Lucene search
+L

6876 matches found

redhat
redhat
added 2026/07/09 7:38 a.m.7 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS7AI score0.00415EPSS
Exploits0References9
cve
cve
added 2026/07/09 12:0 a.m.7 views

CVE-2026-39243

The CVE-2026-39243 entry concerns decompress before 4.2.2, where archive extraction can create arbitrary hardlinks. During processing of hardlink entries (type === 'link'), the x.linkname field is passed directly to fs.link() without validation, enabling an attacker to craft an archive whose hard...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.7 views

PT-2026-56933

Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 2025.4.6 Pimcore versions prior to 2026.1.6 Description An unauthenticated attacker who knows a valid admin username can take over an admin account by sending a password reset request containing an attacker-controlled...

8.8CVSS6.1AI score0.0035EPSS
Exploits0References7
snyk
snyk
added 2026/07/08 10:38 p.m.3 views

Improper Authorization

Overview github.com/nats-io/nats-server/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Improper Authorization via the subscription authorization process. An attacker can access...

7.1CVSS6.1AI score0.00465EPSS
Exploits0References2
osv
osv
added 2026/07/08 10:9 p.m.3 views

CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS6.1AI score0.00238EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.7 views

PT-2026-57871

Name of the Vulnerable Software and Affected Versions AnyDesk affected versions not specified Description A flaw in the Send Support Information feature allows local attackers to cause a denial-of-service condition. An attacker with the ability to execute low-privileged code on the target system...

5.5CVSS6.3AI score0.00104EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56358

Name of the Vulnerable Software and Affected Versions Foxit Reader affected versions not specified Description An XML External Entity XXE issue exists where the application processes files that are not strictly in a structurally valid PDF format. By opening a malicious document disguised as a PDF...

6.5CVSS6.1AI score0.00205EPSS
Exploits0References5
amazon
amazon
added 2026/07/08 12:0 a.m.4 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
nvd
nvd
added 2026/07/07 11:16 p.m.6 views

CVE-2026-59704

Cap's GET /api/video/ai endpoint fails to validate user ownership or membership before returning private video AI metadata including titles, summaries, and chapters. Authenticated attackers can supply arbitrary video IDs to read sensitive AI-generated content and trigger unauthorized AI generatio...

7.1CVSS0.00216EPSS
Exploits0References5
osv
osv
added 2026/07/07 9:17 p.m.3 views

DEBIAN-CVE-2026-53511

calibre is an e-book manager. Prior to 9.10.0, a malicious EPUB, OPF, or PDF file can execute arbitrary Python code when its metadata is read by calibre, including through Add books or Edit books, by embedding a custom column definition with a python: template in calibre:usermetadata that is pass...

8.5CVSS6.3AI score0.00197EPSS
Exploits0References1
osv
osv
added 2026/07/07 6:19 p.m.8 views

CVE-2026-59800 9Router < 0.4.44 - OS Command Injection via sudoPassword Parameter in Tailscale Install Endpoint

9Router before 0.4.44 contains an OS command injection vulnerability in the unauthenticated POST /api/tunnel/tailscale-install endpoint this route is not covered by the dashboard middleware matcher, so no authorization check is applied. The sudoPassword field from the request body is written to t...

9.2CVSS6.3AI score0.01372EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/07/07 4:37 p.m.9 views

CVE-2026-14904

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References3
euvd
euvd
added 2026/07/07 4:37 p.m.7 views

EUVD-2026-42056

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References2
thn
thn
added 2026/07/07 1:27 p.m.25 views

Writer AI Flaw Could Let Agent Previews Leak Session Tokens Across Tenants

Cybersecurity researchers have disclosed details of a now-patched critical session isolation vulnerability in Writer, an enterprise generative artificial intelligence AI platform, that could result in cross-tenant compromise. The one-click vulnerability has been codenamed WriteOut by the Sand...

6.1AI score
Exploits0
nvd
nvd
added 2026/07/07 4:17 a.m.9 views

CVE-2026-34198

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, the TrustProxies middleware trusts all proxies $proxies = '', accepting X-Forwarded-Host from any source. The TrustHosts middleware, intended to prevent host header attacks...

5.3CVSS0.00139EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/07/07 12:0 a.m.7 views

PT-2026-56249

Name of the Vulnerable Software and Affected Versions Dashy versions prior to 4.3.7 Description The workspace view fails to validate the scheme of the URL query parameter before assigning it to an iframe source. This allows an attacker to execute JavaScript on the Dashy origin by tricking a...

3.9CVSS6.3AI score0.00255EPSS
Exploits0References7
nvd
nvd
added 2026/07/06 10:16 p.m.11 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS0.003EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/06 9:49 p.m.5 views

CVE-2026-43927

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.0, a race condition in the cart checkout flow allows an authenticated client to apply a promo code beyond its configured maximum uses. By sending concurrent checkout requests before any single request...

6.9CVSS6AI score0.0022EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2026/07/06 9:10 p.m.3 views

CVE-2026-41899

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...

6.5CVSS6AI score0.003EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/07/06 9:10 p.m.14 views

CVE-2026-41899

CVE-2026-41899 affects Coolify prior to 4.0.0-beta.474. The POST /api/feedback endpoint is unauthenticated, lacks rate limiting and input validation, allowing arbitrary content to reach a Discord webhook and enabling spam, content injection, and webhook abuse. Remediation: upgrade to Coolify 4.0....

6.5CVSS6AI score0.003EPSS
Exploits0References3
Rows per page
Query Builder