Lucene search
K

212 matches found

Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56507

Name of the Vulnerable Software and Affected Versions Hono versions 4.3.3 through 4.12.26 Description The AWS API Gateway v1 adapter incorrectly de-duplicates repeated request header values by using a substring comparison instead of an exact match. This behavior can lead to the loss of distinct...

5.3CVSS6.1AI score0.00126EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/07 6:11 a.m.3 views

Security Bulletin: Security vulnerabilities have been found in IBM Application Gateway

Summary Security vulnerabilities have been addressed in IBM Application Gateway Vulnerability Details CVEID:CVE-2026-40355 DESCRIPTION: In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism...

7.5CVSS6AI score0.00501EPSS
Exploits2Affected Software1
NVD
NVD
added 2026/06/10 7:16 a.m.18 views

CVE-2026-11815

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS0.00317EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 6:39 a.m.17 views

EUVD-2026-35992

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References1
CBLMariner
CBLMariner
added 2026/06/05 12:59 p.m.10 views

CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5

CVE-2026-33814 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-5. A patched version of the package is available...

7.5CVSS5.4AI score0.00781EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.13 views

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42502 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.11 views

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25680 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.5CVSS5.8AI score0.00248EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.14 views

CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-39821 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.10 views

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-27136 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.11 views

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-42506 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00188EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/05/30 3:37 a.m.15 views

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4

CVE-2026-25681 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-4. A patched version of the package is available...

6.1CVSS5.8AI score0.00178EPSS
Exploits0
NVD
NVD
added 2026/05/04 2:16 p.m.29 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS0.00397EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/04 1:47 p.m.5 views

CVE-2026-6266 Aap-controller: aap-gateway: account hijacking and unauthorized access via unverified email linking

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.8AI score0.00397EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/24 4:8 p.m.7 views

EUVD-2026-25576

Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, modify, and delete all application data across tenants and manage Cognito user accounts within the...

9.8CVSS5.4AI score0.00254EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 2:22 p.m.1 views

CVE-2026-33034 Potential denial-of-service vulnerability in ASGI requests via memory upload limit bypass

An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. ASGI requests with a missing or understated Content-Length header could bypass the DATAUPLOADMAXMEMORYSIZE limit when reading HttpRequest.body, allowing remote attackers to load an unbounded request body into...

5.9AI score0.00769EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.2 views

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/10 10:56 p.m.4 views

CVE-2025-58190 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3

CVE-2025-58190 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-3. A patched version of the package is available...

5.3CVSS5.8AI score0.00482EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.3 views

CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27

CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27. A patched version of the package is available...

7.5CVSS7.3AI score0.00693EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/03/09 2:32 p.m.3 views

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27

CVE-2025-47911 affecting package application-gateway-kubernetes-ingress for versions less than 1.4.0-27. A patched version of the package is available...

5.3CVSS5.8AI score0.00502EPSS
Exploits0
OSV
OSV
added 2026/02/05 6:16 p.m.5 views

AZL-76856 CVE-2025-58190 affecting package application-gateway-kubernetes-ingress 1.7.7-2

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.4AI score0.00482EPSS
Exploits1References1
Rows per page
Query Builder