Lucene search
K

1228 matches found

EUVD
EUVD
added 1 hour ago4 views

EUVD-2026-43634

In Eclipse KUKSA Databroker version 0.6.1, the kuksa.val.v2.VAL/PublishValue gRPC handler fails to validate the existence of the optional datapoint field in PublishValueRequest. When a request contains a valid signalid but omits datapoint, the server directly calls unwrap on request.datapoint,...

4.3CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday5 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.2AI score0.03459EPSS
Exploits1References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 5 days ago6 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
NVD
NVD
added 6 days ago9 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS0.00364EPSS
Exploits0References9
Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00364EPSS
Exploits0
CVE
CVE
added 6 days ago10 views

CVE-2026-59818

CVE-2026-59818 affects etcd (distributed key-value store). Prior to versions 3.5.32 and 3.6.13, when etcd uses separate HTTP and gRPC client listeners, the --client-crl-file CRL is not enforced on the gRPC listener, letting a revoked-certificate client authenticate over gRPC. The issue is fixed i...

8.1CVSS6AI score0.00364EPSS
Exploits0References9Affected Software1
Snyk
Snyk
added 6 days ago4 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
Snyk
Snyk
added 6 days ago9 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00364EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 6 days ago7 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References5
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54061 Dgraph Alpha group stores can be replaced via unauthenticated external snapshot import

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...

9.1CVSS0.00388EPSS
Exploits0References2
Amazon
Amazon
added 6 days ago5 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...

9.2CVSS6.3AI score0.03459EPSS
Exploits1
RedHat Linux
RedHat Linux
added last week7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.7AI score0.03459EPSS
Exploits1References5
OSV
OSV
added 2026/07/06 7:49 p.m.4 views

CVE-2026-54234 vLLM: Remote DoS in vLLM via Invalid Recovered Token Reinjection

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Prior to 0.24.0, a frontend-legal multi-request speculative decoding workload can cause the rejection sampler to produce a recovered token equal to the model vocabulary size boundary value, which is then convert...

7.5CVSS6AI score0.00343EPSS
Exploits1References5
OSV
OSV
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2801 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03459EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2800 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03459EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2799 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03459EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2798 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03459EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/07/02 1:50 p.m.6 views

CVE-2026-48853

A flaw was found in the grpc component of elixir-grpc. This vulnerability allows unauthenticated attackers to send specially crafted messages, leading to two critical outcomes. First, it can cause a Denial of Service DoS by crashing the Erlang virtual machine BEAM node. Second, under certain...

9.8CVSS7.5AI score0.00573EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/01 9:24 a.m.11 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.65 packages and security update

Red Hat OpenShift Container Platform release 4.16.65 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Rows per page
Query Builder