Lucene search
+L

1344 matches found

Cvelist
Cvelist
added 3 days ago24 views

CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

...

7.5CVSS0.00797EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-45646 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

...

7.5CVSS6.1AI score0.00797EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago22 views

CVE-2026-50506 OData for ASP.NET and ASP.NET Core Denial of Service Vulnerability

...

7.5CVSS0.00797EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 3 days ago4 views

Security Update for Microsoft ASP.NET Core (July 2026)

The Microsoft ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by multiple vulnerabilities as referenced in the vendor advisory. - Incorrect implementation of authentication algorithm in ASP.NET Core allows an authorized attacker to elevate...

8.8CVSS6.2AI score0.00582EPSS
Exploits0References13
OSV
OSV
added 2026/06/26 4:15 p.m.3 views

CVE-2026-55677 Echo: Encoded slash (%2F) bypasses route-level protection and exposes static files

Echo is a Go web framework. Prior to 4.15.3 and 5.2.0, Echo's router and static file handler disagree on URL path decoding. The router matches routes using the raw encoded path preserving %2F as-is, while StaticDirectoryHandler unescapes %2F to / before resolving filesystem paths. This allows an...

7.5CVSS6AI score0.0043EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 10:13 p.m.25 views

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

9.8CVSS6.8AI score0.01017EPSS
Exploits4Affected Software1
OSV
OSV
added 2026/06/22 6:16 p.m.3 views

UBUNTU-CVE-2026-54279

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, host-only cookies that are saved with CookieJar.save and then restored later with CookieJar.load lose their host-only status. This vulnerability is fixed in 3.14.1...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 6:16 p.m.3 views

UBUNTU-CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 4:40 p.m.32 views

CVE-2026-54280 AIOHTTP: Payload Response Resources Are Not Closed After Mid-Body Disconnect

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS0.00281EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/22 4:36 p.m.8 views

CVE-2026-54276

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, DigestAuthMiddleware can send an authentication response after following a cross-origin redirect. This likely requires an open redirect vulnerability or similar on the target domain for an attacker to...

6.3CVSS5.9AI score0.00178EPSS
Exploits0
Fedora
Fedora
added 2026/06/15 1:11 a.m.21 views

[SECURITY] Fedora 43 Update: python-django5-5.2.15-1.fc43

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

5.3CVSS5.4AI score0.00359EPSS
Exploits0
Fedora
Fedora
added 2026/06/15 12:51 a.m.24 views

[SECURITY] Fedora 44 Update: python-django5-5.2.15-1.fc44

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

5.3CVSS5.4AI score0.00359EPSS
Exploits0
OSV
OSV
added 2026/06/10 12:0 a.m.8 views

ALSA-2026:25113 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...

7.5CVSS5.5AI score0.0243EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.9 views

Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime...

7.5CVSS5.5AI score0.0243EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.15 views

ASP.NET Core Denial of Service Vulnerability

Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS5.4AI score0.0243EPSS
Exploits0
EUVD
EUVD
added 2026/06/08 1:45 a.m.14 views

EUVD-2026-35008

A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/web/oauth2/server/OAuth2Client.java of the component OAuth2 Client. The manipulation results in op...

5.3CVSS5.1AI score0.00303EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.14 views

jflyfox jfinal_cms 注入漏洞

jflyfox jfinalcms is a powerful information consulting website developed by jflyfox as open source. It uses the concise and robust JFinal as the web framework, Beetl as the template engine, MySQL as the database, and the Bootstrap framework for the front end. Versions of jflyfox jfinalcms 5.1.0 a...

6.5CVSS6.6AI score0.00204EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:27 a.m.15 views

[SECURITY] Fedora 44 Update: python-starlette-0.52.1-2.fc44

Starlette is a lightweight ASGI framework/toolkit, which is ideal for building async web services in Python. It is production-ready, and gives you the following: =E2=80=A2 A lightweight, low-complexity HTTP web framework. =E2=80=A2 WebSocket support. =E2=80=A2 In-process background tasks. =E2=80=...

6.5CVSS5.8AI score0.01438EPSS
Exploits2
EUVD
EUVD
added 2026/06/04 1:15 p.m.14 views

EUVD-2026-32016

Starlette has missing Host header validation that poisons request.url.path, bypassing path-based security checks...

6.5CVSS5.8AI score0.01438EPSS
Exploits2References8
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.10 views

Iris 安全漏洞

Iris is an open-source fast, simple, yet fully functional and highly efficient Go web framework developed by DFIR-IRIS. Versions of Iris prior to 2.4.28 contained security vulnerabilities, which were due to the possibility of redirecting users to malicious websites through abuse...

4.7CVSS5.3AI score0.00174EPSS
Exploits0References2
Rows per page
Query Builder