Lucene search
K

11357 matches found

BDU FSTEC
BDU FSTEC
added yesterday13 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02603EPSS
Exploits1References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42964

ZITADEL is an open source identity management platform. Prior to 4.15.3, ZITADEL Login V2 OIDC and SAML FailedPrecondition error paths return loginSettings.defaultRedirectUri to router.push without applying the isSafeRedirectUri check, allowing an organization or instance administrator to store a...

7.3CVSS6.2AI score0.00225EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score0.00436EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS6AI score0.0037EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-56139

A flaw was found in the Apache Camel Undertow component. The camel-undertow HTTP server consumer, when processing errors, could return full Java stack traces in HTTP responses. This occurs because the muteException option, which controls what is returned to the client during errors, defaulted to...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-56504

Name of the Vulnerable Software and Affected Versions @opentelemetry/propagator-jaeger versions prior to 2.9.0 Description The @opentelemetry/propagator-jaeger component decodes incoming uber-trace-id and uberctx- HTTP header values using the decodeURIComponent function without proper error...

7.5CVSS6AI score0.00436EPSS
Exploits0References9
Amazon
Amazon
added 6 days ago4 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Important: docker

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS7.5AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-784 Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library

Summary The Azure Storage Encryption library in Java and other languages is vulnerable to a CBC Padding Oracle attack, similar to CVE-2020-8911. The library is not vulnerable to the equivalent of CVE-2020-8912, but only because it currently only supports AES-CBC as encryption mode. Severity...

4.7CVSS6.4AI score0.00521EPSS
Exploits0References6
OSV
OSV
added 2026/07/06 6:26 a.m.5 views

OESA-2026-2821 nodejs security update

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices...

7.5CVSS6.6AI score0.03782EPSS
Exploits0References4
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper error handling in the pre-receive process when processing input with bufio.Scanner. An attacker can bypass branch-protection checks by submitting oversized input that triggers scanner errors...

9.8CVSS6AI score0.00472EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.7 views

CVE-2026-27780

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

9.8CVSS0.00472EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.38 views

CVE-2026-27780 Gitea pre-receive hook can miss branch-protection checks after scanner errors

Gitea versions before 1.26.0 do not fail closed on bufio.Scanner errors while processing pre-receive hook input, allowing oversized input to bypass branch-protection checks...

0.00472EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.18 views

PT-2026-55605

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.0 Description The software does not fail closed when encountering bufio.Scanner errors during the processing of pre-receive hook input. This behavior allows oversized input to bypass branch-protection checks...

9.8CVSS6AI score0.00472EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/01 5:14 p.m.4 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS7AI score0.00337EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/30 10:8 p.m.26 views

CVE-2026-56334 Capgo - Missing UPDATE RLS Policy for Build Status Persistence

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...

5.3CVSS0.00192EPSS
Exploits0References2
NCSC
NCSC
added 2026/06/30 11:48 a.m.10 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NVD
NVD
added 2026/06/29 6:16 p.m.9 views

CVE-2026-57958

Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...

6.1CVSS0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 1:30 p.m.33 views

CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS0.00383EPSS
Exploits0References6
Rows per page
Query Builder