JLSEC-2026-4 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

Siemens SIMATIC S7-1500 Allocation of Resources Without Limits or Throttling (CVE-2024-28182)

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK...

Wangtai idcCMS 安全漏洞

Wangtai idcCMS is a cloud management agent system from China Nettai Wangtai. A security vulnerability exists in Wangtai idcCMS version 1.60, which stems from improper manipulation of the parameter idName and can lead to cross-site scripting attacks...

Supermicro X11 安全漏洞

The Supermicro X11 is a server motherboard from American Supermicro Computer Supermicro. A security vulnerability exists in Supermicro X11SSM-F, X11SAE-F, X11SSE-F version 1.66. An attacker could exploit this vulnerability to perform cross-site scripting attacks...

PT-2024-1554 · Sap · Sap Marketing

Name of the Vulnerable Software and Affected Versions: SAP Marketing Contacts App version 160 Description: The issue is related to a URL redirection vulnerability in the Contacts App component of the SAP Marketing system, which can be exploited by a remote attacker to conduct a phishing attack...

profanity 安全特征问题漏洞

profanity is an ethereum vanity address generator from BlackTrace Personal Developers. A security vulnerability exists in profanity versions 1.60 and earlier, which stems from the fact that it has only 4 billion possible RNG initializations leading to an attacker being able to recover private key...

Open TFTP Server SP Formatting String Error Vulnerability

Open TFTP Server SP is a file transfer server. A formatting string error vulnerability exists in the 'logMess' function in TFTP Server SP version 1.66 and earlier. The vulnerability originates from a network system or product that receives external formatted strings as parameters with lax filteri...

Open TFTP Server SP Buffer Overflow Vulnerability

Open TFTP Server SP is a file transfer server. A buffer overflow vulnerability exists in TFTP Server SP version 1.66 and earlier. The vulnerability stems from a network system or product performing operations in memory without properly validating data boundaries, resulting in incorrect read and...

jenkins-script-security-plugin: handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts

A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.62 and earlier related to the handling of subexpressions in increment and decrement expressions not involving actual assignment allowed attackers to execute arbitrary code in sandboxed scripts...

UBUNTU-CVE-2018-1000613

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in XMSS/XMSS^MT private key deserialization that can result in...