Lucene search
K

103220 matches found

NVD
NVD
added 2026/03/19 7:16 p.m.6 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

7.5CVSS0.03002EPSS
Exploits1References3
OSV
OSV
added 2026/03/19 7:16 p.m.4 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/03/19 6:31 p.m.3 views

GHSA-5VRW-QJXW-89R5 Metricbeat Allocates Memory with Excessive Size Value Leading to Denial of Service

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:5 p.m.2 views

CVE-2026-26931

Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130...

5.7CVSS5.8AI score0.00179EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/19 4:42 p.m.1 views

GHSA-89XV-2J6F-QHC8 Cross-Site Tool Execution for HTTP Servers without Authorizatrion in github.com/modelcontextprotocol/go-sdk

The Go SDK's Streamable HTTP transport accepted browser-generated cross-site POST requests without validating the Origin header and without requiring Content-Type: application/json. In deployments without Authorization, especially stateless or sessionless configurations, this allows an arbitrary...

7.1CVSS5.8AI score0.00178EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/19 3:47 p.m.4 views

CVE-2026-32865

OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user's password and security questions. Existing...

9.8CVSS5.9AI score0.00307EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/19 1:33 p.m.4 views

Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2025-58056

Summary Netty is used by the IBM Datapower Operations Dashboard in their network implementation Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients...

7.5CVSS5.8AI score0.00631EPSS
Exploits2Affected Software1
OSV
OSV
added 2026/03/19 12:47 p.m.0 views

SUSE-SU-2026:20796-1 Security update for python311

This update for python311 fixes the following issues: Updated to Python 3.11.15: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

7.5CVSS7AI score0.01525EPSS
Exploits0References17
vulnersOsv
vulnersOsv
added 2026/03/19 12:44 p.m.4 views

http-api-problem (>=0.50.0 <=0.50.2) potentially affected by CVE-2026-33241 via salvo (>=0.10.4 <=0.11.6)

salvo CARGO version =0.10.4, =0.50.0, =0.50.2 Source cves: CVE-2026-33241 Source advisory: OSV:GHSA-PP9R-XG4C-8J4X...

8.7CVSS5.8AI score0.00437EPSS
Exploits1
Snyk
Snyk
added 2026/03/19 12:42 p.m.1 views

Missing Authentication for Critical Function

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Missing Authentication for Critical Function in WordNet Browser HTTP server in default configuration. An attacker can cause the service to...

8.2CVSS5.8AI score0.00855EPSS
Exploits1References2
OSV
OSV
added 2026/03/19 12:42 p.m.6 views

GHSA-JM6W-M3J8-898G Unauthenticated remote shutdown in nltk.app.wordnet_app

Summary nltk.app.wordnetapp allows unauthenticated remote shutdown of the local WordNet Browser HTTP server when it is started in its default mode. A simple GET /SHUTDOWN%20THE%20SERVER request causes the process to terminate immediately via os.exit0, resulting in a denial of service. Details The...

7.5CVSS5.9AI score0.00855EPSS
Exploits1References4
OSV
OSV
added 2026/03/19 10:26 a.m.6 views

SUSE-SU-2026:0932-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.115: - CVE-2025-66614: client certificate verification bypass due to virtual host mapping bsc1258371. - CVE-2026-24733: improper input validation on HTTP/0.9 requests bsc1258385. - CVE-2026-24734: certificate revocation bypas...

9.1CVSS7.4AI score0.00498EPSS
Exploits0References7
Ubuntu
Ubuntu
added 2026/03/19 5:20 a.m.12 views

USN-8018-3: Python 2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

6.3CVSS7.2AI score0.00696EPSS
Exploits0
OSV
OSV
added 2026/03/19 5:20 a.m.6 views

USN-8018-3 python2.7 vulnerabilities

USN-8018-1 fixed CVE-2025-12084, CVE-2025-15282, CVE-2026-0672, CVE-2026-0865 for python3. This update provides the corresponding updates for python2.7. Original advisory details: Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this iss...

6.3CVSS7.3AI score0.00696EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.4 views

OpenClaw 操作系统命令注入漏洞

OpenClaw is an automation tool for executing system commands. An authentication bypass vulnerability exists in versions prior to OpenClaw 2026.2.21 that stems from the system failing to enforce secure authentication when the allowInsecureAuth setting is explicitly enabled and the gateway is expos...

8.1CVSS5.8AI score0.00381EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/19 12:0 a.m.4 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

5.8AI score0.03002EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/19 12:0 a.m.112 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

0.03002EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/19 12:0 a.m.4 views

CVE-2026-25667

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing...

5.8AI score0.03002EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.8 views

PT-2026-26328

Name of the Vulnerable Software and Affected Versions ASP.NET Core versions prior to 8.0.22 ASP.NET Core versions prior to 9.0.11 Description A remote attacker can cause excessive CPU consumption by sending a crafted QUIC packet. This is due to an incorrect exit condition for HTTP/3 Encoder/Decod...

7.5CVSS5.8AI score0.03002EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2026/03/19 12:0 a.m.4 views

Fedora 44 : cpp-httplib (2026-2c2afa9f9e)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-2c2afa9f9e advisory. Update to 0.37.1 - Fixes Denial of Service via malformed Content-Length header CVE-2026-31870 - Reenable 32b builds Update to 0.37.0 rhbz2441656 -...

7.5CVSS6AI score0.00602EPSS
Exploits4References5
Rows per page
Query Builder