Lucene search
K

48 matches found

EUVD
EUVD
added 3 days ago4 views

EUVD-2026-40357

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
CVE
CVE
added 3 days ago7 views

CVE-2026-58369

Woodpecker

6.9CVSS5.8AI score0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 3 days ago36 views

CVE-2026-58369 Woodpecker < 3.15.0 - Unauthenticated NULL Pointer Dereference in /api/orgs/lookup Enables Log-Flooding Denial of Service

Woodpecker before 3.15.0 registers the /api/orgs/lookup/orgfullname endpoint without authentication middleware, and the LookupOrg handler unconditionally dereferences the session user user.ForgeID, via ForgeFromUser when selecting the forge to query. For an unauthenticated request session.User...

6.9CVSS0.00362EPSS
Exploits0References4
NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 1:55 p.m.7 views

EUVD-2026-38279

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

5.3CVSS6.1AI score0.0043EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:55 p.m.4 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS5.9AI score0.00317EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-12549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...

5.3CVSS6.1AI score0.0043EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 3:35 p.m.10 views

EUVD-2026-33965

NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside...

5.3CVSS5.8AI score0.00343EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 a.m.17 views

CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

7.5CVSS5.7AI score0.00365EPSS
Exploits0References1
NVD
NVD
added 2026/05/20 8:16 p.m.10 views

CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

7.5CVSS0.00365EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 6:43 p.m.7 views

CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

5.1CVSS5.7AI score0.00365EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/20 6:43 p.m.9 views

CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

5.1CVSS5.7AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 6:43 p.m.13 views

EUVD-2026-31155

The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion...

5.1CVSS5.7AI score0.00365EPSS
Exploits0References1
CVE
CVE
added 2026/05/20 6:43 p.m.19 views

CVE-2026-9137

CVE-2026-9137 affects the CSP report endpoint in MISP. The endpoint intended to cap CSP report payloads at 1 KB was incorrectly allowing reports up to 1 MB before truncation, enabling potential log flooding and resource exhaustion on deployments where the endpoint is reachable by untrusted client...

7.5CVSS5.7AI score0.00365EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/20 6:43 p.m.33 views

CVE-2026-9137 CSP Report Endpoint Log Flooding in MISP via Incorrect Size Limit

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

5.1CVSS0.00365EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.11 views

PT-2026-42248

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The CSP report endpoint incorrectly allowed reports up to 1 MB before truncation, despite being intended to limit logged CSP reports to 1 KB. When this endpoint ...

5.1CVSS5.7AI score0.00365EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

MISP 资源管理错误漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions such as analyzing threats to network security and malware analysis. MISP has a resource management...

7.5CVSS5.8AI score0.00365EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41779

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.12.0 Description Two FastAPI routes used for serving per-component static assets accept a sub-path parameter that can resolve to a directory instead of a file. When a request resolves to a directory, it triggers an...

5.3CVSS6.2AI score0.00343EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/06 6:31 p.m.10 views

EUVD-2025-208344

Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debugrnglists data. A logic error in the handling of the debugrnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an...

5.8AI score0.00155EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2025/10/06 6:50 a.m.2 views

CVE-2025-58582 Uncontrolled Resource Consumption via log file

If a user tries to login but the provided credentials are incorrect a log is created. The data for this POST requests is not validated and it’s possible to send giant payloads which are then logged...

5.3CVSS6.5AI score0.00516EPSS
Exploits0References6
Rows per page
Query Builder