Lucene search
K

2923 matches found

NVD
NVD
added 2026/06/16 10:16 a.m.7 views

CVE-2026-39437

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS0.00142EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 9:0 a.m.6 views

EUVD-2026-37044

Unauthenticated Cross Site Scripting XSS in Min Max Step Quantity Limits Manager for WooCommerce = 5.2.2 versions...

7.1CVSS5.2AI score0.00142EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 9:0 a.m.15 views

CVE-2026-39437

The CVE-2026-39437 issue affects the WordPress plugin “Min Max Step Quantity Limits Manager for WooCommerce” (versions ≤ 5.2.2). The vulnerability is an unauthenticated Cross Site Scripting (XSS), described as reflected in Patchstack and corroborated by NVD/CVE listings. The root cause is an inpu...

7.1CVSS5.1AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.14 views

PT-2026-50180

Name of the Vulnerable Software and Affected Versions n8n versions prior to 2.24.0 Description The Compression node's Decompress operation expands attacker-controlled archives into memory without enforcing limits on the decompressed output size. An unauthenticated attacker can send a small...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 8:39 p.m.3 views

GHSA-82W8-QH3P-5JFQ Starlette: request.form() limits silently ignored for application/x-www-form-urlencoded enable DoS

Summary request.form accepts maxfields and maxpartsize to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an...

7.5CVSS5.5AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:38 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview @opentelemetry/core is an OpenTelemetry Core provides constants and utilities shared by all OpenTelemetry SDK packages. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the extract function. An attacker can cause excessive memory...

8.2CVSS5.9AI score0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:38 p.m.5 views

GHSA-8988-4F7V-96QF OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.6AI score0.00238EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:38 p.m.7 views

OpenTelemetry Core: Unbounded memory allocation in W3C Baggage propagation

Overview W3CBaggagePropagator.extract in @opentelemetry/core does not enforce size limits when parsing inbound baggage HTTP headers. The W3C Baggage specification recommends a maximum of 8,192 bytes and 180 entries; these limits were only enforced on the outbound inject path, not on the inbound...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:11 p.m.6 views

GHSA-XCGM-R5H9-7989 aiohttp: Incomplete websocket frame payloads bypass memory limits

Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...

8.7CVSS5.5AI score0.00305EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:11 p.m.7 views

aiohttp: Incomplete websocket frame payloads bypass memory limits

Summary If an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. Impact If a web application has WebSocket endpoints, it may be possible for an attacker to execute a DoS attack through excessive memory use. ----- Patch:...

8.7CVSS5.5AI score0.00305EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:43 p.m.5 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Allocation of Resources Without Limits or Throttling (CVE-2026-29181)

Summary There are vulnerabilities in go.opentelemetry.io/otel-v1.37.0, go.opentelemetry.io/otel-v1.38.0, go.opentelemetry.io/otel-v1.40.0 used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-29181. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-29181...

7.5CVSS5.3AI score0.00435EPSS
Exploits1Affected Software1
CVE
CVE
added 2026/06/15 1:56 p.m.219 views

CVE-2026-5079

The CVE-2026-5079 issue affects the Multer library (versions 1.0.0–2.1.1 and 3.0.0-alpha.1). The vulnerability arises from the append-field dependency parsing bracket notation in field names with no limit on nesting depth, which can cause the allocation of deeply nested object structures and cons...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/15 1:56 p.m.39 views

CVE-2026-5079 multer vulnerable to Denial of Service via deeply nested field names

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.9 views

PT-2026-49598

Name of the Vulnerable Software and Affected Versions @opentelemetry/core versions prior to 2.8.0 Description The W3CBaggagePropagator.extract function in @opentelemetry/core fails to enforce size limits when parsing inbound baggage HTTP headers. While the W3C Baggage specification recommends a...

5.3CVSS5.7AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.14 views

PT-2026-49597

Name of the Vulnerable Software and Affected Versions Starlette affected versions not specified FastAPI affected versions not specified Description A Denial of Service DoS issue exists in the request.form function when processing application/x-www-form-urlencoded requests. While limits for max...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

Fedora 43 : bind9-next (2026-ec095a4675)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ec095a4675 advisory. Update to 9.21.22 rhbz2480122 Security Fixes: - Limit resolver server list size. CVE-2026-3592 - Fix GSS-API resource leak. CVE-2026-3039 - Disable...

9.8CVSS5.5AI score0.01844EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49095

Name of the Vulnerable Software and Affected Versions Glances versions prior to 4.5.5 Description The XML-RPC server implemented in glances/server.py and started with glances -s fails to validate the HTTP Host header. This allows a DNS rebinding attack, where an attacker can bypass the same-origi...

5.3CVSS5.8AI score0.00156EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49096

Name of the Vulnerable Software and Affected Versions glances affected versions not specified Description The secure popen function in glances/secure.py improperly interprets shell-like operators, specifically file redirection, | pipe, and && command chaining, within command strings. When...

7.8CVSS6.2AI score0.00184EPSS
Exploits0References7
NVD
NVD
added 2026/06/12 10:16 p.m.20 views

CVE-2026-53522

Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.0.0 to before version 2.2.0, the Nezha dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: POST /api/v1/terminal → createTerminal...

6.5CVSS0.00289EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/12 3:7 p.m.11 views

SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS

Summary The HTTPDecoder in NIOHTTP1 enforces no limit on the total size of an HTTP/1 message's header block or on the number of header fields per message. A remote peer can submit an arbitrary number of small, valid headers in a single request and have them all accumulated into the resulting...

5.8AI score0.00048EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder