Lucene search
+L

5020 matches found

snyk
snyk
added 2026/07/01 6:18 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the upload endpoint. An attacker can exhaust system memory by submitting specially crafted requests, potentially causing the service to become unavailable. Remediation Upgrade...

7.5CVSS6AI score0.00312EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 3:34 p.m.5 views

Improper Input Validation

Overview pretix is a Reinventing presales, one ticket at a time Affected versions of this package are vulnerable to Improper Input Validation via improper validation of session parameters in the payment integration plugins and the use of shared cryptographic keys and salts across unrelated...

9.9CVSS6AI score0.00239EPSS
Exploits0References2
snyk
snyk
added 2026/07/01 6:11 a.m.12 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the process that handles user requests without proper validation of request origin. An attacker can perform unauthorized actions on behalf of authenticated users by tricking them into submitting...

8.3CVSS6AI score0.00088EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/01 12:0 a.m.17 views

PT-2026-54772

Name of the Vulnerable Software and Affected Versions erlang/quic versions prior to 1.4.4 Description The QUIC client fails to authenticate the server during the TLS 1.3 handshake. Specifically, the verify process is ineffective because the CertificateVerify signature is not checked, the...

9.1CVSS5.8AI score
Exploits0References5
nvd
nvd
added 2026/06/30 11:16 a.m.7 views

CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS0.00589EPSS
Exploits0References2
osv
osv
added 2026/06/30 11:16 a.m.4 views

DEBIAN-CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.7AI score0.00589EPSS
Exploits0References1
osv
osv
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-54475

Missing Authorization vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Apache ActiveMQ Classic temporary destinations are expected to be isolated to the connection that created them. The isolation can be broken as this is only checked in the client, allowing...

7.5CVSS5.7AI score0.00589EPSS
Exploits0References3
nessus
nessus
added 2026/06/30 12:0 a.m.17 views

RHEL 10 : mariadb10.11 (RHSA-2026:33093)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33093 advisory. MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation...

10CVSS6.5AI score0.00998EPSS
Exploits0References13
snyk
snyk
added 2026/06/29 10:23 p.m.6 views

Always-Incorrect Control Flow Implementation

Overview org.apache.tomcat:tomcat-util is a Common code shared by multiple Tomcat components. Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to the incomplete logging of the effective web.xml when special roles and empty authorization...

9.1CVSS5.9AI score0.00368EPSS
Exploits0References2
snyk
snyk
added 2026/06/29 10:23 p.m.12 views

Improper Authorization

Overview org.apache.tomcat:tomcat-catalina is a Tomcat Servlet Engine Core Classes and Standard implementations. Affected versions of this package are vulnerable to Improper Authorization due to the improper enforcement of security constraints in the default servlet when certain HTTP methods or...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References2
nvd
nvd
added 2026/06/29 9:16 p.m.11 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS0.0028EPSS
Exploits0References2
osv
osv
added 2026/06/29 9:16 p.m.5 views

UBUNTU-CVE-2026-55957

Missing Critical Step in Authentication vulnerability in Apache Tomcat when the JNDIRealm was configured to authenticate binds using GSSAPI allowed attackers to authenticate without provided the correct password. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.4, from 10.1.0-M1...

7.3CVSS5.7AI score0.00462EPSS
Exploits0References7
debiancve
debiancve
added 2026/06/29 8:44 p.m.6 views

CVE-2026-55955

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.7AI score0.0028EPSS
Exploits0
osv
osv
added 2026/06/29 8:44 p.m.3 views

CVE-2026-55955 Apache Tomcat: EncryptInterceptor not protected against replay attacks

Improper Authentication vulnerability in Apache Tomcat allowed a replay attack against the EncryptionInterceptor in the cluster component. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.13 through 9.0.18, from 8.5.38 through 8.5.100, fro...

6.5CVSS5.9AI score0.0028EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/06/29 8:41 p.m.6 views

CVE-2026-53434

Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version...

5.7AI score0.00368EPSS
Exploits0References2Affected Software1
ibm
ibm
added 2026/06/29 7:48 p.m.6 views

Security Bulletin: Code Injection Vulnerability in Code Validation Endpoint

Summary A code injection vulnerability was identified in the code validation endpoint that allowed authenticated users to execute arbitrary code on the server. The vulnerability existed in the validation logic which compiled and executed function definitions to check for import errors. Attackers...

9.9CVSS6.6AI score0.00294EPSS
Exploits0Affected Software1
nvd
nvd
added 2026/06/29 4:16 p.m.11 views

CVE-2026-13748

Improper restriction of file path resolution in Snowflake CLI versions prior to 3.19 allowed arbitrary local file content to be read and transmitted to Snowflake services. An attacker could exploit this by supplying crafted repository or project content that referenced files outside the intended...

6.3CVSS0.00139EPSS
Exploits0References1
osv
osv
added 2026/06/29 2:16 p.m.13 views

DEBIAN-CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/29 1:22 p.m.18 views

CVE-2026-13676

fast-uri versions 2.3.1 through 3.1.2 and 4.0.0 fail to canonicalize Unicode IDN hostnames for HTTP-family URLs. The IDN conversion path calls a helper that does not exist on the global URL constructor, silently leaving the host in its original Unicode form while normalize and equal still return...

7.5CVSS5.8AI score0.00312EPSS
Exploits0References3Affected Software1
redhatcve
redhatcve
added 2026/06/29 4:44 a.m.10 views

CVE-2026-54233

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References5
Rows per page
Query Builder