Lucene search
K

103 matches found

Debian
Debian
added 2026/06/25 7:21 p.m.4 views

[SECURITY] [DSA 6368-1] pdns security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6368-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...

4.3CVSS5.8AI score0.00479EPSS
Exploits0
NVD
NVD
added 2026/06/25 12:16 p.m.7 views

CVE-2026-42005

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS0.00479EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 11:57 a.m.5 views

CVE-2026-42005

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS5.9AI score0.00479EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/25 11:57 a.m.4 views

CVE-2026-42005

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS5.9AI score0.00479EPSS
Exploits0
CVE
CVE
added 2026/06/25 11:57 a.m.11 views

CVE-2026-42005

CVE-2026-42005 describes a vulnerability where an attacker can send a web request that triggers unlimited memory allocation in the internal web server, causing denial of service. The affected component is the internal web server; root cause is uncontrolled memory growth when processing requests. ...

4.3CVSS5.9AI score0.00479EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 11:57 a.m.30 views

CVE-2026-42005 Insufficient input validation of internal web server

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

4.3CVSS0.00479EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:15 p.m.22 views

CVE-2026-47139

vm2 NodeVM burlon bypass vulnerability exists where public network modules are blocked but internal underscored HTTP builtins (_http_client, _http_server) remain reachable. The issue allows sandboxed code to perform outbound HTTP requests and open listening sockets despite network exclusions, ena...

8.6CVSS5.3AI score0.00282EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.10 views

CVE-2026-42352

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...

8.6CVSS5.9AI score0.00454EPSS
Exploits0References1
NVD
NVD
added 2026/05/08 11:16 p.m.20 views

CVE-2026-42352

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...

8.6CVSS0.00454EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 10:31 p.m.30 views

CVE-2026-42352 pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...

8.6CVSS0.00454EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 10:31 p.m.10 views

CVE-2026-42352

pygeoapi is vulnerable to SSRF via the OGC API - Process execution path in versions 0.23.0 up to 0.23.3. The issue arises from the subscriber object enabling requests to internal HTTP services. It has been patched in version 0.23.3. Affected releases include 0.23.0–0.23.2, with fixes in 0.23.3. M...

8.6CVSS5.9AI score0.00454EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 10:31 p.m.8 views

CVE-2026-42352

pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, OGC API process execution requests can use the subscriber object to requests to internal HTTP services. This issue has been patched in version 0.23.3...

8.6CVSS5.9AI score0.00454EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/30 11:17 p.m.2 views

CVE-2026-22726

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS5.3AI score0.00199EPSS
Exploits0References2Affected Software2
EUVD
EUVD
added 2026/04/30 11:17 p.m.6 views

EUVD-2026-26458

Route Services can be leveraged to send app traffic to network destinations outside of an app's configured egress rules. As a result, a malicious developer with access to Cloudfoundry could configure a route-service that would allow it to send requests to HTTP services on internal networks...

5CVSS5.3AI score0.00199EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-36112

Name of the Vulnerable Software and Affected Versions pygeoapi versions 0.23.0 through 0.23.2 Description OGC API process execution requests can utilize the subscriber object to make requests to internal HTTP services. This allows for unauthorized interaction with internal network resources...

8.6CVSS5.9AI score0.00454EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.7 views

SUSE CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.5 views

SUSE CVE-2026-33257

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.7AI score0.00514EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.5 views

SUSE CVE-2026-33260

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.7AI score0.00524EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/22 12:30 p.m.5 views

EUVD-2026-24719

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00606EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/22 12:30 p.m.8 views

EUVD-2026-24720

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References4
Rows per page
Query Builder