Lucene search
K

6221 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 6:46 a.m.7 views

CVE-2026-50206

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/04 6:46 a.m.11 views

EUVD-2026-34218

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46157

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files...

8.5CVSS5.8AI score0.0072EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46268

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description Net::CIDR::Set for Perl fails to properly validate network masks. The mask portion may contain non-digits or Unicode digits, such as the Arabic-Indic One U+0661, which are ignored, potentially...

7.3CVSS5.4AI score0.00312EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.8 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the improper handling of special characters in the incoming VPN network configuration files. This vulnerability may allow for command...

8.5CVSS5.3AI score0.0072EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

Net::CIDR::Set 安全漏洞

Net::CIDR::Set is a Perl network address management library developed by RRWO’s individual developers. Versions of Net::CIDR::Set prior to 0.20 contained security vulnerabilities. These vulnerabilities stemmed from unvalidated network masks; the mask portion of these masks might contain Unicode...

7.3CVSS5.3AI score0.00312EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.9 views

samba: Remote Code Execution in SAMR

A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that use the "check password script" feature. If this script is configured with the %u substitution character, the client-controlled username is passed without proper...

9.8CVSS5.9AI score0.02501EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 9:52 p.m.38 views

samba: Samba: Remote Code Execution in printing subsystem via unescaped job description

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by...

9.8CVSS6.4AI score0.12797EPSS
Exploits9References5
NVD
NVD
added 2026/06/03 4:16 p.m.21 views

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS0.00492EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/06/03 2:29 p.m.10 views

CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/03 2:29 p.m.8 views

CVE-2026-3276

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/03 2:29 p.m.77 views

CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize()

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS0.00492EPSS
Exploits0References8
CVE
CVE
added 2026/06/03 2:29 p.m.79 views

CVE-2026-3276

The CVE concerns Python’s unicodedata.normalize() taking excessive CPU time when given specially crafted Unicode input with long runs of combining characters that have alternating Canonical Combining Class (CCC) values. Affected: the normalize() function across all normalization forms. Root cause...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References9
OSV
OSV
added 2026/06/03 2:29 p.m.14 views

PSF-2026-25

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/03 2:29 p.m.12 views

EUVD-2026-34103

unicodedata.normalize can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms...

6.3CVSS5.8AI score0.00492EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/03 8:24 a.m.10 views

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/06/03 8:16 a.m.11 views

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 8:16 a.m.12 views

UBUNTU-CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/03 5:56 a.m.13 views

CVE-2026-5078 morgan vulnerable to Log Forging via unneutralized control characters in :remote-user

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 5:56 a.m.6 views

CVE-2026-5078

Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log stream without neutralizing control characters. An unauthenticated attacker can send a crafted Authorization Basic header containing CR or LF...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder