Lucene search
K

2560 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-57213

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqfederationmanagement plugin renders the consumertag field on the Federation Status page without HTML escaping, allowing a user who can configure a federation upstream or policy to execute...

5.7CVSS0.00325EPSS
Exploits1References6
NVD
NVD
added 4 days ago4 views

CVE-2026-57218

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...

6.5CVSS0.00269EPSS
Exploits1References6
CVE
CVE
added 4 days ago8 views

CVE-2026-57213

RabbitMQ’s rabbitmq_federation_management plugin is vulnerable to stored XSS on the Federation Status page because consumer_tag is rendered without HTML escaping. Prior to the fixed releases (3.13.14, 4.0.19, 4.1.10, 4.2.5), a user who can configure a federation upstream or policy could inject co...

5.7CVSS6.2AI score0.00325EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57306

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...

5.3CVSS6.1AI score0.00269EPSS
Exploits1References10
EUVD
EUVD
added 2026/07/04 12:31 a.m.11 views

EUVD-2026-41654

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...

3.1CVSS5.1AI score0.00237EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/07/03 9:45 p.m.40 views

CVE-2026-14617 NousResearch hermes-agent Streaming Reasoning Tag Filter stream_consumer.py GatewayStreamConsumer._filter_and_accumulate case sensitivity

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer.filterandaccumulate of the file gateway/streamconsumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case...

3.1CVSS0.00237EPSS
Exploits0References8
CVE
CVE
added 2026/07/01 7:56 a.m.21 views

CVE-2026-10538

This CVE affects Control-M components (Control-M/Server and Control-M/Enterprise Manager) with a deserialization vulnerability in the messaging consumer. The issue arises from deserializing user-controlled data without strict control of allowed object types in versions 9.0.20.x and potentially ea...

8.9CVSS5.8AI score0.00246EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 10:16 p.m.10 views

CVE-2026-10143

A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations...

8.7CVSS5.1AI score0.00517EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/10 8:22 p.m.6 views

Unchecked Input for Loop Condition

Overview kafka-python is a Pure Python client for Apache Kafka Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the SCRAM authentication handling. An attacker can cause the client's event loop to freeze by supplying an excessively large iteration count...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.24 views

PT-2026-48531

Name of the Vulnerable Software and Affected Versions kafka-python versions prior to 2.3.2 Description A denial-of-service issue exists in the SCRAM authentication handling. A malicious or machine-in-the-middle broker can freeze the client event loop by providing an excessively large iteration...

8.7CVSS5.5AI score0.00517EPSS
Exploits0References6
CVE
CVE
added 2026/06/09 10:10 p.m.44 views

CVE-2026-9749

The CVE-2026-9749 entry describes a bug in MongoDB where an aggregation pipeline using the internal $exchange stage with key-range partitioning and order-preserving delivery can cause a server crash. When a single key range produces many results that fill its exchange buffer, the code path detect...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48295

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A buffer overflow can occur during the execution of an aggregation pipeline using the internal $exchange stage. This happens when the stage is configured with key-range partitioning and...

7.1CVSS5.9AI score0.0027EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.9 views

CVE-2025-31960

HCL BigFix Service Management SM is vulnerable to information exposure due to improper error handling within its reporting module. It was observed that supplying an invalid or out-of-range value to the consumercompany parameter during a report-viewing request causes the application to trigger an...

5.3CVSS5.5AI score0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.10 views

CVE-2026-41670

Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses the AssertionConsumerServiceURL value directly from incoming SAML AuthnRequest messages as the destination for the SAML response, without validating it against the...

8.2CVSS5.5AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:43 a.m.10 views

BIT-KAFKA-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.4AI score0.00288EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/03 2:24 a.m.20 views

SUSE CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/02 2:15 p.m.9 views

CVE-2026-49753

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.contentlengthheader/1 in...

6.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/02 10:16 a.m.19 views

CVE-2026-41115

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

4.3CVSS0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 8:56 a.m.42 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 8:56 a.m.11 views

CVE-2026-41115 Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API

An improper authorization vulnerability has been identified in Apache Kafka. The implementation of the CONSUMERGROUPDESCRIBE 69 API validates the DESCRIBE operation on the GROUP resource instead of the READ operation that documented in the official kafka documentation and the KIP-848. This...

5.8AI score0.00288EPSS
Exploits0References1
Rows per page
Query Builder