Lucene search
K

52742 matches found

Photon
Photon
added 2026/06/18 12:0 a.m.12 views

Critical Photon OS Security Update - PHSA-2026-5.0-0886

Updates of 'samba-client', 'nano', 'libsolv' packages of Photon OS have been released...

9.8CVSS7.1AI score0.12797EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.8 views

netty-handler: Netty: Denial of Service due to eager buffer allocation in TLS handshake

A flaw was found in Netty, a network application framework. A remote attacker can exploit this vulnerability by sending a crafted TLS Transport Layer Security ClientHello message. This can lead to an eager allocation of a large memory buffer, causing a Denial of Service DoS due to excessive memor...

7.5CVSS5.4AI score0.00461EPSS
Exploits0References7
NVD
NVD
added 2026/06/17 10:16 p.m.11 views

CVE-2026-50196

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Discovery.Eureka prior to versions 4.2.0 and 3.4.0, DataCenterInfo.FromJson throws ArgumentException for any name value other than "MyOwn" or "Amazon", despite...

7.5CVSS0.00339EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 8:17 p.m.13 views

CVE-2026-55201

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS0.00304EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37593

CP Client Arbitrary File Download in Client Portal Pro = 5.6.2 versions...

6.5CVSS5.2AI score0.00412EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.7 views

EUVD-2025-210212

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all...

6.8CVSS5.3AI score0.00163EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.13 views

EUVD-2025-210211

Netskope is notified about a potential gap in its Netskoped Client for Windows systems where a malicious insider with admin privileges can lead to bypassing the NSClient Tamper Protections due to weak Discretionary Access Control List DACLs on the service object and related registry keys,. Produc...

6.8CVSS5.3AI score0.00143EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:21 p.m.7 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition in the HTTP/1.1 client when an attacker-controlled upstream server injects an unsolicited response onto an idle keep-alive...

6.3CVSS5.9AI score0.00228EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:18 p.m.6 views

UBUNTU-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.8AI score0.00228EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:17 p.m.12 views

CVE-2026-9675

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

7.5CVSS0.00426EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 5:17 p.m.3 views

UBUNTU-CVE-2026-9675

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

7.5CVSS6.4AI score0.00426EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 5:16 p.m.11 views

CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS0.00612EPSS
Exploits0References8
OSV
OSV
added 2026/06/17 5:16 p.m.10 views

UBUNTU-CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.9AI score0.00612EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/17 5:14 p.m.5 views

CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 4:20 p.m.23 views

CVE-2026-9675 undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causin...

7.5CVSS0.00426EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 4:6 p.m.6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.3AI score0.00154EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 4:6 p.m.6 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing

A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. XkbSetMapChecks declares a fixed-size stack buffer mapWidths256 indexed by key type index. The helper function CheckKeyTypes writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/17 4:5 p.m.5 views

CVE-2026-12151

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.3AI score0.00612EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 4:5 p.m.22 views

CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS0.00612EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 4:5 p.m.8 views

CVE-2026-12151 undici WebSocket client vulnerable to denial of service via fragment count bypass

Impact: The undici WebSocket client enforces maxPayloadSize on the cumulative byte count of fragments in a message but does not enforce a limit on the number of fragments. A malicious WebSocket server can stream many small or empty continuation frames that each pass per-frame and cumulative-size...

7.5CVSS5.3AI score0.00612EPSS
Exploits0References2
Rows per page
Query Builder