Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/06/04 1:44 p.m.41 views

CVE-2026-10863 MISP User-controlled order parameter in correlations over-correlation endpoint

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 1:44 p.m.11 views

EUVD-2026-34265

A security issue was fixed in the correlations over-correlation endpoint where the order query parameter was accepted from user-controlled named request parameters. This allowed an authenticated user to override the server-defined ordering of over-correlating values. Depending on how the value wa...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References1
Fedora
Fedora
added 2026/05/15 9:9 p.m.14 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6AI score0.61469EPSS
Exploits41
Veracode
Veracode
added 2026/03/21 5:3 a.m.5 views

Denial Of Service (DoS)

Micronaut Framework is vulnerable to Denial of Service DoS. The vulnerability is due to improper handling of descending array index order in JsonBeanPropertyBinder::expandArrayToThreshold, where crafted form-urlencoded parameters can trigger a non-terminating loop, leading to CPU exhaustion and...

8.2CVSS5.8AI score0.00595EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/20 4:47 a.m.25 views

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

8.2CVSS0.00595EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/20 4:47 a.m.3 views

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

8.2CVSS5.8AI score0.00595EPSS
Exploits1References5
CVE
CVE
added 2026/03/20 4:47 a.m.45 views

CVE-2026-33013

Summary of CVE-2026-33013 (Micronaut DoS via crafted form-urlencoded binding) : A flaw in Micronaut Framework (micronaut-json-core) allows remote attackers to cause a Denial of Service by sending crafted indexed form parameters that rely on descending array indices during form-urlencoded body bin...

8.2CVSS5.8AI score0.00595EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/03/20 4:47 a.m.2 views

CVE-2026-33013 Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

Micronaut Framework is a JVM-based full stack Java framework designed for building modular, easily testable JVM applications. Versions prior to both 4.10.16 and 3.10.5 do not correctly handle descending array index order during form-urlencoded body binding in...

8.2CVSS5.8AI score0.00595EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/03/20 12:0 a.m.8 views

Micronaut Framework 安全漏洞

The Micronaut Framework is a modern full-stack Java framework based on the JVM, developed by the Micronaut Foundation. Versions of the Micronaut Framework prior to 4.10.16 and 3.10.5 contained security vulnerabilities. These vulnerabilities stemmed from non-terminating loops when processing...

8.2CVSS7.2AI score0.00595EPSS
Exploits1References6
OSV
OSV
added 2026/03/17 4:59 p.m.2 views

GHSA-43W5-MMXV-CPVH Micronaut vulnerable to DoS via crafted form-urlencoded body binding with descending array indices

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

8.2CVSS5.9AI score0.00595EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.4 views

PT-2026-26180

In JsonBeanPropertyBinder::expandArrayToThreshold in io.micronaut:micronaut-json-core before Micronaut 4 4.10.16 and in Micronaut 3 before 3.10.5 does not correctly handle descending array index order during form-urlencoded body binding, which allows remote attackers to cause a denial of service...

8.2CVSS5.9AI score0.00595EPSS
Exploits1References8
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.12 views

Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called

Lines of code Vulnerability details Impact An attacker can : Exceed the per address allowance in Fixed Price Sale, Exponential Descending Sale and Linear Descending Sale modes. Cause a loss for another user in Burn-to-Mint mode by accepting an offer when onERC721Received is triggered. Proof of...

7AI score
Exploits0
CNVD
CNVD
added 2015/11/18 12:0 a.m.3 views

ATutor PHP Code Injection Vulnerability

ATutor is an open source Web-based learning content management system LCMS developed by the ATutor team. The system includes teaching content management, forums, chat rooms and other modules. An eval injection vulnerability exists in the mods/standard/gradebook/editmarks.php script in ATutor 2.2...

6.5CVSS8AI score0.02059EPSS
Exploits3References1
Rows per page
Query Builder