Lucene search
K

571 matches found

Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-56238 Capgo - Unauthenticated Information Disclosure via PostgREST global_stats Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST globalstats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics using only the public apikey. Remote attackers can query the /rest/v1/globalstats endpoin...

8.7CVSS0.00368EPSS
Exploits0References2
CVE
CVE
added 2 days ago11 views

CVE-2026-56238

Capgo before 12.128.2 is affected by an information-disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operational metrics via /rest/v1/global_stats using only a public apikey. Risks include exposure of MR...

8.7CVSS6.1AI score0.00368EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57306

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...

5.3CVSS6.1AI score0.00269EPSS
Exploits1References10
NVD
NVD
added 5 days ago5 views

CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS0.00137EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago5 views

EUVD-2026-42600

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References1
CVE
CVE
added 5 days ago33 views

CVE-2026-23556

CVE-2026-23556 affects Xen oxenstored: when tearing down a domain, node data is cleaned but quota usage counts are leaked. On domain ID reuse, a new domain can create fewer nodes before being over quota. Impact is locally exploitable high-severity (CVSS 4.0 base 9.4, HIGH confidentiality, integri...

9.4CVSS5.9AI score0.00137EPSS
Exploits0References3
NVD
NVD
added 6 days ago9 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS0.00358EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-59873

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.19, node-tar does not enforce hard upper bounds on total decompressed data, entry counts, or decompression ratio in extraction and parsing paths such as src/extract.ts, allowing a small crafted gzip bomb to exhaust disk spac...

9.2CVSS5.9AI score0.00358EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-56284 Capgo - Unauthenticated Metrics Disclosure via get_total_metrics RPC

Capgo Cap-go/capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST RPC function public.gettotalmetricsorgid, which is callable by the anon role using only the public sbpublishable key. An unauthenticated attacker can probe organization existence and leak...

6.9CVSS0.00214EPSS
Exploits0References2
NVD
NVD
added 6 days ago8 views

CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS0.00394EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago39 views

CVE-2026-14454 Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

0.00394EPSS
Exploits0References2
CVE
CVE
added 6 days ago14 views

CVE-2026-14454

Imager for Perl prior to 1.033 mishandles unsigned EXIF IFD entry counts by treating them as signed, potentially causing an attempt to allocate a block near the address space and terminating a worker process. This can be triggered by crafting an image with crafted EXIF data. The published fix is ...

9.8CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-14454

Imager versions before 1.033 for Perl treat unsigned EXIF IFD entry counts as signed. Imager mishandled large EXIF IFD entry count values, treating them as negative numbers. This could lead to an attempt to allocate a block nearly the size of the address space, which fails and kills the process. ...

9.8CVSS6AI score0.00394EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago5 views

PT-2026-56397

Name of the Vulnerable Software and Affected Versions Imager versions prior to 1.033 Description Imager for Perl incorrectly treats unsigned EXIF IFD Image File Directory entry counts as signed. When processing large entry count values, the software interprets them as negative numbers, which can...

9.8CVSS6.1AI score0.00394EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/06 9:21 p.m.4 views

kernel: Linux kernel: Use-After-Free in net/gro due to improper handling of zerocopy skbs

A flaw was found in the Linux kernel's Generic Receive Offload GRO networking subsystem. This vulnerability occurs when skbgroreceive attempts to merge zerocopy socket buffers skbs without properly managing page reference counts, specifically when the SKBFLMANAGEDFRAGREFS flag is set. An attacker...

7.8CVSS7.3AI score0.00137EPSS
Exploits0References11
CVE
CVE
added 2026/07/06 8:9 p.m.8 views

CVE-2026-21369

CVE-2026-21369 describes a memory corruption in the camera driver when handling flash commands. The root cause is outdated LED count values being used after userspace modification, leading to out-of-bounds/write conditions. The weakness is limited to local attack vector with high complexity and l...

5.3CVSS6AI score0.0006EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:9 p.m.6 views

CVE-2026-21369

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...

5.3CVSS6AI score0.0006EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 8:9 p.m.36 views

CVE-2026-21369 Out-of-bounds Write in Camera Driver

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification...

5.3CVSS0.0006EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 4:16 p.m.4 views

UBUNTU-CVE-2026-58027

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/Api/QueryAbuseFilters.Php. This issue affects AbuseFilter: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

6.5CVSS6.1AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/06/30 4:20 p.m.16 views

CVE-2026-10653

The CVE-2026-10653 issue affects the Zephyr net_buf library (lib/net_buf/buf.c). It relies on non-atomic operations for two reference counters: the per-header buf->ref and the per-data-block ref_count. Under true concurrency, two independent unrefs can observe the same prior value and both tre...

8.1CVSS6AI score0.00237EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder