Lucene search
K

2271784 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.363 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 1 hour ago3 views

Unpacking the AsyncAPI npm supply chain compromise and import-time payload delivery

In this article 1. Attack chain overview 2. How the attack started: GitHub Actions pwn request 3. Mitigation and protection guidance 4. Learn more On July 14, 2026, Microsoft Threat Intelligence identified a coordinated supply chain compromise of the @asyncapi npm organization, a widely used set ...

Exploits0
GithubExploit
GithubExploit
added 2 hours ago8 views

xss-lab-writeup

My First XSS Lab: Reflected, Stored & Fake Login Attack By:...

6AI score
Exploits0
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44823

PlaywrightCapture stored capture-specific configuration and runtime data as mutable class-level variables rather than instance-level variables. Consequently, multiple Capture objects running within the same Python process could share state, including HTTP headers, cookies, browser storage, HTTP...

7.1CVSS6.1AI score
Exploits0References2
OSV
OSV
added 3 hours ago1 views

RLSA-2026:39868 Important: nodejs:24 security, bug fix, and enhancement update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: ip-address: ip-address: Cross-site scripting via improper HTML escaping of untrusted input CVE-2026-42338 undici: undici: Denial of Service due to...

8.1CVSS0.02806EPSS
Exploits1References16
Rockylinux
Rockylinux
added 3 hours ago2 views

nodejs:24 security, bug fix, and enhancement update

An update is available for nodejs, module.nodejs, nodejs-packaging, nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

9.8CVSS0.02806EPSS
Exploits1
BDU FSTEC
BDU FSTEC
added yesterday28 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

10CVSS7AI score0.00412EPSS
Exploits0References11Affected Software9
BDU FSTEC
BDU FSTEC
added yesterday25 views

The vulnerability of the pg_dump utility in the PostgreSQL database management system allows a hacker to execute arbitrary code.

The vulnerability of the pgdump utility in the PostgreSQL database management system is related to the inclusion of functions from an unverified and uncontrolled area. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

10CVSS7.2AI score0.00736EPSS
Exploits1References11Affected Software9
Github Security Blog
Github Security Blog
added yesterday3 views

ToolHive: SSRF in remote MCP server authentication discovery (host-side, bypasses container isolation)

Security Advisory: SSRF in remote MCP server authentication discovery Severity: High. CWE: CWE-918. Affected: ToolHive through the latest release v0.29.3 and current main HEAD b672d82f, 2026-06-12; re-verified 2026-06-14. FetchResourceMetadata and the discovery clients remain unguarded; no commit...

Exploits0References2Affected Software1
OSV
OSV
added yesterday1 views

GHSA-PR64-JMMF-JP54 ToolHive: SSRF in remote MCP server authentication discovery (host-side, bypasses container isolation)

Security Advisory: SSRF in remote MCP server authentication discovery Severity: High. CWE: CWE-918. Affected: ToolHive through the latest release v0.29.3 and current main HEAD b672d82f, 2026-06-12; re-verified 2026-06-14. FetchResourceMetadata and the discovery clients remain unguarded; no commit...

6.3CVSS
Exploits0References2
OSV
OSV
added yesterday0 views

GHSA-6F5R-5672-72J7 @andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default

Summary @andrea9293/mcp-documentation-server v1.13.0 documents that a Web UI starts automatically on port 3080. However, the Web UI/API appears to bind to all network interfaces by default :3080 / 0.0.0.0:3080 instead of localhost-only, and its document-management API endpoints do not require...

8.8CVSS
Exploits0References4
Github Security Blog
Github Security Blog
added yesterday7 views

@andrea9293/mcp-documentation-server: Web UI API binds to all interfaces without authentication by default

Summary @andrea9293/mcp-documentation-server v1.13.0 documents that a Web UI starts automatically on port 3080. However, the Web UI/API appears to bind to all network interfaces by default :3080 / 0.0.0.0:3080 instead of localhost-only, and its document-management API endpoints do not require...

6.3AI score
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

Pomerium Pre-Auth Memory Exhaustion via Unbounded zstd Decompression in HPKE Callback

Summary The HPKE V2 URL decode path in pkg/hpke/url.go decompresses attacker-controlled zstd data without any size limit. On Pomerium deployments using the stateless authentication flow Pomerium Zero / hosted authenticate, the proxy's /.pomerium/callback endpoint is reachable without credentials...

6.1AI score
Exploits0References4Affected Software1
OSV
OSV
added yesterday0 views

GHSA-P5F6-RCCC-JV98 dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday7 views

dd-trace-rb: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

6.1AI score0.00106EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added yesterday6 views

dd-trace-go: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

6.1AI score0.00106EPSS
Exploits0References2Affected Software2
Github Security Blog
Github Security Blog
added yesterday4 views

dd-trace-dotnet: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

6.1AI score0.00106EPSS
Exploits0References2Affected Software2
OSV
OSV
added yesterday1 views

GHSA-38WR-VPC7-2MP4 dd-trace-dotnet: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS0.00106EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday6 views

dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

6.1AI score0.00106EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday0 views

GHSA-WXQQ-GCQ8-C443 dd-trace-js: Improper parsing of W3C baggage headers may lead to DoS

Impact Datadog tracing libraries that implement W3C baggage propagation parse incoming baggage HTTP headers without enforcing item-count or byte-size limits on the extract path. The DDTRACEBAGGAGEMAXITEMS default 64 and DDTRACEBAGGAGEMAXBYTES default 8192 limits were applied only to baggage...

7.5CVSS0.00106EPSS
Exploits0References2
Rows per page
Query Builder