Lucene search
K

203282 matches found

Redos
Redos
added 2026/06/24 12:0 a.m.3 views

ROS-20260624-73-0030

The vulnerability in Netty is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

9.1CVSS6.8AI score0.00818EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51654

Name of the Vulnerable Software and Affected Versions GV-I/O Box 4E affected versions not specified Description The DVRSearch service, which runs by default on UDP port 10001, contains a stack-based buffer overflow. The issue occurs when the server processes a UDP message and performs an unsafe...

10CVSS6.8AI score0.00436EPSS
Exploits0References9
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0023

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.8AI score0.00748EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0032

The vulnerability in Netty is related to an uncontrolled resource consumption. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

7.5CVSS6.7AI score0.00455EPSS
Exploits0
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.5 views

CSRF vulnerability and missing permission check in contrast-continuous-application-security

contrast-continuous-application-security 3.11 and earlier does not perform a permission check in an HTTP endpoint that tests the connection to a Contrast TeamServer. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using an attacker-specified username, AP...

5.4CVSS5.8AI score0.00187EPSS
Exploits0Affected Software1
Jenkins Security Advisories
Jenkins Security Advisories
added 2026/06/24 12:0 a.m.6 views

CSRF vulnerability and missing permission check in zdevops

zdevops 1.1.3.50.ve350c9b450b1 and earlier does not perform a permission check in an HTTP endpoint implementing a connection test. This allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method,...

4.2CVSS5.8AI score0.0014EPSS
Exploits0Affected Software1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0019

The vulnerability in jpegxl is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

8.8CVSS5.9AI score0.00199EPSS
Exploits1
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0022

The vulnerability in Netty is related to the unlimited distribution of resources. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

8.7CVSS6.8AI score0.01125EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-12969

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with...

5.3CVSS6AI score0.0025EPSS
Exploits0References4
Redos
Redos
added 2026/06/24 12:0 a.m.4 views

ROS-20260624-73-0026

The vulnerability in Netty is related to deficiencies in HTTP request processing. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests a type of HTTP request smuggling attack...

9.1CVSS6.8AI score0.00633EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/06/23 11:58 p.m.10 views

libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string

A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the asn1expendoctetstring function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service DoS condition, making the...

7.5CVSS7.9AI score0.01109EPSS
Exploits0References6
OSV
OSV
added 2026/06/23 10:16 p.m.4 views

DEBIAN-CVE-2026-54518

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.21.0 until 2.21.4 and 3.1.4, UnwrappedPropertyHandler.processUnwrappedCreatorProperties replays buffered JSON into creator parameters but never consults...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 8:35 p.m.21 views

CVE-2026-47377

NocoDB before 2026.04.1 is vulnerable to an open redirect via the client-side hashRedirect plugin. The plugin constructs a URL from the hash fragment and uses window.location.replace, and it accepts protocol-relative paths (e.g., //attacker.com/…), enabling silent redirection to attacker-controll...

5.1CVSS5.9AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 8:16 p.m.7 views

CVE-2026-54328

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

7.3CVSS0.00115EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 8:1 p.m.5 views

libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data

A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within .solv files due to insufficient input validation. An attacker can provide a specially crafted .solv file, which, when processed by a vulnerable application, can lea...

7.8CVSS6.1AI score0.00205EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/06/23 7:11 p.m.8 views

AVideo Meet plugin: anonymous-to-admin stored XSS via unescaped participant User-Agent in getMeetInfo.json.php Participants panel

Summary The Meet plugin stores the raw HTTP User-Agent header of every meeting participant and later renders it without output encoding in the meeting-management "Participants" panel that the meeting host and site administrators open. An anonymous, unauthenticated attacker can join any public...

6.2AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 6:33 p.m.17 views

CVE-2026-55249

The CVE-2026-55249 entry concerns @rtk-ai/rtk-rewrite, an OpenClaw plugin that rewrites shell commands via execSync using a template string. The root cause is attacker-controlled input injected directly into the shell-backed template without proper escaping; JSON.stringify wraps the value in quot...

6.3CVSS6.2AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 6:17 p.m.6 views

CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/23 5:42 p.m.5 views

EUVD-2026-38554

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:42 p.m.5 views

PSF-2026-29

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

4.1CVSS5.8AI score0.00128EPSS
Exploits0References7
Rows per page
Query Builder