Lucene search
K

8202 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS0.00125EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago4 views

kernel: netfilter: flowtable: strictly check for maximum number of actions

A flaw was found in the Netfilter flowtable component of the Linux kernel. This vulnerability occurs because the system does not strictly check the maximum number of hardware offload actions for IPv6, allowing it to process more actions than supported. This could potentially lead to system...

7.8CVSS5.9AI score0.00141EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-41878

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00125EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago3 views

CVE-2026-58203

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00125EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 4 days ago9 views

PT-2026-56068

Name of the Vulnerable Software and Affected Versions Coder versions 2.17.0 through 2.29.6 Coder versions 2.32.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The POST /api/v2/files endpoint converts zip uploads to tar in memory using the...

6.5CVSS6.4AI score0.00602EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 4 days ago12 views

PT-2026-56084

Name of the Vulnerable Software and Affected Versions 9Router versions prior to 0.4.80 Description The dashboard login rate limiter derives client identity from the X-Forwarded-For HTTP header, which is controlled by the user. When the application is directly exposed or deployed behind a reverse...

7.3CVSS6.2AI score
Exploits0References6
OSV
OSV
added 2026/07/03 12:33 p.m.2 views

SUSE-SU-2026:2748-1 Security update for perl-DBI

This update for perl-DBI fixes the following issue - CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer bsc1267957...

9.8CVSS6.1AI score0.00376EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 9:1 p.m.14 views

EUVD-2026-33432

golang.org/x/image/tiff has excessive resource consumption in PackBits decompression...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 8:20 p.m.2 views

GHSA-X4HG-HFWF-P9MW @asymmetric-effort/nogginlessdom vulnerable to ReDoS via user-controlled regex in HTMLInputElement pattern validation

Summary The HTMLInputElement.checkValidity method constructed a RegExp directly from the user-controlled pattern property without any sanitization or timeout protection. This allowed an attacker to inject a regex with catastrophic backtracking, freezing the event loop. Fix Fixed in commit...

6.9CVSS5.8AI score
Exploits0References3
OSV
OSV
added 2026/07/02 1:50 p.m.4 views

GHSA-GCFQ-8GQF-4876 GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward

Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...

5.3CVSS5.7AI score0.00455EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/07/02 1:50 p.m.7 views

GoFiber Vulnerable to X-Real-IP Spoofing via Header.Add() in BalancerForward

Summary The BalancerForward proxy helper in GoFiber uses Header.Add instead of Header.Set when injecting the X-Real-IP header. This appends the real client IP as a second header value rather than replacing any attacker-supplied value. Upstream servers that read the first X-Real-IP header nginx,...

5.3CVSS5.7AI score0.00455EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/07/02 12:17 p.m.8 views

CVE-2026-57756

Contributor SQL Injection in nicen-localize-image = 1.4.9 versions...

8.5CVSS0.0022EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 9:16 a.m.6 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS0.00366EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/02 7:33 a.m.8 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/07/02 7:33 a.m.20 views

CVE-2026-9563

Eclipse Parsson JSON parser did not enforce a default maximum on parsed characters before 1.1.8, allowing DoS from attacker-controlled JSON via very large documents. The fixed version, Parsson 1.1.8, adds a configurable limit with a default of 15 million parser-consumed characters. Affected: Ecli...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/02 7:33 a.m.37 views

CVE-2026-9563

In Eclipse Parsson published Maven Central artifacts before version 1.1.8, the JSON parser did not enforce a default maximum on the number of characters consumed while parsing a single JSON document. Applications that parse attacker- controlled JSON can be forced to consume excessive CPU and memo...

7.5CVSS0.00366EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.10 views

PT-2026-55275

Name of the Vulnerable Software and Affected Versions Fiber versions prior to 3.3.0 Fiber versions prior to 2.52.14 Description The BalancerForward proxy helper in middleware/proxy/proxy.go uses the Header.Add function instead of Header.Set when injecting the X-Real-IP header. This behavior appen...

5.3CVSS6AI score0.00455EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/07/02 12:0 a.m.36 views

CVE-2026-38970

pdfcpu through v0.11.1 contains an uncontrolled-recursion denial-of-service issue in pkg/pdfcpu/model/parse.go. The parser descends recursively through nested PDF objects, including arrays, via ParseObjectContext and parseArray without enforcing a maximum nesting depth...

0.00451EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.9 views

PT-2026-55049

Name of the Vulnerable Software and Affected Versions Simple URLs versions prior to 152 Description Cross Site Scripting XSS occurs when an application includes untrusted data in a web page without proper validation or escaping, allowing an attacker to execute malicious scripts in the victim's...

5.9CVSS6AI score0.00148EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-54936

Name of the Vulnerable Software and Affected Versions Eclipse Parsson versions prior to 1.1.8 Description The JSON parser does not enforce a default maximum on the number of characters consumed when parsing a single JSON document. This allows an attacker to provide specially crafted JSON document...

7.5CVSS5.9AI score0.00366EPSS
Exploits0References10
Rows per page
Query Builder