Lucene search
K

2751 matches found

Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44876

The Open ISES Project 3.30A contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the frm passwd parameter. Attackers can send POST requests to main.php with crafted SQL payloads to extract sensitive...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 7:32 p.m.37 views

CVE-2026-32847 DeepCode 1.2.0 Path Traversal via SPA Catch-All Route in main.py

DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route in newui/backend/main.py that allows unauthenticated attackers to read arbitrary files by supplying percent-encoded path segments to the GET /fullpath:path endpoint. Attackers can bypass Starlette's...

8.7CVSS0.00376EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/27 2:57 p.m.9 views

CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories

go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside the intended checkout target, including the repository's .git directory. These validations were...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/26 11:20 a.m.16 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 5:5 a.m.11 views

freerdp: FreeRDP: Denial of service due to use-after-free vulnerability

A flaw was found in FreeRDP. A remote attacker could exploit a use-after-free vulnerability in the xfSetWindowMinMaxInfo function. This occurs when a freed window pointer is dereferenced because the main thread concurrently deletes a window while the Remote Desktop Protocol RAIL channel thread is...

9.8CVSS7.3AI score0.00599EPSS
Exploits1References15
RedHat Linux
RedHat Linux
added 2026/05/26 4:0 a.m.13 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 3:24 a.m.14 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 3:3 a.m.15 views

tornado-python: Tornado: Denial of Service via large multipart bodies

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS7.3AI score0.00375EPSS
Exploits0References5
OSV
OSV
added 2026/05/25 9:16 p.m.10 views

DEBIAN-CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References1
NVD
NVD
added 2026/05/25 9:16 p.m.20 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS0.00224EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 9:16 p.m.17 views

UBUNTU-CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References4
CVE
CVE
added 2026/05/25 8:16 p.m.51 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indicator for TELNET data, but the trust status is not cleared between proxy authentication and the main session. This may cause a misleading trust cue to the user. Affected version range is 0.77–0.83; remediation is to upgrade to 0....

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/25 8:16 p.m.28 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS0.00224EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 8:16 p.m.15 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 8:16 p.m.8 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 8:16 p.m.13 views

EUVD-2026-31731

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/25 8:16 p.m.20 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/25 8:16 p.m.7 views

CVE-2026-48851

PuTTY 0.77 before 0.84 uses a copy of the PuTTY icon as a trust indication for TELNET data but the trust status is not cleared between proxy authentication and the main session...

3.1CVSS5.8AI score0.00224EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.14 views

PT-2026-43123

Name of the Vulnerable Software and Affected Versions PuTTY versions 0.77 through 0.83 Description The software uses a copy of the PuTTY icon to indicate trust for TELNET data. However, the trust status is not cleared between the proxy authentication phase and the main session, which may lead to...

3.1CVSS5.8AI score0.00224EPSS
Exploits0References10
OSV
OSV
added 2026/05/22 7:14 a.m.8 views

CLSA-2026-1779434064 libdnf: Fix of CVE-2021-3445

CVE-2021-3445: fix signature verification bypass via signature placed in the main RPM header...

7.5CVSS7.3AI score0.01117EPSS
Exploits0References1
Rows per page
Query Builder