

EUVD-2026-36258

Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains prototype-pollution gadgets in request config processing. If another vulnerability in the same JavaScript process has already polluted Object.prototype.transformResponse,...

7CVSS5.5AI score0.00495EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 1:27 p.m.12 views

GHSA-5375-PQ7M-F5R2 @grpc/grpc-js: A malformed request can cause a server crash

Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no workaround...

7.5CVSS5.5AI score0.00625EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/11 10:21 a.m.36 views

CVE-2026-3553 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.0 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to access confidential issue details due to incorrect authorization checks...

3.1CVSS0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/05 8:27 p.m.13 views

EUVD-2026-32921

TinyMCE Cross-Site Scripting XSS vulnerability using through data-mce- prefixed src, href, style attributes...

8.7CVSS5.4AI score0.00281EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.10 views

CVE-2026-34154

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, a vulnerability in the discourse-subscriptions plugin allows users to gain access to subscription-gated groups without completing payment. This issue has been fixed in version...

5.3CVSS5.4AI score0.00214EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.10 views

CVE-2026-28987

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state...

7.5CVSS5.4AI score0.0044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.12 views

CVE-2025-13874

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

4.3CVSS5.5AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:24 p.m.18 views

CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS5.5AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.10 views

CVE-2026-41259

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

8.2CVSS5.5AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.16 views

CVE-2026-4821

An improper neutralization of special elements vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Management Console administrator to execute arbitrary OS commands via shell metacharacter injection in proxy configuration fields such as httpproxy. Exploitation o...

8.1CVSS5.9AI score0.00014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.10 views

CVE-2026-40330

Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, a SQL injection vulnerability exists in the beanFeed.cfc component within the getQuery function's handling of the sortDirection parameter. The...

9.3CVSS6.3AI score0.00425EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.21 views

CVE-2026-40981

A flaw was found in Spring Cloud Config. When utilizing Google Secrets Manager as a backend, a remote client can craft a specific request to the config server. This action may lead to the unintended exposure of secrets from other Google Cloud Platform GCP projects, resulting in sensitive...

7.5CVSS5.1AI score0.00435EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40459

PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10...

8.8CVSS5.6AI score0.00608EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 2:38 p.m.15 views

EUVD-2026-34288

OpenTelemetry-Go is the Go implementation of OpenTelemetry. Versions 1.41.0 and 1.43.0 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Versions 1.42.0 and 1.44.0 fix the issue...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder