Lucene search
K

37019 matches found

CVE
CVE
added yesterday22 views

CVE-2026-49855

Tornado (Python) prior to 6.5.6 allows a malicious server accessed via SimpleAsyncHTTPClient or an HTTPServer with decompress_request=True to accumulate decompressed data without an overall size limit, potentially causing memory exhaustion. Affected is gzip decompression routines that previously ...

7.5CVSS6.1AI score0.00052EPSS
Exploits0References3
CVE
CVE
added yesterday75 views

CVE-2026-49854

Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...

5.3CVSS6.1AI score0.00027EPSS
Exploits0References4
CVE
CVE
added yesterday7 views

CVE-2026-50651

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday6 views

CVE-2026-50650

Improper control of generation of code 'code injection' in .NET Framework allows an unauthorized attacker to elevate privileges locally...

7.8CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-50648

Allocation of resources without limits or throttling in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday7 views

CVE-2026-50646

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...

7.8CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday7 views

CVE-2026-50646 .NET Framework Remote Code Execution Vulnerability

...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday8 views

CVE-2026-50527

Stack-based buffer overflow in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-50525

Allocation of resources without limits or throttling in .NET allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-50524

Improper validation of specified type of input in .NET Framework allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday20 views

CVE-2026-48747

Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...

6.3CVSS6.1AI score0.00018EPSS
Exploits0References4
CVE
CVE
added yesterday25 views

CVE-2026-45305

Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6
CVE
CVE
added yesterday40 views

CVE-2026-45069

Symfony’s CVE-2026-45069 concerns OidcTokenHandler::verifyClaims() in the Symfony PHP framework where audience (aud), issuer (iss), and expiry (exp) checks were not passed to the ClaimCheckerManager, allowing a validly signed JWT missing those claims to pass verification. Affects Symfony versions...

8.8CVSS6.1AI score0.0005EPSS
Exploits0References4
CVE
CVE
added yesterday22 views

CVE-2026-45753

In Symfony HTML sanitizer, the UrlAttributeSanitizer ignored certain URL-valued attributes (action, formaction, poster, cite) because getSupportedAttributes() omitted them. Configurations with permissive element/attribute allowances could let javascript: URIs bypass sanitization, enabling XSS whe...

2.1CVSS6.1AI score0.00082EPSS
Exploits0References5
CVE
CVE
added yesterday4 views

CVE-2026-57108

Access of resource using incompatible type 'type confusion' in .NET Core allows an unauthorized attacker to deny service over a network...

7.5CVSS6.1AI score
Exploits0References1
Microsoft KB
Microsoft KB
added yesterday102 views

May 12, 2026-KB5087065 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1607 and Windows Server 2016

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
Microsoft KB
Microsoft KB
added yesterday77 views

May 12, 2026-KB5087077 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 (build 28000) and later

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
Microsoft KB
Microsoft KB
added yesterday65 views

May 26, 2026-KB5092430 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 24H2

None None...

7.8CVSS6.1AI score
Exploits0
Microsoft KB
Microsoft KB
added yesterday23 views

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 (KB5087048)

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
Microsoft KB
Microsoft KB
added yesterday18 views

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 (KB5087049)

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
Rows per page
Query Builder