104 matches found
PT-2026-45903
In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack request smuggling, which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and...
ASB-A-429417453
In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2026-41712
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
PT-2026-40006
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users...
CVE-2026-42272
CVE-2026-42272 affects Heimdall, a cloud-native Identity Aware Proxy/Access Control service. Before v0.17.14, it treated URL-encoded slashes (%2F) as case-sensitive while percent-encodings must be case-insensitive, causing %2f to be ignored when allow_encoded_slashes is off (default). This discre...
GHSA-H829-5CG7-6HFF gitverify has improper tag signature verification
gitverify is still a prototype. Impact The bug is related to requireSignedTags which is on by default: an unsigned annotated tag would pass the verification. The commit pointed to by the tag would still have to be signed by a maintainer or a contributor. Patches Since the initial commit, fixed in...
CVE-2026-31923
Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to sslverify in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, whic...
CVE-2025-66249
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Livy. This issue affects Apache Livy: from 0.3.0 before 0.9.0. The vulnerability can only be exploited with non-default Apache Livy Server settings. If the configuration value...
CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...
CVE-2025-68139 In EVerest, by default, the EV is responsible for closing the connection if the module encounters an error during request processing
EVerest is an EV charging software stack. In all versions up to and including 2025.12.1, the default value for terminateconnectiononfailedresponse is False, which leaves the responsibility for session and connection termination to the EV. In this configuration, any errors encountered by the modul...
Everest-core authorization issue vulnerability
Everest-core is a major component of the open-source electric vehicle charging software stack developed by EVerest. Versions of Everest-core prior to 2025.12.1 contained an authorization vulnerability. This vulnerability stemmed from the default configuration of...
CVE-2019-18935
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote...
CVE-2025-48612
CVE-2025-48612 affects Android work-profile contexts where an app can alter the main user's NFC payment default due to improper input validation at multiple locations. The root cause is input validation issues that enable a local escalation of privilege without additional execution privileges or ...
CVE-2025-12888
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...
DEBIAN-CVE-2025-12888
Vulnerability in X25519 constant-time cryptographic implementations due to timing side channels introduced by compiler optimizations and CPU architecture limitations, specifically with the Xtensa-based ESP32 chips. If targeting Xtensa it is recommended to use the low memory implementations of...
CVE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0-alpha....
CVE-2025-58096
CVE-2025-58096 affects BIG-IP TMM: when tm.tcpudptxchecksum is configured as non-default Software-only, undisclosed traffic can terminate TMM, causing DoS on the BIG-IP device. Public sources confirm this vulnerability across BIG-IP versions and provide remediation guidance. Affected BIG-IP branc...
F5 Networks BIG-IP : BIG-IP TMM vulnerability (K000156691)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.8 / 16.1.6.1 / 17.1.3 / 17.5.1.3. It is, therefore, affected by a vulnerability as referenced in the K000156691 advisory. When the database variabletm.tcpudptxchecksumis configured as non-default valueSoftware-only...
CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access
Newforma Info Exchange NIX before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication...
EUVD-2010-1639
Malware in sbrugna...