9000 matches found
The vulnerability of the Directum RX ECM system, related to deficiencies in access control, allows a perpetrator to compromise data integrity.
The vulnerability of the Directum RX ECM system is related to deficiencies in access control. Exploiting this vulnerability could allow a remote attacker to compromise data integrity...
CVE-2026-44761
SAP Commerce Cloud is affected by CVE-2026-44761, where a sample OAuth2 client may retain publicly documented sample credentials from SAP Help Portal configuration. If left unchanged, an unauthenticated attacker could obtain a valid access token and invoke certain APIs to read and modify data, re...
CVE-2026-14686
A flaw was found in HdrHistogram. This vulnerability affects the DoubleHistogram.recordValue function, which is part of the Range Check component. A local attacker can exploit this flaw by performing a specific manipulation, leading to an incorrect comparison of values. This issue primarily impac...
form-data: form-data: Form field override via CRLF injection
A flaw was found in form-data, a library for creating readable multipart/form-data streams. A remote attacker can exploit this vulnerability by injecting carriage return CR, line feed LF, or double-quote " characters into the field argument of FormDataappend or the filename option. This allows th...
netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion
A flaw was found in Netty, an asynchronous, event-driven network application framework. A remote attacker could exploit this vulnerability by sending a specific sequence of HTTP responses 103, followed by a 200 with a GET body, then another 200 for a HEAD request when the client pipelines GET the...
netty-codec-redis: Netty: Command injection via CRLF characters in Redis codec encoder
A flaw was found in Netty, an asynchronous, event-driven network application framework. The Netty Redis codec encoder RedisEncoder does not properly validate or sanitize user-controlled string content for CRLF Carriage Return Line Feed characters. A remote attacker, by controlling the content of ...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...
EUVD-2026-42239
An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...
CVE-2026-60124
The CVE-2026-60124 in MISP concerns an authorization bypass in EventsController::importModule(). When an import module returns results in the misp_standard format, the write path failed to verify event modification rights, allowing authenticated users or read-only API keys with event view access ...
CVE-2026-59998
A flaw was found in OpenSSH. The sshd component has an undocumented security-relevant behavior where GSSAPIStrictAcceptorCheck has no value when the server is in a Windows Active Directory environment. This could lead to unintended information disclosure and impact data integrity...
EUVD-2026-25038
cut: -s ignored in -z -d '' newline-delimiter mode...
nodejs: Node.js: Certification validation bypass in TLS host verification
A flaw was found in Node.js. An attacker can exploit a vulnerability in the Transport Layer Security TLS host verification process to bypass certification validation. This bypass could allow an attacker to intercept or alter communications, potentially leading to information disclosure or integri...
undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.
A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...
undici: undici: Information disclosure and data integrity issues due to incorrect Socks5ProxyAgent connection routing
A flaw was found in undici. When using Socks5ProxyAgent, undici incorrectly reuses a single connection pool across different origins. This can lead to cross-origin request routing, where sensitive credentials and data intended for one destination are sent to another. Consequently, responses from...
CVE-2026-54891
A flaw was found in Erlang's SSL Secure Sockets Layer component. A network-positioned attacker can exploit this vulnerability by injecting unauthenticated plaintext data into a client's TLS Transport Layer Security handshake. The client application may then process this injected data as if it wer...
rrdtool: rrdtool: Stack buffer overflow allows local code execution or denial of service
A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...
CVE-2026-54515
A flaw was found in jackson-databind. This vulnerability occurs in the data-binding functionality where properties intended to be ignored are incorrectly restored and become writable again. An attacker could potentially exploit this by providing input that modifies data through these supposedly...
CVE-2026-49839
A flaw was found in jq, a command-line JSON processor. This vulnerability allows an attacker to trigger a heap out-of-bounds write by providing a specially crafted, oversized file to the jq --rawfile option. This can lead to a denial of service DoS, making the affected system or application...