Lucene search
+L

687 matches found

RedHat Linux
RedHat Linux
added 2026/05/14 4:55 p.m.9 views

Apache MINA: Apache MINA: Arbitrary code execution via classname allowlist bypass

A flaw was found in Apache MINA. A remote attacker could exploit a vulnerability in the AbstractIoBuffer.resolveClass method, which failed to properly validate class names for static classes or primitive types. This bypasses the intended security control, known as a classname allowlist, allowing ...

9.8CVSS7AI score0.0064EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/07 7:6 a.m.17 views

Unsafe Deserialization

Apache MINA is vulnerable to Unsafe Deserialization. The vulnerability is due to incomplete enforcement of a classname allowlist in AbstractIoBuffer.resolveClass, where certain branches e.g., for primitive or static classes bypass validation and call Class.forName without checks, allowing attacke...

9.8CVSS6AI score0.00902EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/07 12:24 a.m.23 views

Netty Redis Codec Encoder has a CRLF Injection Issue

Security Vulnerability Report: CRLF Injection in Netty Redis Codec Encoder 1. Vulnerability Summary | Field | Value | |-------|-------| | Product | Netty | | Version | 4.2.12.Final and all prior versions with codec-redis | | Component | io.netty.handler.codec.redis.RedisEncoder | | Vulnerability...

7.1CVSS6.2AI score0.00198EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/06 8:22 p.m.14 views

CVE-2026-7783

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS6.4AI score0.00241EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 6:52 a.m.9 views

pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

An unbounded recursion flaw has been discovered in the pypi pyasn1 library. This uncontrolled recursion occurs when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing nested SEQUENCE 0x30 or SET 0x31 tags with Indefinite Length 0x80 markers. Thi...

7.5CVSS6.8AI score0.00803EPSS
Exploits1References6
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.9 views

Tailored Prompts, Targeted Protection: Vulnerability-Specific LLM Analysis for Smart Contracts

Smart contracts on blockchains are prone to diverse security vulnerabilities that can lead to significant financial losses due to their immutable nature. Existing detection approaches often lack flexibility across vulnerability types and rely heavily on manually crafted expert rules. In this pape...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/04 11:15 p.m.44 views

CVE-2026-7783 CodeCanyon Perfex CRM Admin Kanban Endpoint AbstractKanban.php applySortQuery sql injection

A flaw has been found in CodeCanyon Perfex CRM up to 3.4.1. This vulnerability affects the function AbstractKanban::applySortQuery of the file application/services/AbstractKanban.php of the component Admin Kanban Endpoint. This manipulation of the argument this causes sql injection. It is possibl...

6.5CVSS0.00241EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 6:30 p.m.17 views

Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: Before 2.5.9 Before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

7.5CVSS5.9AI score0.00627EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/04 6:30 p.m.5 views

GHSA-659W-93R5-9J6M Apache OpenNLP AbstractModelReader has an OOM Denial of Service via Unbounded Array Allocation

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: Before 2.5.9 Before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field from a binary...

7.5CVSS5.9AI score0.00627EPSS
Exploits0References4
OSV
OSV
added 2026/05/04 5:16 p.m.5 views

DEBIAN-CVE-2026-42440

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field...

7.5CVSS5.9AI score0.00627EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 5:16 p.m.13 views

CVE-2026-42440

OOM Denial of Service via Unbounded Array Allocation in Apache OpenNLP AbstractModelReader Versions Affected: before 1.9.5 before 2.5.9 before 3.0.0-M3 Description: The AbstractModelReader methods getOutcomes, getOutcomePatterns, and getPredicates each read a 32-bit signed integer count field...

7.5CVSS0.00627EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/04 9:49 a.m.11 views

CVE-2026-6527

A flaw was found in Wireshark, a network protocol analyzer. A local user could be affected by this vulnerability if they open a specially crafted capture file containing malformed ASN.1 PER Abstract Syntax Notation One Packed Encoding Rules protocol data. This could lead to a crash of the Wiresha...

5.5CVSS5.7AI score0.00125EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.14 views

PT-2026-36637

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description An OutOfMemory OOM Denial of Service exists in the AbstractModelReader class. The methods getOutcomes, getOutcomePatterns, and getPredicates read a...

7.5CVSS5.8AI score0.00627EPSS
Exploits0References31
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.46 views

PT-2026-36635

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The DictionaryEntryPersistor class initializes a static SAXParserFactory without enabling FEATURE SECURE PROCESSING or disabling DTD processing. When...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References30
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.13 views

PT-2026-36636

Name of the Vulnerable Software and Affected Versions Apache OpenNLP versions prior to 2.5.9 Apache OpenNLP versions prior to 3.0.0-M3 Description The ExtensionLoader.instantiateExtensionClass, String function loads a class by its fully-qualified name using Class.forName and invokes its no-arg...

9.8CVSS6.1AI score0.00692EPSS
Exploits0References31
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-5080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints o...

5.9CVSS5.5AI score0.00374EPSS
Exploits0References3
NVD
NVD
added 2026/05/01 5:16 p.m.6 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS0.00123EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/01 5:14 p.m.10 views

CVE-2026-41409

A flaw was found in Apache MINA. An incomplete fix for a deserialization vulnerability in the AbstractIoBuffer.getObject method allowed a static initializer in a class to be executed before the classname allowlist was applied. This could enable a remote attacker to execute arbitrary code by sendi...

9.8CVSS6.2AI score0.00451EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/01 11:26 a.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the normalization performed by the AbstractPolicyOperator class. An attacker can cause unbounded memory allocation and exhaust the JVM heap by submitting malicious WS-Policy...

8.7CVSS5.8AI score0.00711EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.4 views

CVE-2026-37526

AGL app-framework-binder afb-daemon through v19.90.0 allows any local process to execute privileged supervision commands Exit, Do, Sclose, Config, Trace, Debug, Token, slist without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The onsupervisioncall function in...

7.8CVSS6AI score0.00123EPSS
Exploits0References2
Rows per page
Query Builder