Lucene search
K

13 matches found

CVE
CVE
added 2026/06/26 7:57 p.m.9 views

CVE-2026-55838

CVE-2026-55838 (RustFS) : In versions up to 1.0.0-beta.7, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user, because MetricsHandler skips the admin-request validation that other admin handlers perform. As a result, a user whose policy allows only their ow...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52966

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-beta.8 Description RustFS is a distributed object storage system built in Rust. The real-time metrics endpoint '/rustfs/admin/v3/metrics' is accessible to any valid IAM user, regardless of their assigned policy...

4.3CVSS5.8AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47853

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:12 p.m.6 views

CVE-2026-25771

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

7.5CVSS5.9AI score0.00466EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/17 6:8 p.m.4 views

CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

5.3CVSS5.9AI score0.00466EPSS
Exploits1References1
OSV
OSV
added 2026/03/17 6:8 p.m.5 views

CVE-2026-25771 Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service DoS vulnerability exists in the Wazuh API authentication middleware middlewares.py. The application uses an asynchronous event...

5.3CVSS6AI score0.00466EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.6 views

CVE-2021-33509

Plone through 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script...

9.9CVSS6.5AI score0.0204EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/03/24 12:0 a.m.6 views

Vulnerability of the `close_ctree()` function (fs/btrfs/disk-io.c) in the Linux kernel, which allows an attacker to increase their privileges

The vulnerability of the closectree function fs/btrfs/disk-io.c in the Linux kernel relates to the possibility of using memory after it has been freed. Exploiting this vulnerability can allow an attacker to increase their privileges...

5.5CVSS6.5AI score0.0029EPSS
Exploits0References18Affected Software6
Positive Technologies
Positive Technologies
added 2025/01/01 12:0 a.m.13 views

PT-2025-37980

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the XFS file system related to the handling of ENODATA errors. Specifically, the code does not properly differentiate between ENODATA errors...

7.8CVSS7.1AI score0.00157EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2024/04/30 10:36 a.m.5 views

QEMU: improper IDE controller reset can lead to MBR overwrite

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead potentially overwriting the VM's boot code. This could be used, for example, by L2 guests with a virtual disk vdiskL2 stored on a virtual disk of an L1 vdiskL1...

7CVSS7.2AI score0.00231EPSS
Exploits0References5
CNVD
CNVD
added 2020/05/06 12:0 a.m.1 views

bitcoind/Bitcoin-Qt 'CTransaction::FetchInputs' method denied service

Bitcoin is an e-currency generated using open source P2P software. A vulnerability in the 'CTransaction::FetchInputs' method in bitcoind and Bitcoin-Qt versions prior to 0.8.0rc1 stems from the program's failure to incrementally check the consumed predecessor signals, i.e., copying transactions...

7AI score
Exploits0
Microsoft KB
Microsoft KB
added 2020/04/09 12:0 a.m.8 views

Unexpected ASP.Net application shutdown after many App_Data file changes occur on a server that is running Windows Server 2012 R2

Unexpected ASP.Net application shutdown after many AppData file changes occur on a server that is running Windows Server 2012 R2 Symptoms Consider the following scenario: You have a server that is running Windows Server 2012 R2. You set up a website on Internet Information Services IIS. You creat...

6.3AI score
Exploits0
Rows per page
Query Builder