Lucene search
K

203297 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-40400

IBM Langflow OSS 1.0.0 through 1.9.6 contains a Server-Side Request Forgery SSRF. The legacy RSSReaderComponent in rss.py and SearXNG component in searxng.py make unvalidated HTTP requests to user-controlled URLs, bypassing SSRF protections introduced in version 1.9.3. An authenticated attacker c...

8.2CVSS5.8AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40398

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

4.3CVSS5.8AI score
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-13772

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-40387

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 's Object Query Language engine resolves attacker-supplied class names via Class.forName and invokes their constructors with no allow-list at three distinct sinks SELECT NEW, enum literals, and reflection-based comparators; an authenticated remo...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-13773

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 Approximately 50 generated CORBA stub classes in WebSphere eXtreme Scale's ogclient.jar call ORB.stringtoobject on an attacker-controlled IOR string during Java deserialization, turning any unfiltered ObjectInputStream sink in WAS into outbound...

6CVSS6.4AI score
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-9002 IBM WebSphere eXtremes Scale is affected by uncontrolled resource consumption when XDF is enabled

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-50734

A flaw was found in Apache ActiveMQ. An unauthenticated network attacker can exploit this vulnerability by sending a specially crafted WireFormatInfo frame with an excessively large size value. This unvalidated value causes the broker to attempt an oversized memory allocation during...

7.5CVSS5.6AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday3 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00685EPSS
Exploits0References8
EUVD
EUVD
added yesterday5 views

EUVD-2026-40351

Vibe-Trading before 0.1.10 builds the proposal file path by joining a caller-supplied proposal identifier onto the broker proposals directory without sanitization agent/src/live/mandate/commit.py. A proposal identifier containing path traversal sequences causes the application to load an...

8.3CVSS5.8AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday4 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00685EPSS
Exploits0References8
CVE
CVE
added yesterday7 views

CVE-2026-58374

CVE-2026-58374 details : In hostapd (before 2.12) there is a bounds-check issue in AP-mode Wi‑Fi 7 (IEEE 802.11be) Multi‑Link Operation (MLO) association request processing. In hostapd_process_ml_assoc_req() (src/ap/ieee802_11_eht.c), the received link_id can be parsed as 15, but links[] only con...

6.5CVSS5.8AI score
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...

8.2CVSS6.1AI score0.00467EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday6 views

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...

8.2CVSS6.1AI score0.00467EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday3 views

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...

8.2CVSS7.6AI score0.00467EPSS
Exploits1References5
NVD
NVD
added yesterday8 views

CVE-2026-12076

Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute arbitrary SQL statements against the underlying PostgreSQL database, leading to full database compromise, including credential extraction...

9.3CVSS0.00431EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2025-7406

Nokia MantaRay NM is vulnerable to a sudo privilege escalation vulnerability where a local attacker possessing administrative local admin privileges can escalate to full root privileges on the host. Successful exploitation results in root-level access to the filesystem and the ability to execute...

7.8CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2025-24815

Nokia MantaRay NM is subject to an unrestricted file upload vulnerability due to insufficient file type validation. Successful exploitation could allow an authenticated attacker to upload malicious files onto the system...

7.8CVSS0.00177EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday3 views

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...

8.2CVSS7.6AI score0.00467EPSS
Exploits1References5
CVE
CVE
added yesterday7 views

CVE-2026-49432

CVE-2026-49432 affects Apache ActiveMQ, including ActiveMQ All and ActiveMQ Stomp, due to improper input validation on STOMP exposure. A remote unauthenticated attacker can trigger denial-of-service by sending a negative content-length to an exposed STOMP connector. On the NIO STOMP transport, an...

7.5CVSS6AI score
Exploits0References2
Rows per page
Query Builder