Lucene search
K

97 matches found

RedHat Linux
RedHat Linux
added 2026/06/10 12:9 p.m.11 views

netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion

A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...

9.1CVSS6.8AI score0.00633EPSS
Exploits1References5
NVD
NVD
added 2026/06/09 1:16 a.m.17 views

CVE-2026-44754

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS0.00219EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/09 12:21 a.m.7 views

CVE-2026-44754

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/09 12:21 a.m.44 views

CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS0.00219EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47537

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/26 3:24 a.m.29 views

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

7.2CVSS5.7AI score0.00237EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/11 9:31 p.m.8 views

EUVD-2026-29266

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information...

5.8AI score0.00397EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.9 views

GRASSMARLIN 代码问题漏洞

GRASSMARLIN is an open-source network security posture awareness tool for industrial control systems developed by the NSA Cybersecurity Directorate. Version GRASSMARLIN v3.2.1 contains a code vulnerability. This vulnerability stems from insufficient hardening of the XML parsing process, which may...

5.5CVSS6.1AI score0.00197EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/22 3:31 p.m.6 views

EUVD-2026-24736

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logsdir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

7.1CVSS5.8AI score0.00164EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/03 3:5 p.m.3 views

CVE-2026-35542

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...

5.3CVSS5.9AI score0.00402EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:13 p.m.3 views

CVE-2025-58427

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

7.1CVSS5.8AI score0.00268EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:52 p.m.3 views

CVE-2025-64735

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

6.1CVSS5.8AI score0.00268EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/17 6:52 p.m.24 views

CVE-2025-66617

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

6.1CVSS0.00268EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:52 p.m.2 views

CVE-2026-22882

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...

6.1CVSS5.8AI score0.00268EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/13 2:16 a.m.7 views

CVE-2025-9292

A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...

7.5CVSS0.00342EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 12:48 p.m.9 views

Security Bulletin: There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66566)

Summary There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based...

8.2CVSS5.7AI score0.00562EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/01/28 7:16 p.m.8 views

CVE-2025-68660

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...

5.4CVSS0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.8 views

PT-2026-5184

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. An endpoint allows any authenticate...

5.4CVSS5.5AI score0.00216EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.7 views

Rocket.Chat 安全漏洞

Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat version 6.12.0 and earlier, which stems from the API endpoint GET /api/v1/oauth-apps.get being exposed to any authenticated user, potentially leading to the disclosure of sensitive information...

7.7CVSS6.3AI score0.00306EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2020-28141

Malware in sbrugna...

7.5CVSS7.5AI score0.00812EPSS
Exploits0References2
Rows per page
Query Builder