Lucene search
K

7338 matches found

Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49593

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description Host-only cookies saved using the CookieJar.save function and subsequently restored via the CookieJar.load function lose their host-only status. This can result in cookies loaded from disk being sen...

5.3CVSS5.8AI score0.00279EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49242

Name of the Vulnerable Software and Affected Versions multer versions 2.0.0-alpha.1 through 2.1.1 multer version 3.0.0-alpha.1 Description A Denial of Service issue exists when using diskStorage. Aborted or malformed multipart uploads leave orphaned partial files on disk because the Readable.pipe...

7.5CVSS5.3AI score0.00278EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.22 views

PT-2026-49093

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description Insecure deserialization occurs in glances/outdated.py because the load cache function uses pickle.load to read a version-check cache file. This file is stored at predictable, world-accessible paths...

7.8CVSS6.5AI score0.00303EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.13 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
NVD
NVD
added 2026/06/12 5:16 p.m.15 views

CVE-2026-47224

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...

4.3CVSS0.00187EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 4:57 p.m.9 views

CVE-2026-47224 NanaZip: Heap buffer-overflow read in NanaZip LVM metadata CRC check

NanaZip is the 7-Zip derivative intended for the modern Windows experience. From version 3.0.1000.0 to before version 6.0.1698.0, a heap buffer-overflow read exists in the LVM2 physical-volume metadata parser in NanaZip via the upstream 7-Zip LvmHandler. The vulnerability is triggered when openin...

4.3CVSS5.2AI score0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/06/12 11:16 a.m.15 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS0.0007EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 10:0 a.m.19 views

CVE-2026-9266

CVE-2026-9266 affects Moxa’s embedded Linux firmware for industrial computers and controllers. The issue is a Missing Required Cryptographic Step, an incomplete remediation of CVE-2026-0714, where TPM2 parameter encryption is undermined by an omission in the authorization session configuration. A...

7CVSS5.2AI score0.0007EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 10:0 a.m.6 views

CVE-2026-9266

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.2AI score0.0007EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 10:0 a.m.7 views

EUVD-2026-36411

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.1AI score0.00115EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2026/06/12 2:46 a.m.7 views

Mitigation for iSCSI Port Vulnerability in Hitachi Disk Array Systems

Overview When a large number of malicious packets are received, the iSCSI port may become unresponsive. CVE-2025-7737 Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information' section for the official countermeasure an...

8.6CVSS5.4AI score0.00268EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.11 views

PT-2026-48857

A Missing Required Cryptographic Step vulnerability has been identified in Moxa's embedded Linux firmware for industrial computers and controllers. This vulnerability represents an incomplete remediation of CVE-2026-0714. The firmware introduced TPM2 parameter encryption as a countermeasure again...

7CVSS5.2AI score0.0007EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:0 a.m.4 views

OPENSUSE-SU-2026:11015-1 kubevirt-container-disk-1.8.3-1.1 on GA media

These are all security issues fixed in the kubevirt-container-disk-1.8.3-1.1 package on the GA media of openSUSE Tumbleweed...

9.1CVSS5.3AI score0.01557EPSS
Exploits1References2
NVD
NVD
added 2026/06/11 8:16 p.m.10 views

CVE-2026-53781

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS0.00329EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 7:11 p.m.14 views

CVE-2026-53781

The CVE affects the Summarize utility prior to version 0.17.0. Vulnerable path is the temp-file-based media download, where an unbounded response can be streamed via the download/response path, causing disk and resource exhaustion. Root cause: responses bypass the enforced size limit due to missi...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 7:11 p.m.8 views

EUVD-2026-36307

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 7:11 p.m.9 views

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS5.3AI score0.00329EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/11 7:11 p.m.25 views

CVE-2026-53781 Summarize < 0.17.0 Disk Exhaustion via Uncapped Media Download

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS0.00329EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48731

Summarize before 0.17.0 contains a resource exhaustion vulnerability that allows remote attackers to cause disk exhaustion by serving media responses that bypass the enforced size limit through missing or misreported Content-Length headers, chunked transfer encoding, or failed HEAD requests...

5.3CVSS5.5AI score0.00329EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-45783

libp2p is a JavaScript Implementation of libp2p networking stack. Prior to version 16.2.6, an unauthenticated remote peer can exhaust the disk storage of any @libp2p/kad-dht node running in server mode by sending an unbounded stream of PUTVALUE messages whose keys bypass all content validation. N...

7.5CVSS0.00354EPSS
Exploits0References1
Rows per page
Query Builder