Lucene search
K

10 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

Fedora 44 : dnsdist (2026-51cdd1292b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-51cdd1292b advisory. Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdi...

9.1CVSS6AI score0.01073EPSS
Exploits0References12
OSV
OSV
added 2026/02/18 3:25 p.m.3 views

GHSA-9F29-V6MM-PW6W opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in input.parsed_path

A security vulnerability has been discovered in how the input.parsedpath field is constructed. HTTP request paths are treated as full URIs when parsed; interpreting leading path segments prefixed with double slashes // as authority components, and therefore dropping them from the parsed path. Thi...

7.1CVSS5.5AI score0.0038EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/01/29 11:23 a.m.15 views

libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins)

A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a request and returns the last occurrence for server-side processing. Common front proxies often honor the first Host: header, so this mismatch can cause vhost confusion where a proxy routes a request to one backend but the...

8.2CVSS5.8AI score0.00496EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.14 views

PT-2026-44752

Name of the Vulnerable Software and Affected Versions libsoup affected versions not specified Description An unsigned to signed conversion error exists in the soup body input stream read chunked function. A remote attacker can exploit this by sending a malicious HTTP request when libsoup is used...

4.8CVSS5.9AI score0.00872EPSS
Exploits0References26
RedhatCVE
RedhatCVE
added 2025/12/14 12:57 a.m.13 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

7.3CVSS6.7AI score0.00249EPSS
Exploits1References1
OSV
OSV
added 2025/12/04 9:16 p.m.5 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

7.3CVSS5.9AI score0.00249EPSS
Exploits1References2
EUVD
EUVD
added 2025/12/04 12:0 a.m.4 views

EUVD-2025-201282

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

6.3AI score0.00249EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/12/04 12:0 a.m.4 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

6.4AI score0.00249EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/04 12:0 a.m.7 views

PT-2025-49143

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

6.8AI score0.00249EPSS
Exploits1References3
OSV
OSV
added 2022/09/01 9:15 p.m.2 views

DEBIAN-CVE-2022-2308

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize t...

6.5CVSS6.2AI score0.00225EPSS
Exploits0References1
Rows per page
Query Builder