Lucene search
+L

653 matches found

debiancve
debiancve
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52920

In the Linux kernel, the following vulnerability has been resolved: netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy matching needs to consume info-pol in the same forward order as the rule...

8.3CVSS5.7AI score0.00299EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.11 views

PT-2026-51713

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter module where the match policy in function processes sec path entries in reverse order, from the last transform to the first. For strict policy matching,...

8.3CVSS5.7AI score0.00299EPSS
Exploits0References24
nessus
nessus
added 2026/06/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-52920

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - netfilter: xtpolicy: fix strict mode inbound policy matching matchpolicyin walks secpath entries from the last transform to the first one, but strict policy...

8.3CVSS6AI score0.00299EPSS
Exploits0References3
nvd
nvd
added 2026/06/22 6:16 p.m.13 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/22 4:52 p.m.33 views

CVE-2026-54285 opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS0.00238EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 4:52 p.m.5 views

CVE-2026-54285

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/22 4:52 p.m.51 views

CVE-2026-54285

Opentelemetry-js (OpenTelemetry JavaScript client) is affected by CVE-2026-54285 through the W3CBaggagePropagator.extract() path in @opentelemetry/core prior to 2.8.0, where inbound baggage headers were not capped and could trigger memory allocation proportional to header size. The issue is fixed...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References1
osv
osv
added 2026/06/22 4:52 p.m.4 views

CVE-2026-54285 opentelemetry-js: Unbounded memory allocation in W3C Baggage propagation

opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 2.8.0, W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were...

5.3CVSS6AI score0.00238EPSS
Exploits0References3
osv
osv
added 2026/06/19 9:15 p.m.12 views

GHSA-JRPC-7VXP-69P6 http4k: `reverseProxy()` defaulted to substring (`Contains`) matching on `Host`; tightened to `Exact`

Impact reverseProxy and reverseProxyRouting matched configured vhosts by substring on the Host header Contains matcher by default. The intended use of these functions in http4k is outbound dispatch e.g. matching AWS service subdomains, per the Contains docstring and test-time composition of fake...

6.3CVSS5.9AI score
Exploits0References5
astralinux
astralinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ICMP: Fixed a data race around the sysctlicmperrorsuseinboundifaddr function. When reading sysctlicmperrorsuseinboundifaddr, it can be changed concurrently. Therefore, we need to add READONCE to its reader function...

4.7CVSS6AI score0.00167EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/16 3:52 p.m.13 views

CVE-2026-10649

A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed remote message before authentication, an attacker can cause memory corruption, leading to a denial...

8.6CVSS5.3AI score0.00443EPSS
Exploits0References4
osv
osv
added 2026/06/15 8:38 p.m.10 views

GHSA-8988-4F7V-96QF OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.11 views

PT-2026-49598

Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References7
nvd
nvd
added 2026/06/12 9:16 p.m.13 views

CVE-2026-44780

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS0.00189EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 8:22 p.m.10 views

CVE-2026-44780 Discourse: Category queue reviewers can read raw incoming emails from queued posts

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
euvd
euvd
added 2026/06/12 8:22 p.m.10 views

EUVD-2026-36584

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1
nessus
nessus
added 2026/06/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-40994

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestDat...

8.2CVSS5.5AI score0.00229EPSS
Exploits0References2
nessus
nessus
added 2026/06/12 12:0 a.m.24 views

Oracle E-Business Suite (April 2026 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite component: Setup and Administration. Supported...

9.8CVSS6.3AI score0.01916EPSS
Exploits7References21
github
github
added 2026/06/11 1:4 p.m.22 views

guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/06/11 1:4 p.m.10 views

GHSA-34XG-WGJX-8XPH guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation

Impact guzzlehttp/psr7 improperly interpreted malformed Host header values when constructing request URIs from inbound request data. This issue concerns inbound request parsing and server request construction. It does not require serializing a PSR-7 request, and it is not part of the normal...

5.3CVSS5.5AI score0.00198EPSS
Exploits0References4
Rows per page
Query Builder