Lucene search
K

296 matches found

Vulnrichment
Vulnrichment
added 2026/05/10 4:19 a.m.11 views

CVE-2026-6722 Use-After-Free in SOAP using Apache map

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.5CVSS6.1AI score0.00739EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 4:19 a.m.16 views

EUVD-2026-28966

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.5CVSS6.1AI score0.00739EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/10 4:19 a.m.18 views

CVE-2026-6722

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys,...

9.8CVSS6.1AI score0.00739EPSS
Exploits0
CVE
CVE
added 2026/05/10 4:19 a.m.88 views

CVE-2026-6722

CVE-2026-6722 describes a use-after-free in PHP’s SOAP extension object deduplication. In affected PHP versions (8.2.x before 8.2.31, 8.3.x before 8.3.31, 8.4.x before 8.4.21, and 8.5.x before 8.5.6), the global map stores object pointers without proper reference counting. If an apache:Map node c...

9.8CVSS6.1AI score0.00739EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/05/10 12:0 a.m.12 views

PHP 资源管理错误漏洞

PHP is an open-source scripting language executed on the server side. Versions of PHP prior to 8.2.31, 8.3.31, 8.4.21, and 8.5.6 contained a resource management vulnerability. This vulnerability stemmed from the object deduplication mechanism in the SOAP extension, which stored pointers to PHP...

9.8CVSS6.1AI score0.00739EPSS
Exploits0References1
NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-41402

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

5.4CVSS0.00266EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/28 6:9 p.m.30 views

CVE-2026-41402 OpenClaw < 2026.3.31 - Webhook Replay Cache Cross-Target messageId Scope Bypass

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

4.2CVSS0.00266EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/28 6:9 p.m.6 views

EUVD-2026-26109

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

4.2CVSS5.2AI score0.00266EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.4 views

PT-2026-35785

OpenClaw before 2026.3.31 contains a scope bypass vulnerability in webhook replay cache deduplication that allows authenticated attackers to replay messages across sibling targets using the same messageId. Attackers can exploit overly broad cache keying to bypass replay protection and deliver...

4.2CVSS5.2AI score0.00266EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.8 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by a range bypass in the Webhook replay buffer deduplication process, which could allow authentication...

5.4CVSS5.9AI score0.00266EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.10 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from insufficient scope in the Zalo webhook replay de-duplication key, allowing legitimate events from...

6.3CVSS5.8AI score0.00278EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.9 views

Node.js Module Undici 7.17.x < 7.24.0 DoS

The nodejs module Undici detected on the host is version 7.17.x prior to 7.24.0. It is, therefore, affected by a denial of service vulnerability. When the deduplication interceptor is enabled, response data for deduplicated requests is accumulated in memory for downstream handlers. An...

5.9CVSS7.2AI score0.00566EPSS
Exploits0References2
OSV
OSV
added 2026/04/14 1:5 a.m.3 views

GHSA-68JQ-C3RV-PCRR graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries with many repeated fields sharing the same response name. An attacker can send a crafted query like hello hello hello ... with thousands of repeated fields, causing excessive CPU usage duri...

7.5CVSS5.9AI score0.00485EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/14 1:5 a.m.6 views

graphql-php is affected by a Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation

The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries with many repeated fields sharing the same response name. An attacker can send a crafted query like hello hello hello ... with thousands of repeated fields, causing excessive CPU usage duri...

7.5CVSS5.9AI score0.00485EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-33213

Name of the Vulnerable Software and Affected Versions graphql-go versions prior to 15.31.5 Description The OverlappingFieldsCanBeMerged validation rule exhibits quadratic time complexity when processing queries containing numerous repeated fields that share the same response name. Specifically, t...

7.5CVSS5.9AI score0.00485EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/04/11 9:26 a.m.4 views

SUSE CVE-2026-2581

This is an uncontrolled resource consumption vulnerability CWE-400 that can lead to Denial of Service DoS. In vulnerable Undici versions, when interceptors.deduplicate is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlle...

5.9CVSS7AI score0.00566EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/09 1:23 a.m.4 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/08 12:8 a.m.8 views

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

6.5CVSS6.1AI score0.0017EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/08 12:8 a.m.4 views

EUVD-2026-19878

WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 12:8 a.m.3 views

GHSA-MMW7-WQ3C-WF9P WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

Summary The PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions. The newer ipnV2.php and webhook.php handlers correctly deduplicate...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References4
Rows per page
Query Builder