Lucene search
+L

1267 matches found

Cvelist
Cvelist
added 2026/06/19 1:32 p.m.35 views

CVE-2026-48140 Unchecked enum cast vulnerability in NI grpc-device in BeginSidebandStream

There is an unchecked enum cast vulnerability in NI grpc-device BeginSidebandStream that may allow an attacker to trigger invalid enum states and undefined behavior, potentially resulting in a denial of service. Successful exploitation requires an attacker to supply a specially crafted message...

7.1CVSS0.00254EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:22 p.m.39 views

CVE-2026-48139 NULL pointer dereference vulnerability in NI grpc-device data moniker service

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI...

8.7CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:22 p.m.27 views

CVE-2026-48139

CVE-2026-48139 describes a NULL pointer dereference in NI grpc-device’s data moniker service that may allow a remote attacker to cause a denial of service by triggering a crash. Exploitation requires providing an unknown value to the data moniker service; affected versions are NI grpc-device 2.17...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:16 p.m.36 views

CVE-2026-48138 Out-of-bounds read vulnerability in the NI grpc-device streaming API

There is an out-of-bounds read vulnerability in the NI grpc-device streaming API due to a missing bounds check that may result in a denial of service. Successful exploitation requires an attacker to supply a specially crafted write request. This affects NI grpc-device 2.17.0 and prior versions...

8.7CVSS0.00343EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 11:2 a.m.5 views

SUSE-SU-2026:2466-1 Security update for azure-storage-azcopy

This update for azure-storage-azcopy fixes the following issues Update to 10.32.4: - CVE-2025-47907: database/sql: incorrect results returned from Rows.Scan bsc1247720. - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header...

9.6CVSS6.3AI score0.01557EPSS
Exploits1References12
SUSE CVE
SUSE CVE
added 2026/06/19 1:53 a.m.10 views

SUSE CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

8.1CVSS6.5AI score0.03552EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.29 views

PT-2026-50889

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An out-of-bounds read occurs in the NI grpc-device streaming API because of a missing bounds check. This issue can lead to a denial of service if an attacker provides a specially crafted writ...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.22 views

PT-2026-50890

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description A NULL pointer dereference occurs in the data moniker service of NI grpc-device. A NULL pointer dereference is a condition where a program attempts to read or write to a memory address that i...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.26 views

PT-2026-50888

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An untrusted pointer dereference exists in the sideband streaming API. This issue allows an attacker to trigger an arbitrary memory dereference, which could lead to remote code execution...

9.8CVSS6.3AI score0.00549EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.24 views

PT-2026-50902

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An incorrect conversion between numeric types occurs in NI grpc-device due to missing range checks in CodeGen. This issue may result in the silent discarding of high bits if a size value...

6.3CVSS5.8AI score0.0018EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.23 views

PT-2026-50901

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...

9.3CVSS6.8AI score0.00308EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.17 views

nginx 1.13.10 < 1.30.3 / 1.31.x < 1.31.2 Buffer Overflow

The installed version of nginx is 1.13.10 prior to 1.30.3, or 1.31.x prior to 1.31.2. It is, therefore, affected by the following issue: - NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the...

9.2CVSS8.4AI score0.03552EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.10 views

google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation

A flaw was found in gRPC-Go, the Go language implementation of gRPC. This vulnerability, an authorization bypass, is caused by improper input validation of the HTTP/2 :path pseudo-header. A remote attacker can exploit this by sending raw HTTP/2 frames with a malformed :path that omits the mandato...

9.1CVSS7.6AI score0.01557EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/18 5:24 p.m.25 views

Important: Red Hat Security Advisory: Satellite 6.16.9 Async Update

An update is now available for Red Hat Satellite 6.16 for RHEL 8 and RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.1CVSS7.7AI score0.01557EPSS
Exploits3References11
NVD
NVD
added 2026/06/18 2:17 p.m.13 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
CVE
CVE
added 2026/06/18 2:13 p.m.27 views

CVE-2026-50141

CVE-2026-50141 affects Woodpecker CI prior to 3.14.1, where the gRPC layer allowed an authenticated agent to impersonate another by forging agent_id in outgoing metadata. The server verified the JWT but then ignored it in favor of the client-supplied agent_id, enabling cross-tenant impersonation....

7.1CVSS5.4AI score0.00246EPSS
Exploits0References5
OSV
OSV
added 2026/06/18 2:13 p.m.5 views

CVE-2026-50141 Woodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonation

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS6AI score0.00246EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50677

Name of the Vulnerable Software and Affected Versions Woodpecker versions 3.0.0 through 3.14.0 Description A flaw in the gRPC layer of the CI/CD engine allows an authenticated agent to impersonate any other agent on the same server. This occurs because the server verifies the JWT JSON Web Token b...

7.1CVSS6.1AI score0.00246EPSS
Exploits0References10
OSV
OSV
added 2026/06/17 8:16 p.m.2 views

CVE-2026-32682

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/17 8:5 p.m.22 views

CVE-2026-32682 NGINX Gateway Fabric vulnerability

When NGINX Gateway Fabric is configured using GRPCRoutes, an authenticated, remote attacker with permission to create or modify GRPCRoute resources can cause the NGINX Gateway Fabric control plane to terminate by sending undisclosed GRPCRoute configurations containing backendRef filters. Note:...

7.1CVSS0.00292EPSS
Exploits0References1
Rows per page
Query Builder