Lucene search
+L

51 matches found

osv
osv
added 2026/07/08 7:56 p.m.3 views

CVE-2026-58254 NATS Server: Incomplete fix for CVE-2026-33249: Leaf node connections bypass Nats-Trace-Dest permission check

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.8, message trace destination checks were applied to ordinary client connections but not consistently to messages arriving through leafnode connections, allowing a leafnode...

5.3CVSS6.1AI score0.00308EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.9 views

PT-2026-56559

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description MQTT retained message delivery and QoS1+ durable replay may deliver messages to subscribers even if the original topics match a configured subscribe deny...

4.3CVSS6.1AI score0.00342EPSS
Exploits0References9
astralinux
astralinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in hdf5

The HDF5 library from version 1.14.3 may use an uninitialized value in the H5Aattrreleasetable field within the H5Aint.c file...

9.8CVSS7.2AI score0.00951EPSS
Exploits0References3
osv
osv
added 2026/06/12 7:32 p.m.9 views

GHSA-JH32-V29G-68PQ TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework

Problem Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

8.7CVSS5.9AI score0.00244EPSS
Exploits0References7
cve
cve
added 2026/06/09 10:54 a.m.34 views

CVE-2026-49741

CVE-2026-49741 concerns TYPO3 CMS where backend users with write access to the form_definition table can directly manipulate form definitions via DataHandler, bypassing Form Framework validation and permission checks. This enables injecting arbitrary form configurations and is associated with SQL...

8.7CVSS6.2AI score0.00244EPSS
Exploits0References3
susecve
susecve
added 2026/05/21 2:29 a.m.14 views

SUSE CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References3
osv
osv
added 2026/05/19 7:16 p.m.7 views

DEBIAN-CVE-2026-33637

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

6.5CVSS5.7AI score0.00272EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/05/19 5:44 p.m.7 views

CVE-2026-33637 Faraday: Protocol-relative URI objects still bypass host scoping (possible incomplete fix for GHSA-33mh-2634-fwr2)

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. Versions 2.0.0 through 2.14.1 still allow protocol-relative host override when the request target is passed as a URI object rather than a String to Faraday::Connectionbuildexclusiveurl. This...

5.7AI score0.00272EPSS
Exploits1References2
susecve
susecve
added 2026/05/07 2:20 a.m.12 views

SUSE CVE-2026-33190

CoreDNS is a DNS server that chains plugins. In versions prior to 1.14.3, the tsig plugin can be bypassed on non-plain-DNS transports DoT, DoH, DoH3, DoQ, and gRPC because it trusts the transport writer's TsigStatus instead of performing verification itself. The DoH and DoH3 writer's TsigStatus...

7.5CVSS5.8AI score0.00374EPSS
Exploits1References3
cve
cve
added 2026/05/05 8:29 p.m.54 views

CVE-2026-35579

CoreDNS versions prior to 1.14.3 expose a TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports. In gRPC/QUIC, the server checks for a configured TSIG key name but never calls dns.TsigVerify(), so a matching key yields a nil tsigStatus and the request is treated as authenticated rega...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References5Affected Software1
cnnvd
cnnvd
added 2026/05/05 12:0 a.m.17 views

CoreDNS 安全漏洞

CoreDNS is a DNS server within the CoreDNS community. Versions of CoreDNS prior to 1.14.3 contained a security vulnerability. This vulnerability stemmed from the tsig plugin’s trust transfer writer, which relied on TsigStatus for verification instead of performing its own validation. This allowed...

8.7CVSS5.8AI score0.00374EPSS
Exploits1References1
osv
osv
added 2026/04/29 1:21 p.m.13 views

JLSEC-2026-298

HDF5 through 1.14.3 contains a buffer overflow in H5Zfilterfletcher32, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

7.4CVSS8.9AI score0.00234EPSS
Exploits0References1
cvelist
cvelist
added 2026/03/10 7:59 p.m.30 views

CVE-2025-36226 Multiple vulnerabilities in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS0.0021EPSS
Exploits0References1
susecve
susecve
added 2026/02/28 12:24 a.m.3 views

SUSE CVE-2026-28364

In OCaml before 4.14.3 and 5.x before 5.4.1, a buffer over-read in Marshal deserialization runtime/intern.c enables remote code execution through a multi-phase attack chain. The vulnerability stems from missing bounds validation in the readblock function, which performs unbounded memcpy operation...

7.8CVSS6.6AI score0.0021EPSS
Exploits0References5
snyk
snyk
added 2026/02/25 7:13 p.m.4 views

Missing Release of Memory after Effective Lifetime

Overview Magick.NET-Q16-HDRI-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

6.9CVSS6AI score
Exploits0References2
cvelist
cvelist
added 2025/11/19 4:40 p.m.22 views

CVE-2025-64757 Astro Development Server is Vulnerable to Arbitrary Local File Read

Astro is a web framework. Prior to version 5.14.3, a vulnerability has been identified in the Astro framework's development server that allows arbitrary local file read access through the image optimization endpoint. The vulnerability affects Astro development environments and allows remote...

3.5CVSS0.00402EPSS
Exploits1References2
nessus
nessus
added 2025/11/07 12:0 a.m.4 views

Teamcenter Visualization WRL File Parsing Vulnerabilities

Siemens Teamcenter Visualization contains multiple file-parsing vulnerabilities in its WRL-file reader that affect versions V14.2, V14.3, V2312, and V2406. If a user opens a specially crafted malicious WRL file, the application may crash or allow arbitrary code execution in the context of the...

7.8CVSS6.3AI score0.00272EPSS
Exploits0References27
nessus
nessus
added 2025/11/07 12:0 a.m.5 views

Teamcenter Visualization SSO login service Vulnerability

Teamcenter contains an open-redirect vulnerability in its SSO login service affecting Teamcenter V14.1, V14.2, V14.3, V2312, V2406, and V2412; the SSO accepts user-controlled input that can point to external URLs, allowing an attacker to craft a link that redirects a legitimate user to a maliciou...

7.4CVSS8.6AI score0.0054EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2025/10/27 1:39 p.m.3 views

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...

5.6AI score0.00204EPSS
Exploits0References1
mskb
mskb
added 2025/09/09 7:0 a.m.13 views

September 9, 2025—KB5065427 (OS Build 14393.8422)

None None...

9.8CVSS6.8AI score0.18834EPSS
Exploits5
Rows per page
Query Builder