Lucene search
K

72 matches found

Vulnrichment
Vulnrichment
added 2026/04/22 9:37 a.m.3 views

CVE-2026-33257 Insufficient input validation of internal webserver

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 9:37 a.m.32 views

CVE-2026-33256 Unbounded memory allocation by internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS0.00606EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/04/22 9:37 a.m.7 views

CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.3AI score0.00606EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34436

Name of the Vulnerable Software and Affected Versions DNSdist affected versions not specified Description An attacker can create a large number of concurrent DoQ DNS over QUIC or DoH3 DNS over HTTP/3 connections, causing unlimited memory allocation and leading to a denial of service. DoQ and DoH3...

8.2CVSS5.2AI score0.00731EPSS
Exploits0References48
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.9 views

PT-2026-34321

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...

8.2CVSS5.2AI score0.00731EPSS
Exploits0References51
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34324

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is...

7.5CVSS5.2AI score0.00524EPSS
Exploits0References50
CVE
CVE
added 2026/04/14 8:38 a.m.31 views

CVE-2026-31923

CVE-2026-31923 affects Apache APISIX (0.7–3.15.0) due to openid-connect plugin tls_verify/ssl_verify being disabled by default, enabling cleartext transmission of sensitive information. The CVSSv3.1 base score is 7.5 (Network attack, Low attack complexity, no privileges or user interaction, Confi...

7.5CVSS5.8AI score0.0025EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/08 7:34 p.m.6 views

CVE-2026-35585

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. From 2.0.0 until 2.33.8, the hook system in File Browser — which executes administrator-defined shell commands on file events such as upload, rename, and delete...

7.5CVSS6.1AI score0.01922EPSS
Exploits2References1
EUVD
EUVD
added 2026/04/08 12:4 a.m.4 views

EUVD-2026-19775

File Browser has a Command Injection via Hook Runner...

7.5CVSS5.9AI score0.01922EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2026/04/01 12:0 a.m.2 views

CVE-2025-67805

A non-default configuration in Sage DPW 202506004 allows unauthenticated access to diagnostic endpoints within the Database Monitor feature, exposing sensitive information such as hashes and table names. This feature is disabled by default in all installations and never available in Sage DPW Clou...

5.9CVSS5.9AI score0.00287EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.5 views

PT-2026-26339

Heap Overflow in TLS 1.3 ECH parsing. An integer underflow existed in ECH extension parsing logic when calculating a buffer length, which resulted in writing beyond the bounds of an allocated buffer. Note that in wolfSSL, ECH is off by default, and the ECH standard is still evolving...

8.3CVSS6AI score0.00487EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/10 12:19 p.m.2 views

CVE-2025-13957

CWE-798: Use of Hard-coded Credentials vulnerability exists that could cause information disclosure and remote code execution when SOCKS Proxy is enabled, and administrator credentials and PostgreSQL database credentials are known. SOCKS Proxy is disabled by default...

7.5CVSS6.3AI score0.00679EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 12:19 p.m.23 views

CVE-2025-13957

Summary: CVE-2025-13957 is a CWE-798 vulnerability involving hard-coded credentials that could lead to information disclosure and remote code execution when SOCKS Proxy is enabled, if administrator and PostgreSQL credentials are known. The issue is associated with Schneider Electric EcoStruxure I...

7.5CVSS6.3AI score0.00679EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 5:54 p.m.19 views

CVE-2026-1997

CVE-2026-1997 affects HP OfficeJet Pro printers where misconfigured Cross‑Origin Resource Sharing (CORS) could allow unauthorized web origins to access device resources. CORS is disabled by default on Pro‑class devices and should remain disabled unless explicitly required; the CVSSv4 base score i...

6.9CVSS5.5AI score0.00198EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/02/10 5:54 p.m.27 views

CVE-2026-1997 Certain HP OfficeJet Pro Printers - Information Disclosure

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing CORS is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedd...

6.9CVSS0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/10 12:0 a.m.11 views

PT-2026-7329

Certain HP OfficeJet Pro printers may expose information if Cross‑Origin Resource Sharing CORS is misconfigured, potentially allowing unauthorized web origins to access device resource. CORS is disabled by default on Pro‑class devices and can only be enabled by an administrator through the Embedd...

6.9CVSS5.5AI score0.00198EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/16 9:3 p.m.10 views

Skipper is vulnerable to arbitrary code execution through lua filters

Impact Arbitrary code execution through lua filters. The default skipper configuration before v0.23 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration...

8.8CVSS7.3AI score0.00473EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/01/14 12:16 p.m.5 views

CVE-2025-14338

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005...

8.5CVSS0.00222EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 11:55 a.m.29 views

CVE-2025-14338

CVE-2025-14338 describes a Polkit-related race condition affecting authentication checks, tied to InputPlumber and echoing issues from CVE-2025-66005. Affected software/component: Polkit authorization checks in versions before v0.69.0, with the note that Polkit authentication is disabled by defau...

8.5CVSS6.7AI score0.00222EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/14 11:55 a.m.4 views

CVE-2025-14338

Polkit authentication dis isabled by default and a race condition in the Polkit authorization check in versions before v0.69.0 can lead to the same issues as in CVE-2025-66005...

8.5CVSS5.5AI score0.00222EPSS
Exploits0References3
Rows per page
Query Builder