Lucene search
K

103206 matches found

ATTACKERKB
ATTACKERKB
added 2026/03/30 9:42 p.m.8 views

CVE-2026-33952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/30 9:42 p.m.2 views

EUVD-2026-17221

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 9:42 p.m.4 views

CVE-2026-33952 FreeRDP: DoS via WINPR_ASSERT in rts_read_auth_verifier_no_checks

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated authlength field read from the network triggers a WINPRASSERT failure in rtsreadauthverifiernochecks, causing any FreeRDP client connecting through a malicious RDP Gateway to crash with SIGABR...

6CVSS5.8AI score0.00271EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/30 9:31 p.m.11 views

EUVD-2026-17176

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.5AI score0.00454EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/30 9:31 p.m.3 views

EUVD-2026-17170

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7AI score0.26356EPSS
Exploits0References2
NVD
NVD
added 2026/03/30 9:17 p.m.6 views

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

9.8CVSS0.00705EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:44 p.m.3 views

CVE-2026-4789

Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions...

5.9AI score0.00705EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/30 8:16 p.m.10 views

CVE-2026-31804

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /pmsimageproxy endpoint accepts a user-supplied img parameter and forwards it to Plex Media Server's /photo/:/ transcode transcoder without authentication and without restricting the scheme...

5.3CVSS0.00277EPSS
Exploits1References2
OSV
OSV
added 2026/03/30 8:16 p.m.2 views

ALPINE-CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS5.8AI score0.26356EPSS
Exploits0References1
NVD
NVD
added 2026/03/30 8:16 p.m.3 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS0.26356EPSS
Exploits0References16
OSV
OSV
added 2026/03/30 8:16 p.m.4 views

UBUNTU-CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.3AI score0.26356EPSS
Exploits0References3
CVE
CVE
added 2026/03/30 8:11 p.m.17 views

CVE-2026-32696

CVE-2026-32696 affects NanoMQ 0.24.6 where HTTP auth (auth.http_auth) with MQTT CONNECT and missing username/password (using %u/%P) causes auth_http.c:set_data() to call strlen() on a NULL pointer, triggering a remote SIGSEGV and DoS. A fix exists in 0.24.7. The Red Hat, NVD, OSV, and CVE list en...

7.5CVSS5.8AI score0.00399EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/30 8:11 p.m.1 views

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS5.8AI score0.00399EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/30 8:11 p.m.15 views

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS0.00399EPSS
Exploits1References4
OSV
OSV
added 2026/03/30 8:11 p.m.4 views

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

3.1CVSS5.8AI score0.00399EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7AI score0.26356EPSS
Exploits0
CVE
CVE
added 2026/03/30 7:7 p.m.30 views

CVE-2026-21710

Summary: CVE-2026-21710 is a denial-of-service-type issue in Node.js HTTP request handling triggered by a header named __proto__ accessed via req.headersDistinct, which can cause an uncaught TypeError and crash the process when dest["proto "] resolves to Object.prototype and .push() is called on ...

7.5CVSS6.7AI score0.26356EPSS
Exploits0References16
ATTACKERKB
ATTACKERKB
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.1AI score0.26356EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21710

A flaw in Node.js HTTP request handling causes an uncaught TypeError when a request is received with a header named proto and the application accesses req.headersDistinct. When this occurs, dest"proto" resolves to Object.prototype rather than undefined, causing .push to be called on a non-array...

7.5CVSS7.8AI score0.26356EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/03/30 7:7 p.m.2 views

CVE-2026-21714

A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOWUPDATE frames on stream 0 connection-level that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerabili...

5.3CVSS6.3AI score0.00454EPSS
Exploits0
Rows per page
Query Builder