Lucene search
K

589 matches found

RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.7 views

Next.js: Next.js: Authorization bypass via crafted query parameters

A flaw was found in Next.js. This vulnerability allows an attacker to bypass security checks in web applications that use Next.js middleware to protect specific web pages. By sending specially crafted web addresses, an attacker can access protected content without proper authorization. This could...

8.1CVSS5.9AI score0.00485EPSS
Exploits2References5
NVD
NVD
added 2026/07/01 5:16 p.m.6 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS0.00347EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:17 p.m.6 views

CVE-2026-56148

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 4:17 p.m.9 views

EUVD-2026-41065

Uncontrolled Recursion CWE-674 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. An authenticated user can submit a specially crafted query that causes excessive resource consumption while the request is processed, which may render the affected node unavailable...

6.5CVSS5.8AI score0.00347EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 9:16 p.m.7 views

CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS0.00395EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 9:16 p.m.3 views

DEBIAN-CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS6AI score0.00395EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 8:54 p.m.8 views

EUVD-2026-40412

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 8:54 p.m.28 views

CVE-2026-44628

CVE-2026-44628 corresponds to an OFFIS DCMTK Toolkit Type Confusion issue. An unauthenticated attacker can crash the worklist server by sending a single crafted query when the server has a valid Called AE Title/storage directory, the expected lockfile, and at least one matching worklist record. T...

8.7CVSS5.8AI score0.00395EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 8:54 p.m.5 views

CVE-2026-44628

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS6AI score0.00395EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 8:54 p.m.34 views

CVE-2026-44628 OFFIS DCMTK Toolkit Type Confusion

An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record...

8.7CVSS0.00395EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.9 views

PT-2026-53987

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can cause a crash of the worklist server by sending a single crafted query. This occurs when the server is configured with a valid...

8.7CVSS6AI score0.00395EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 5:16 p.m.6 views

DEBIAN-CVE-2025-61027

An issue in the tsetpush component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 12:0 a.m.15 views

CVE-2025-61023

The CVE-2025-61023 entry concerns openlink virtuoso-opensource, specifically the st_compare component in version 7.2.11. Multiple connected sources confirm that a flaw in st_compare can be exploited by sending crafted SQL statements, resulting in a Denial of Service (DoS) that can render the serv...

7.5CVSS5.9AI score0.00482EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.33 views

CVE-2025-61028

An issue in the timettodt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

0.00482EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 2:38 p.m.3 views

Security Bulletin: IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index (CVE-2026-1352)

Summary IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index. Vulnerability Details CVEID:CVE-2026-1352 DESCRIPTION: IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes Db2 Connect Server...

6.5CVSS5.3AI score0.00328EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.17 views

CVE-2026-6051

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap...

7.5CVSS5.4AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-1718

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled...

7.5CVSS5.4AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 11:57 a.m.18 views

CVE-2026-30923

A flaw was found in libModSecurity3, a component of the ModSecurity web application firewall WAF. An attacker can exploit a segmentation fault by sending a specially crafted query string parameter containing a single character, which is then processed by a rule using the t:hexDecode transformatio...

8.2CVSS5.7AI score0.00435EPSS
Exploits1References5
CVE
CVE
added 2026/06/04 12:0 a.m.24 views

CVE-2026-35906

CVE-2026-35906 affects T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. The vulnerability stems from an undocumented debug CGI endpoint that is accessible without authentication, allowing an attacker to supply a crafted HTTP query string to execute arbitrary commands with root privile...

9.6CVSS6.1AI score0.00466EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-44574

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 15.4.0 to before 15.5.16 and 16.2.5, applications that rely on middleware to protect...

8.1CVSS5.8AI score0.00485EPSS
Exploits2References2
Rows per page
Query Builder