Lucene search
K

1282 matches found

EUVD
EUVD
added 2026/05/25 8:0 a.m.14 views

EUVD-2026-31651

A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formAccept of the file /goform/formAccept of the component POST Request Handler. Such manipulation of the argument submit-url leads to command injection. It is possible to launch the attack...

6.5CVSS6.5AI score0.01364EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43049

A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made...

9CVSS7.9AI score0.00751EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 9:16 p.m.16 views

CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS0.00159EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 9:16 p.m.7 views

DEBIAN-CVE-2026-40864

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

4.3CVSS5.8AI score0.00159EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/22 8:13 p.m.10 views

EUVD-2026-31499

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 8:13 p.m.7 views

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/22 8:13 p.m.20 views

CVE-2026-40864 JupyterHub: Cross-origin form POSTs bypass XSRF

JupyterHub is software that allows users to create a multi-user server for Jupyter notebooks. In versions 4.1.0 through 5.4.4, XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, bypassing XSRF checks. The JSON API is not affecte...

5.4CVSS0.00159EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: raw: Fixed a data race around sysctlrawl3mdevaccept. While reading sysctlrawl3mdevaccept, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...

4.7CVSS5.7AI score0.00165EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in golang-golang-x-text

In Go 1.15.4, a "index out of range" panic occurs in the language.ParseAcceptLanguage function during the parsing of the -u- extension. The language.ParseAcceptLanguage function is supposed to be able to parse an HTTP Accept-Language header...

7.5CVSS7.1AI score0.02297EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: iouring: Fixed the issue where multishot accept requests could lead to leaks. Setting REQFPOLLED does not guarantee that the request will be executed as a multishot from the polling path. Fortunately, if the code misidentifies...

5.5CVSS5.9AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix disconnect vs accept race Despite the commit 0ad529d9fd2b “mptcp: fix possible divide by zero in recvmsg”, the mptcp protocol is still prone to a race between disconnect or shutdown and accept. The root cause is that t...

4.7CVSS6AI score0.00103EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: A data race issue around the sysctltcpfwmarkaccept function has been fixed. When reading sysctltcpfwmarkaccept, it can be changed concurrently. Therefore, we need to add a READONCE call to its reader...

4.7CVSS5.7AI score0.00177EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 10:17 p.m.12 views

krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...

5.9CVSS5.8AI score0.00461EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 4:31 p.m.14 views

krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit an integer underflow and an out-of-bounds read vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the process terminating, resulting in a Denial of...

5.9CVSS5.8AI score0.0046EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/19 4:31 p.m.14 views

krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism

A flaw was found in MIT Kerberos 5 krb5. An unauthenticated remote attacker can exploit a NULL pointer dereference vulnerability by calling gssacceptseccontext on a system with a NegoEx mechanism registered. This can lead to the termination of the process, resulting in a Denial of Service DoS...

5.9CVSS5.8AI score0.00461EPSS
Exploits0References7
NVD
NVD
added 2026/05/12 10:16 p.m.15 views

CVE-2026-44242

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Prior to 4.10.22, the bundleCache is keyed by Locale, baseName where the locale originates from the HTTP Accept-Language header. In applications that explicitly register a...

3.7CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 9:20 p.m.40 views

CVE-2026-44241 Micronaut Framework: Unbounded formattersCache in TimeConverterRegistrar Allows Memory Exhaustion via Accept-Language Header

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS0.00405EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 9:20 p.m.22 views

CVE-2026-44241

Summary of CVE-2026-44241 (Micronaut Framework) Affected: Micronaut Core versions 4.3.0–4.10.21 (fixed in 4.10.22). A cache in TimeConverterRegistrar stores DateTimeFormatter instances in an unbounded ConcurrentHashMap keyed by pattern+Locale derived from the @Format annotation and the HTTP Accep...

7.5CVSS6AI score0.00405EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/12 9:20 p.m.6 views

CVE-2026-44241 Micronaut Framework: Unbounded formattersCache in TimeConverterRegistrar Allows Memory Exhaustion via Accept-Language Header

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS6AI score0.00405EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 9:20 p.m.9 views

CVE-2026-44241

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. From 4.3.0 to before 4.10.22, TimeConverterRegistrar caches DateTimeFormatter instances in an unbounded ConcurrentHashMap whose key is derived from the @Format annotation...

7.5CVSS6AI score0.00405EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder