Lucene search
+L

382 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-55203

A flaw was found in HAProxy. A malicious FastCGI Fast Common Gateway Interface backend can exploit an integer overflow vulnerability in the fcgiconn structure's drl field. This occurs when specific contentLength and paddingLength values cause the drl field to wrap to zero, leading to incorrect...

9.1CVSS6.1AI score0.00321EPSS
Exploits0References5
OSV
OSV
added 4 days ago6 views

MGASA-2026-0250 Updated haproxy packages fix security vulnerability

HAProxy through 3.4.0, fixed in commit 5985276, contains an integer overflow vulnerability in the fcgiconn structure's drl field that allows buffer misparse as new FCGI record headers. When contentLength is 65535 and paddingLength is 1 or more, the drl field wraps to 0, causing incorrect record...

9.1CVSS6.1AI score0.00431EPSS
Exploits0References2
NVD
NVD
added 4 days ago7 views

CVE-2026-27690

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS0.00539EPSS
Exploits0References2
CVE
CVE
added 4 days ago29 views

CVE-2026-27690

CVE-2026-27690 describes an HTTP Request Smuggling vulnerability in SAP Approuter. An unauthenticated attacker can send specially crafted requests to trigger request–response desynchronization, potentially exposing user responses and causing service unavailability. The CVE’s impact is listed as h...

9.1CVSS6AI score0.00539EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-27690

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score0.00539EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-43584

Due to an HTTP Request Smuggling vulnerability in SAP Approuter, an unauthenticated attacker could send a specially crafted HTTP request that leads to request-response desynchronization. This could result in the exposure of user responses and cause the system to become unavailable. This leads to ...

9.1CVSS6AI score0.00539EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 4 days ago11 views

PT-2026-57935

Name of the Vulnerable Software and Affected Versions SAP Approuter affected versions not specified Description An unauthenticated attacker can exploit an HTTP Request Smuggling issue by sending a specially crafted HTTP request. This leads to request-response desynchronization, a condition where...

9.1CVSS6AI score0.00539EPSS
Exploits0References7
EUVD
EUVD
added 2026/07/09 11:19 p.m.12 views

EUVD-2026-33941

mint: Content-Length header accepts non-RFC "+" sign prefix...

6.3CVSS5.9AI score0.00301EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/09 8:27 p.m.7 views

CVE-2026-53655

A flaw was found in node-tar. This vulnerability arises because node-tar incorrectly applies PAX extended header size records to subsequent intermediary metadata headers, leading to a desynchronization of the tar stream cursor compared to other standard tar implementations. A remote attacker coul...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/08 8:54 p.m.4 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/08 2:15 p.m.5 views

gstreamer1-plugins-bad-free: GStreamer: Denial of service via AV1 tile_list_obu parser byte/bit confusion

A denial of service vulnerability was found in GStreamer's AV1 codec parser in gst-plugins-bad. The gstav1parserparsetilelistobu function passes a byte count to a bit-reader API that expects a bit count, causing parser desynchronization. A remote attacker could trick a user into opening a special...

6.5CVSS6AI score0.0031EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 1:49 p.m.34 views

CVE-2026-56362 ImageMagick - Heap-buffer-overflow Read in GetPixelIndex via OpenPixelCache Metadata Desynchronization

ImageMagick before 7.1.2-15 contains a heap-buffer-overflow read vulnerability in GetPixelIndex caused by OpenPixelCache updating image channel metadata before pixel cache memory allocation. Attackers can trigger memory and disk allocation failures to cause a heap-buffer-overflow read affecting a...

3.3CVSS0.00188EPSS
Exploits0References2
CVE
CVE
added 2026/07/08 1:49 p.m.20 views

CVE-2026-56362

CVE-2026-56362 affects ImageMagick prior to 7.1.2-15 with a heap-buffer-overflow read in GetPixelIndex caused by OpenPixelCache updating image channel metadata before memory allocation. Multiple sources (NVD, Red Hat, Debian security tracker, Alpine, CIRCL, PT Security, Luke/Snyk feeds) corrobora...

4.2CVSS6AI score0.00188EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/08 9:16 a.m.11 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/08 7:36 a.m.10 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/07/08 7:36 a.m.9 views

EUVD-2026-42180

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS6AI score0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/08 7:36 a.m.41 views

CVE-2026-57241 Foxit PDF Editor/Reader Page Out-of-bounds Read Vulnerability

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-58470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows...

6.9CVSS6.3AI score0.00247EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.11 views

PT-2026-56340

Name of the Vulnerable Software and Affected Versions Foxit PDF Editor/Reader affected versions not specified Description An issue occurs when the application opens a PDF and JavaScript performs operations on the page and document. This causes page-related objects to lose synchronization, while t...

6.1CVSS6.1AI score0.00107EPSS
Exploits0References6
NVD
NVD
added 2026/07/07 9:17 p.m.9 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS0.00247EPSS
Exploits0References2
Rows per page
Query Builder