Lucene search
K

3922 matches found

BDU FSTEC
BDU FSTEC
added 8 hours ago16 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1798 Phone information disclosure vulnerability

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

5.5CVSS6AI score0.00697EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.6 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References5
NVD
NVD
added 2026/07/01 5:16 p.m.9 views

CVE-2026-20191

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS0.00756EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 4:27 p.m.9 views

EUVD-2026-41078

A vulnerability in Cisco Catalyst Center could allow an unauthenticated, remote attacker to read arbitrary files from a restricted container. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request...

7.5CVSS6AI score0.00756EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 4:26 p.m.6 views

CVE-2026-56150

Allocation of Resources Without Limits or Throttling CWE-770 in Fleet Server can lead to a denial of service via Excessive Allocation CAPEC-130. An attacker can submit a specially crafted request to an upload endpoint that causes excessive memory consumption, which may render Fleet Server...

6.5CVSS5.8AI score0.00312EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.4 views

httpd: NULL pointer dereference via specially crafted request

A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...

7.5CVSS7.1AI score0.00594EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/01 12:34 a.m.17 views

EUVD-2026-40421

An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it...

8.7CVSS5.9AI score0.00379EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 12:1 p.m.13 views

CVE-2026-53433

In fzf, CVE-2026-53433, the DoS arises from inefficient HTTP body processing in the --listen mode due to repeated string concatenation, giving quadratic time (O(n²)) for a crafted POST request with many small segments. This can cause a single malicious request to monopolize the single-threaded HT...

7.5CVSS5.8AI score0.00215EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/30 11:12 a.m.5 views

php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability

A flaw was found in PHP's SOAP extension. This vulnerability allows a remote attacker to execute arbitrary code on the affected system. The issue stems from a use-after-free error in the object deduplication mechanism, which can be triggered by sending a specially crafted SOAP request. This allow...

9.8CVSS7.8AI score0.00739EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-296 Insecure deserialization in BentoML

An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution RCE by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is...

9.8CVSS8.1AI score0.01497EPSS
Exploits0References6
NVD
NVD
added 2026/06/25 4:16 p.m.8 views

CVE-2026-9718

CWE-617 Reachable Assertion vulnerability exists that could allow an authenticated attacker to trigger a denial-of-service condition, impacting system availability when a specially crafted request is sent to a vulnerable network-exposed service...

6.9CVSS0.00243EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.12 views

CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS0.00314EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/22 3:13 p.m.4 views

httpd: NULL pointer dereference via specially crafted request

A flaw was found in the moddavlock module of httpd. This vulnerability allows a remote unauthenticated attacker to crash the server due to a NULL pointer dereference via a specially crafted request...

7.5CVSS5.9AI score0.00594EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/22 2:53 p.m.7 views

EUVD-2026-38254

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

5.9CVSS5.9AI score0.00323EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:47 p.m.4 views

CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/06/22 2:47 p.m.8 views

EUVD-2026-38253

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 4:16 a.m.19 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/18 3:34 a.m.9 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6AI score0.0012EPSS
Exploits0References4
Rows per page
Query Builder