Lucene search
K

13590 matches found

EUVD
EUVD
added 9 hours ago4 views

EUVD-2026-43641

Eclipse Grizzly in versions before 5.0.2, cannot properly parse the trailer section in malformed trailer header's line, which can be leveraged to perform HTTP request smuggling...

6.3CVSS6.1AI score
Exploits0References1
CVE
CVE
added 9 hours ago6 views

CVE-2026-12606

CVE-2026-12606 affects Eclipse Grizzly prior to 5.0.2. The issue is in parsing the trailer section of malformed trailer headers, which can be exploited to perform HTTP request smuggling. Affected component: Grizzly HTTP parsing logic. Root cause: improper handling of trailer headers in malformed ...

6.3CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 17 hours ago4 views

EUVD-2026-43603

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

9.1CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-51537

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

9.1CVSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday3 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00354EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday5 views

Important: Red Hat Security Advisory: openexr security update

An update for openexr is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.1CVSS6.4AI score0.00355EPSS
Exploits2References3
RedHat Linux
RedHat Linux
added yesterday5 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00354EPSS
Exploits1References5
Cvelist
Cvelist
added yesterday21 views

CVE-2026-51537

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-51537

EIPStackGroup OpENer 2.3.0 commit 76b95cf has an out-of-bounds read issue in Connection Manager handling of ForwardOpen requests when processing short malformed packets. An attacker can send a valid ENIP outer frame carrying a malformed CIP ForwardOpen/LargeForwardOpen request, causing the parser...

9.1CVSS6.1AI score
Exploits0References2
NVD
NVD
added 3 days ago6 views

CVE-2026-61448

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS0.00245EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-61448 Parse Server 9.0.0 Stored XSS via malformed Content-Type

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS0.00245EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61448 Parse Server 9.0.0 Stored XSS via malformed Content-Type

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS6AI score0.00245EPSS
Exploits0References4
CVE
CVE
added 3 days ago16 views

CVE-2026-61448

Parse Server is affected by a stored XSS in versions 9.0.0–9.9.9 (excluding 9.10.0-alpha.2) and 8.6.0x up to 8.6.83. When a file with an unrecognized extension is uploaded, the client-supplied Content-Type is kept. A malformed Content-Type (not valid type/subtype) can bypass fileUpload.fileExtens...

2.1CVSS6AI score0.00245EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago6 views

CVE-2026-59937

A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table...

7.5CVSS6AI score0.00345EPSS
Exploits0References7
CVE
CVE
added 4 days ago7 views

CVE-2026-40454

CVE-2026-40454 affects the Apache IoTDB C++ client. The issue is an out-of-bounds read caused by improper input validation in the TsBlock deserializer, which can crash the client when processing malformed server data. Affected ranges are IoTDB C++ client: 1.3.5–1.3.7 and 2.0.5–2.0.9; upgrading to...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

0.00278EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42706

An Improper Validation of Specified Quantity in Input vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS on MX Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service DoS. When a specific packet is received from device in the same broadcast...

7.1CVSS6AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42714

An Improper Validation of Syntactic Correctness of Input vulnerability in the SIP plugin of Juniper Networks Junos OS on MX Series with SPC3 and SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service DoS.If the SIP ALG is enabled on an affected device, the...

8.7CVSS5.9AI score0.00461EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago7 views

FreeBSD : Apache HttpClient -- misinterpret malformed authority component (fa0c03dd-7c3a-11f1-8dc2-dca632daf43b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fa0c03dd-7c3a-11f1-8dc2-dca632daf43b advisory. Apache Software Foundation reports: Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can...

5.3CVSS6.7AI score0.08665EPSS
Exploits1References3
NVD
NVD
added 5 days ago8 views

CVE-2026-57023

An Improper Validation of Specified Quantity in Input vulnerability in the TCP proxy plugin of Juniper Networks Junos OS on MX Series with SPC3, and SRX Series allows an unauthenticated, network-based attacker to cause a complete Denial of Service DoS. When TCP proxy is engaged in a flow session,...

8.7CVSS0.00461EPSS
Exploits0References1
Rows per page
Query Builder