Lucene search
K

299 matches found

NVD
NVD
added 6 days ago8 views

CVE-2026-59897

Hono is a Web application framework that provides support for any JavaScript runtime. From 4.3.3 before 4.12.27, the AWS API Gateway v1 adapter can drop a distinct repeated request header value because it de-duplicates values using a substring comparison instead of an exact match, so middleware o...

5.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 6 days ago9 views

CVE-2026-59897

CVE-2026-59897 affects Hono: API Gateway v1 adapter (versions prior to 4.12.27). The AWS API Gateway v1 adapter drops a distinct repeated request header value due to de-duplication by substring comparison instead of exact match, which can cause incomplete data in headers like X-Forwarded-For. Thi...

5.3CVSS6AI score0.00126EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56507

Name of the Vulnerable Software and Affected Versions Hono versions 4.3.3 through 4.12.26 Description The AWS API Gateway v1 adapter incorrectly de-duplicates repeated request header values by using a substring comparison instead of an exact match. This behavior can lead to the loss of distinct...

5.3CVSS6.1AI score0.00126EPSS
Exploits0References8
CVE
CVE
added 2026/07/05 12:30 a.m.15 views

CVE-2026-14687

Affected software: 666ghj BettaFish (≤1.2.1). Vulnerable component: InsightEngine search-result Deduplication, specifically function _deduplicate_results in InsightEngine/agent.py. Root cause: manipulation can cause partial string comparison. Impact: remote exploitation possible. Publicly disclos...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/05 12:30 a.m.10 views

EUVD-2026-41709

A vulnerability was determined in 666ghj BettaFish up to 1.2.1. Impacted is the function deduplicateresults of the file InsightEngine/agent.py of the component InsightEngine search-result Deduplication. Executing a manipulation can lead to partial string comparison. The attack can be launched...

6.9CVSS5.8AI score0.00332EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 2:16 p.m.13 views

CVE-2026-14535

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

9.8CVSS0.00321EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/07/04 1:31 p.m.27 views

CVE-2026-14535 Fickling MLAllowlist analysis pass rendered inoperative by shared mutable state in AnalysisContext.shorten_code()

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS0.00321EPSS
Exploits1References4
EUVD
EUVD
added 2026/07/04 1:31 p.m.10 views

EUVD-2026-41676

In Trail of Bits fickling versions up to and including 0.1.11, the UnsafeImportsML analysis pass unconditionally calls AnalysisContext.shortencodenode on every import node it inspects, regardless of whether the import is flagged as unsafe. This call registers the shortened code representation in...

8.8CVSS5.9AI score0.00321EPSS
Exploits1References4
OSV
OSV
added 2026/06/25 10:34 p.m.10 views

GO-2026-5483 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision in github.com/openfga/openfga

OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision in github.com/openfga/openfga...

8.8CVSS5.8AI score0.00211EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/21 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: alertmanager-0.33.0-1.fc43

The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...

5.5CVSS5.8AI score0.00168EPSS
Exploits1
Fedora
Fedora
added 2026/06/21 1:1 a.m.6 views

[SECURITY] Fedora 44 Update: alertmanager-0.33.0-1.fc44

The Alertmanager handles alerts sent by client applications such as the Prometheus server. It takes care of deduplicating, grouping, and routing them to the correct receiver integrations such as email, PagerDuty, or OpsGenie. It a lso takes care of silencing and inhibition of alerts...

5.5CVSS5.8AI score0.00168EPSS
Exploits1
GithubExploit
GithubExploit
added 2026/06/12 8:52 p.m.83 views

webstrike-framework

WebStrike — Automated Web Pentesting Framework Created by...

5.6AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.12 views

node-forge: Forge: Authentication bypass via forged Ed25519 cryptographic signatures

A flaw was found in Forge also called node-forge, a JavaScript library used for Transport Layer Security TLS. The library's Ed25519 signature verification process does not correctly validate cryptographic signatures, allowing forged non-canonical signatures to be accepted. A remote attacker could...

7.5CVSS5.5AI score0.00348EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-6722

A flaw was found in PHP's SOAP extension. This vulnerability allows a remote attacker to execute arbitrary code on the affected system. The issue stems from a use-after-free error in the object deduplication mechanism, which can be triggered by sending a specially crafted SOAP request. This allow...

9.8CVSS6AI score0.00739EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 3:33 p.m.14 views

EUVD-2026-32287

In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...

5.8AI score0.00169EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:17 p.m.12 views

UBUNTU-CVE-2026-45991

In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...

7.8CVSS5.7AI score0.00169EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/05/27 12:55 p.m.44 views

CVE-2026-45991 udf: fix partition descriptor append bookkeeping

In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a heap out-of-bounds write in partdescsloc. handlepartitiondescriptor deduplicates entries by partition...

7.8CVSS0.00169EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 12:55 p.m.27 views

CVE-2026-45991

The CVE-2026-45991 entry concerns the Linux kernel UDF filesystem. The root cause is in handle_partition_descriptor() where partition descriptors are deduplicated by partition number, but appended slots do not record partnum, allowing repeated Partition Descriptors to accumulate and grow num_part...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43858

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap out-of-bounds write can occur in the part descs loc table when mounting a crafted UDF image containing repeated partition descriptors. The handle partition descriptor function fai...

7.8CVSS5.9AI score0.00169EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: erofs: Fixed a memory leak caused by LZMA global compressed deduplication. When testing microLZMA EROFS images with the new global compressed deduplication feature enabled -Ededupe, I discovered that some short-lived temporary...

5.5CVSS5.2AI score0.00222EPSS
Exploits0References2
Rows per page
Query Builder