Lucene search
K

72731 matches found

Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.4 views

PT-2026-28569

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows Remote Code Execution RCE through a crafted Abstract Syntax Tree AST object. The Handlebars.compile function accepts either a template string or a pre-parsed AST. When an AS...

9.8CVSS6.3AI score0.01739EPSS
Exploits2References274
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.2 views

Cisco Nexus 3000 9000 Series Switches Intermediate System-to-Intermediate System DoS (cisco-sa-n39k-isis-dos-JhJA8Rfx)

According to its self-reported version, Cisco NX-OS Software is affected by a vulnerability. - A vulnerability in the Intermediate System-to-Intermediate System IS-IS feature of Cisco NX-OS Software for Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode...

7.4CVSS5.9AI score0.00266EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.5 views

Squid < 7.5 Multiple Vulnerabilities

The version of Squid on the remote host is prior to 7.5. It is, therefore, affected by multiple vulnerabilities: - Due to heap Use-After-Free, Squid is vulnerable to Denial of Service when handling ICP traffic. This attack is limited to Squid deployments that explicitly enable ICP support...

9.2CVSS6AI score0.08942EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/26 9:20 p.m.41 views

CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers

Picomatch is a glob matcher written JavaScript. Versions prior to 4.0.4, 3.0.2, and 2.3.2 are vulnerable to Regular Expression Denial of Service ReDoS when processing crafted extglob patterns. Certain patterns using extglob quantifiers such as + and , especially when combined with overlapping...

7.5CVSS0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:34 p.m.1 views

CVE-2026-3622 Denial-of-Service Vulnerability in UPnP Component of TP Link's TL-WR841N

The vulnerability exists in the UPnP component of TL-WR841N v14, where improper input validation leads to an out-of-bounds read, potentially causing a crash of the UPnP service. Successful exploitation can cause the UPnP service to crash, resulting in a Denial-of-Service condition. This...

7.1CVSS5.9AI score0.00355EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 8:34 p.m.13 views

CVE-2026-3622

CVE-2026-3622 affects TL-WR841N v14's UPnP component, where improper input validation triggers an out-of-bounds read that can crash the UPnP service and cause a Denial-of-Service. Affected builds include EN_0.9.1 4.19 Build 260303 Rel.42399n (V14_260303) and US_0.9.1.4.19 Build 260312 Rel. 49108n...

7.5CVSS5.8AI score0.00355EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/03/26 6:35 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to insufficient validation of incoming request size in the webhook endpoint. An attacker can disrupt service availability by sending oversized requests to the endpoint. Details Denial of Service DoS describes a...

6.9CVSS6AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/26 6:30 p.m.7 views

EUVD-2026-15958

n8n Vulnerable to LDAP Filter Injection in LDAP Node...

6.3CVSS5.8AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.5 views

CVE-2026-2745

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 7.11 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to bypass WebAuthn two-factor authentication and gain unauthorized access to user accounts due to inconsisten...

8.1CVSS5.8AI score0.00276EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-20108

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user...

5.4CVSS6AI score0.00162EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-3988

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an unauthenticated user to cause a denial of service by making the GitLab instance unresponsive due to improper input validation in...

7.5CVSS5.8AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.3 views

CVE-2026-20125

A vulnerability in the HTTP Server feature of Cisco IOS Software and Cisco IOS XE Software Release 3E could allow an authenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. This vulnerability is due to improper validation ...

7.7CVSS5.9AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/26 4:19 p.m.26 views

CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler

Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...

4.9CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 4:19 p.m.9 views

CVE-2026-3116

CVE-2026-3116 affects Mattermost Plugins with versions

4.9CVSS5.8AI score0.00344EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/26 4:19 p.m.3 views

CVE-2026-3116 Improper Input Validation in Zoom Plugin Webhook Handler

Mattermost Plugins versions =11.4 11.0.4 11.1.3 11.3.2 10.11.11.0 fail to validate incoming request size which allows an authenticated attacker to cause service disruption via the webhook endpoint. Mattermost Advisory ID: MMSA-2026-00589...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 3:30 p.m.3 views

EUVD-2025-209063

HCL Aftermarket DPC is affected by Improper Input Validation which allows an attacker to inject executable code and can carry out attacks such as XSS, SQL Injection, Command Injection etc...

9.8CVSS6AI score0.00997EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:19 p.m.7 views

CVE-2025-36920

In hypalloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

8.4CVSS6AI score0.00087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-3563

Improper input validation in the apps and endpoints configuration in PowerShell Universal before 2026.1.4 allows an authenticated user with permissions to create or modify Apps or Endpoints to override existing application or system routes, resulting in unintended request routing and denial of...

5.5CVSS5.8AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.7 views

CVE-2026-20643

A flaw was found in WebKitGTK. Processing malicious web content can cause a cross-origin issue in the Navigation API due to improper input validation and result in a bypass of the same origin policy. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Lin...

5.4CVSS6.1AI score0.00354EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.4 views

CVE-2026-20639

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption...

7.5CVSS5.8AI score0.00599EPSS
Exploits0References1
Rows per page
Query Builder