Lucene search
K

19525 matches found

NVD
NVD
added 2026/07/02 4:17 a.m.7 views

CVE-2026-57278

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.0028EPSS
Exploits0References2
RubySec
RubySec
added 2026/07/02 12:0 a.m.4 views

ruby webrick through v1.9.2 WEBrick reparses trailer

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00289EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.34 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-14324

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return. CVE-2026-14324 Note that Nessus relies on the presence of the...

6.5CVSS6AI score0.00175EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55310

Name of the Vulnerable Software and Affected Versions webrick versions prior to 1.9.3 Description WEBrick reparses the trailer Content-Length into the canonical request state, which enables request smuggling. Request smuggling is a technique that interferes with the way a website processes...

7.5CVSS6AI score0.00289EPSS
Exploits0References4
OSV
OSV
added 2026/07/02 12:0 a.m.2 views

UBUNTU-CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 12:0 a.m.25 views

CVE-2026-38969

CVE-2026-38969 affects WEBrick (Ruby) up to v1.9.2. The flaw arises when WEBrick re-parses the trailer Content-Length, placing it into the canonical request state and enabling request smuggling. Documented impact includes potential bypass of security controls and information injection if exposed ...

7.5CVSS5.8AI score0.00289EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-14258

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in dhcpcd's IPv6 Neighbor Discovery Router Advertisement processing. A specially crafted IPv6 Router Advertisement containing a zero-length...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.7 views

PT-2026-55315

Name of the Vulnerable Software and Affected Versions Libreswan affected versions not specified Description Libreswan fails to correctly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS 1 RSA Encryption. This occurs within the RSA authenticate ha...

8.1CVSS6.5AI score0.00367EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/07/02 12:0 a.m.7 views

CVE-2026-38969

ruby webrick through v1.9.2 WEBrick reparses trailer Content-Length into canonical request state, enabling request smuggling...

7.5CVSS5.9AI score0.00289EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/01 9:21 p.m.10 views

dnsmasq: NSEC bitmap parsing infinite loop

A denial of service vulnerability was discovered in dnsmasq's DNSSEC validation. When parsing NSEC and NSEC3 bitmap records, the window iteration logic fails to account for the 2-byte window header when advancing through the bitmap data. A specially crafted DNS response with a zero-length bitmap...

7.5CVSS6.1AI score0.07237EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/07/01 8:45 p.m.7 views

CVE-2026-57204

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to uncontrolled resource consumption and large memory usage. This occurs because the library sometimes ignores defined limits for stre...

6.9CVSS5.8AI score0.00206EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 6:54 p.m.5 views

gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment

A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service...

9.1CVSS5.7AI score0.00805EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 6:47 p.m.4 views

GHSA-3CCM-4QQ2-5WRP Constrata's coordinator transit engine `ciphertextContainer.UnmarshalJSON` panics on attacker-controlled short ciphertexts

Summary ciphertextContainer.UnmarshalJSON decodes the third :-separated component of a vault:vX:base64... ciphertext and then unconditionally takes a 12-byte prefix slice for the AES-GCM nonce: c.nonce = fullCiphertext:aesGCMNonceSize. If the decoded blob is shorter than 12 bytes, the slice...

4.3CVSS5.7AI score
Exploits0References4
OSV
OSV
added 2026/07/01 5:16 p.m.2 views

DEBIAN-CVE-2026-54399

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/01 5:2 p.m.6 views

EUVD-2026-41094

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 5:2 p.m.107 views

CVE-2026-54399

The CVE concerns Apache HttpComponents Core and a vulnerability in the HTTP/1.1 message parser causing memory exhaustion via an excessive number of headers or header length. Affected versions cited in public CVE records include 5.4.2 and earlier and 5.5-beta1 and earlier; a separate vendor-facing...

7.5CVSS5.8AI score0.00587EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 5:2 p.m.32 views

CVE-2026-54399 Apache HttpComponents Core: Unbounded HTTP Header/Line Length in Default Configuration

Uncontrolled Resource Consumption vulnerability in the HTTP/1.1 message parser in Apache HttpComponents Core 5.4.2 and earlier, 5.5-beta1 and earlier allows an remote attacker to cause a denial of service through memory exhaustion by sending messages with excessive number of headers / excessive...

0.00587EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 3:17 p.m.7 views

CVE-2026-6687

FatFs R0.16 and earlier contains a stack overflow bug in fgetlabel because exFAT label length XDIRNumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The estimate...

7.6CVSS0.00232EPSS
Exploits2References4
OSV
OSV
added 2026/07/01 3:17 p.m.3 views

DEBIAN-CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References1
Rows per page
Query Builder