Lucene search
K

1289 matches found

Github Security Blog
Github Security Blog
added 2026/05/05 6:10 p.m.12 views

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/05 6:10 p.m.4 views

GHSA-M68R-V472-JGQ9 JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4
NVD
NVD
added 2026/05/05 4:16 p.m.15 views

CVE-2025-66369

An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service...

7.5CVSS0.00343EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37244

Name of the Vulnerable Software and Affected Versions JupyterHub versions 4.1.0 through 5.4.4 Description XSRF protection inappropriately treated requests containing the Sec-Fetch-Mode: no-cors header as same-origin requests, allowing the bypass of XSRF checks. This affects HTTP form endpoints,...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-37270

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 2.52.12 Fiber versions prior to 3.1.0 Description A Cross-Site Scripting issue exists in the Go Fiber web framework. A remote attacker can inject arbitrary HTML or JavaScript by providing an Accept: text/html header in ...

5.3CVSS6.1AI score0.00212EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/05 12:0 a.m.3 views

CVE-2025-66369

An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service...

7.5CVSS5.8AI score0.00343EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 12:0 a.m.32 views

CVE-2025-66369

An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a Denial of Service...

0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/04 7:14 p.m.39 views

CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS0.00284EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/04 7:14 p.m.9 views

CVE-2026-7768 @fastify/accepts-serializer vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References2
CVE
CVE
added 2026/05/04 7:14 p.m.25 views

CVE-2026-7768

The CVE affects @fastify/accepts-serializer where serializer-selection results are cached by the request Accept header without bounds or eviction, allowing an unauthenticated remote client to cause unbounded cache growth and Node.js heap exhaustion leading to a crash. Affected versions are

7.5CVSS5.8AI score0.00284EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.14 views

@fastify/accepts-serializer 安全漏洞

@fastify/accepts-serializer is a plugin developed by Fastify, which automatically selects a serialization method based on the Accept header. Versions of @fastify/accepts-serializer up to 6.0.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of size limits or evicti...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36915

Name of the Vulnerable Software and Affected Versions @fastify/accepts-serializer versions prior to 6.0.4 Description An issue exists where serializer-selection results are cached using the request Accept header as a key without a size limit or eviction policy. A remote unauthenticated client can...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

CentOS 9 : krb5-1.21.1-10.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the krb5-1.21.1-10.el9 build changelog. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls...

7.5CVSS5.9AI score0.00461EPSS
Exploits2References3
SUSE CVE
SUSE CVE
added 2026/04/30 2:25 a.m.10 views

SUSE CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS5.6AI score0.0046EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-40356

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system...

7.5CVSS5.9AI score0.0046EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/28 8:54 a.m.5 views

CVE-2026-40355

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...

5.9CVSS5.7AI score0.00461EPSS
Exploits1References6
OSV
OSV
added 2026/04/28 7:16 a.m.8 views

DEBIAN-CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS5.6AI score0.0046EPSS
Exploits1References1
NVD
NVD
added 2026/04/28 6:16 a.m.5 views

CVE-2026-40355

In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parsenegomessage...

7.5CVSS0.00461EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.10 views

MIT Kerberos 数字错误漏洞

MIT Kerberos is a software used by the Massachusetts Institute of Technology MIT for authentication in network clusters. As a network authentication protocol, its design goal is to provide robust authentication services for client/server applications through a key system. Prior to version 5.1.2.3...

5.9CVSS5.8AI score0.0046EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/28 12:0 a.m.4 views

CVE-2026-40356

In MIT Kerberos 5 aka krb5 before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process t...

5.9CVSS5.5AI score0.0046EPSS
Exploits1References3
Rows per page
Query Builder