Lucene search
+L

271 matches found

Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-47160 Vaultwarden: Server-side request forgery (SSRF) via Icon Endpoint Decimal/Hex/Octal IP Bypass

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/domain/icon.png endpoint used src/httpclient.rs checks including shouldblockaddress and postresolve that missed decimal, hexadecimal, and octal IP representations, allowing SSRF through the...

5.8CVSS0.00231EPSS
Exploits0References4
CVE
CVE
added 4 days ago10 views

CVE-2026-47160

Vaultwarden is affected by a server-side request forgery (SSRF) in the /icons/{domain}/icon.png endpoint, where decimal/hexadecimal/octal IP representations bypassed should_block_address() and post_resolve() checks, enabling blind internal network or port discovery. The issue is fixed in version ...

5.8CVSS6.1AI score0.00231EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-47160 Vaultwarden: Server-side request forgery (SSRF) via Icon Endpoint Decimal/Hex/Octal IP Bypass

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.36.0, Vaultwarden's /icons/domain/icon.png endpoint used src/httpclient.rs checks including shouldblockaddress and postresolve that missed decimal, hexadecimal, and octal IP representations, allowing SSRF through the...

5.8CVSS6.1AI score0.00231EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.45 views

Linux Distros Unpatched Vulnerability : CVE-2026-39894

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupda...

2.9CVSS6.1AI score0.00104EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/30 12:0 a.m.10 views

Malicious code in console-fmt-cli (npm)

Malicious npm package published as part of a coordinated DeFi-themed infostealer campaign. console-fmt-cli uses a side-loader technique: it declares decimal-format-core =3.0 as a dependency, which contains a dropper that executes at install time via a postinstall hook. The dropper fetches a...

6.3AI score
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/29 12:1 p.m.8 views

CVE-2026-50171

A flaw was found in the @angular/common package of Angular. The formatNumber function, which is also used by DecimalPipe, PercentPipe, and CurrencyPipe, does not properly validate the upper bounds of the digitsInfo parameter. A remote attacker could exploit this by providing a maliciously crafted...

8.2CVSS5.6AI score0.00161EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 10:16 p.m.10 views

DEBIAN-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.5CVSS5.8AI score0.00104EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 10:16 p.m.4 views

UBUNTU-CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.7AI score0.00104EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/24 9:55 p.m.8 views

CVE-2026-39894

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.8AI score0.00104EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 9:55 p.m.32 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS0.00104EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 9:55 p.m.25 views

CVE-2026-39894

CVE-2026-39894 affects Cacti (≤ 1.2.30). Locale-dependent decimal formatting in rrdtool_function_update() uses PHP string interpolation for metric values after is_numeric(), so a value like 1.5 may be rendered as 1,5 under LC_NUMERIC with a comma decimal. RRDtool expects a dot, causing metric dat...

2.9CVSS5.8AI score0.00104EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/24 9:55 p.m.4 views

CVE-2026-39894 Cacti: RRDtool metric shift via LC_NUMERIC locale comma decimal formatting

Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtoolfunctionupdate can corrupt RRDtool metric values. The rrdtoolfunctionupdate function checks metric values with isnumeric and concatenates them into t...

2.9CVSS5.9AI score0.00104EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-52129

Name of the Vulnerable Software and Affected Versions Cacti versions prior to 1.2.31 Description Locale-dependent decimal formatting in the rrdtool function update function can lead to the corruption of RRDtool metric values. The function validates metric values using is numeric and incorporates...

2.9CVSS5.8AI score0.00104EPSS
Exploits0References5
NVD
NVD
added 2026/06/22 6:16 p.m.11 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS0.00161EPSS
Exploits0References1
OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

6.1CVSS5.9AI score0.00161EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:49 p.m.6 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:49 p.m.8 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.8AI score0.00161EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/22 3:49 p.m.37 views

CVE-2026-50171 Angular: Denial of Service (DoS) via OOM in Number Formatting (digitsInfo)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 3:49 p.m.70 views

CVE-2026-50171

The CVE concerns Angular (vulnerable in @angular/common) where formatNumber used by DecimalPipe, PercentPipe, and CurrencyPipe mishandles digitsInfo bounds. Specifically, parsing digitsInfo with large fraction digits (e.g., 1.200000000-200000000) causes an unbounded loop in roundNumber, leading t...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder