97 matches found
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...
CVE-2026-44754
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
CVE-2026-44754
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
CVE-2026-44754 Missing caller identification check-in for ODP Data Replication APIs
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
PT-2026-47537
The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...
tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments
A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...
EUVD-2026-29266
This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information...
GRASSMARLIN 代码问题漏洞
GRASSMARLIN is an open-source network security posture awareness tool for industrial control systems developed by the NSA Cybersecurity Directorate. Version GRASSMARLIN v3.2.1 contains a code vulnerability. This vulnerability stems from insufficient hardening of the XML parsing process, which may...
EUVD-2026-24736
A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logsdir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...
CVE-2026-35542
A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...
CVE-2025-58427
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-64735
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-66617
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2026-22882
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information...
CVE-2025-9292
A permissive web security configuration may allow cross-origin restrictions enforced by modern browsers to be bypassed under specific circumstances. Exploitation requires the presence of an existing client-side injection vulnerability and user access to the affected web interface. Successful...
Security Bulletin: There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66566)
Summary There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite. Vulnerability Details CVEID:CVE-2025-66566 DESCRIPTION: yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based...
CVE-2025-68660
Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, an endpoint lets any authenticated user bypass the aidiscoverpersona access controls and gain ongoing DM access to personas that may be wired to staff-only categories, RAG document set...
PT-2026-5184
Name of the Vulnerable Software and Affected Versions Discourse versions prior to 3.5.4 Discourse versions prior to 2025.11.2 Discourse versions prior to 2025.12.1 Discourse versions prior to 2026.1.0 Description Discourse is an open source discussion platform. An endpoint allows any authenticate...
Rocket.Chat 安全漏洞
Rocket.Chat is a chat program from Rocket.Chat, Inc. A security vulnerability exists in Rocket.Chat version 6.12.0 and earlier, which stems from the API endpoint GET /api/v1/oauth-apps.get being exposed to any authenticated user, potentially leading to the disclosure of sensitive information...
EUVD-2020-28141
Malware in sbrugna...