Lucene search
K

160 matches found

EUVD
EUVD
added 2026/05/06 6:30 p.m.17 views

EUVD-2026-27863

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/06 10:26 a.m.37 views

CVE-2025-59853 HCL DFXAnalytics is affected by an Improper Error Handling vulnerability

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

3.1CVSS0.00166EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.10 views

SUSE CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

6.5CVSS5.8AI score0.00611EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-37658

A vulnerability in an identity management API endpoint of Cisco ISE could allow an unauthenticated, remote attacker to enumerate valid user accounts on an affected device. This vulnerability exists because error messages are observed when the affected API endpoint is called. An attacker could...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/05/05 7:15 p.m.11 views

podman-desktop: Podman Desktop: Denial of Service and Information Disclosure via unauthenticated HTTP server

A flaw was found in Podman Desktop. A remote attacker can exploit an unauthenticated HTTP server, which lacks proper connection limits and timeouts, to trigger denial-of-service DoS conditions. This can lead to application crashes or a complete host freeze. Additionally, verbose error responses...

9.1CVSS5.7AI score0.00474EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/05/05 12:21 a.m.14 views

Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Vulnerability Disclosure: Authentication Bypass via Prototype Pollution Gadget in validateStatus Merge Strategy Summary The Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500,...

8.2CVSS5.9AI score0.00611EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.9 views

RHEL 9 : ovn24.03 (RHSA-2026:11700)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11700 advisory. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add...

8.6CVSS5.5AI score0.00868EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/04/24 5:55 p.m.33 views

CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS0.00611EPSS
Exploits1References1
OSV
OSV
added 2026/04/23 9:26 p.m.5 views

GHSA-Q834-8QMM-V933 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Summary When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory with no upper-bound on the number of bytes consumed. This could cause memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References6
NVD
NVD
added 2026/04/23 6:16 p.m.8 views

CVE-2026-40182

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.9CVSS0.00304EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/23 5:51 p.m.33 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS0.00304EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/23 5:51 p.m.4 views

CVE-2026-40182 OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format OTLP, if the request results in a unsuccessful request i.e. HTTP 4xx or 5xx, the response is read into memory...

5.3CVSS5.8AI score0.00304EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.10 views

SUSE CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 3:31 p.m.4 views

EUVD-2026-24933

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References2
NVD
NVD
added 2026/04/22 2:16 p.m.6 views

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/22 1:47 p.m.29 views

CVE-2026-33595 DoQ/DoH3 excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

5.3CVSS0.00371EPSS
Exploits0References1
CVE
CVE
added 2026/04/22 1:47 p.m.25 views

CVE-2026-33595

The connected documents independently confirm CVE-2026-33595 affects PowerDNS DNSdist, describing a flaw where a client can trigger excessive memory allocation by generating many error responses over a single DoQ/DoH3 connection, with resources not released until connection end. This is the state...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 1:47 p.m.5 views

CVE-2026-33595 DoQ/DoH3 excessive memory allocation

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

5.3CVSS5.8AI score0.00371EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34439

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A client can trigger excessive memory allocation by generating numerous error responses over a single DoQ DNS over QUIC and DoH3 DNS over HTTP/3 connection,...

7.5CVSS5.1AI score0.00489EPSS
Exploits0References48
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

PowerDNS DNSdist 安全漏洞

PowerDNS DNSdist is a proxy software provided by PowerDNS that offers capabilities for DNS traffic load balancing and security protection. PowerDNS DNSdist has a security vulnerability that stems from the ability of clients to trigger excessive memory allocation by generating numerous error...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References2
Rows per page
Query Builder