Lucene search
K

855 matches found

RedHat Linux
RedHat Linux
โ€ขadded 6 days agoโ€ข4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
NVD
NVD
โ€ขadded 2026/07/07 10:16 a.m.โ€ข11 views

CVE-2026-49487

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS0.00664EPSS
Exploits0References3
OSV
OSV
โ€ขadded 2026/07/07 9:19 a.m.โ€ข4 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References6
EUVD
EUVD
โ€ขadded 2026/07/07 9:19 a.m.โ€ข5 views

EUVD-2026-42029

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

6.5CVSS6AI score0.00664EPSS
Exploits0References2
Cvelist
Cvelist
โ€ขadded 2026/07/07 9:19 a.m.โ€ข31 views

CVE-2026-49487 Apache Airflow: Task-instance API exposes secrets in deferred trigger kwargs

In Apache Airflow before 3.3.0, the REST API task-instance detail and list endpoints returned a deferred task's trigger kwargs without masking. When a deferred operator passed a secret for example a provider API key into its trigger, any authenticated user with DAG-scoped task-instance read acces...

0.00664EPSS
Exploits0References2
Fedora
Fedora
โ€ขadded 2026/07/04 12:51 a.m.โ€ข7 views

[SECURITY] Fedora 44 Update: leptonica-1.87.0-4.fc44

The library supports many operations that are useful on Document images Natural images Fundamental image processing and image analysis operations Rasterop aka bitblt Affine transforms scaling, translation, rotation, shear on images of arbitrary pixel depth Projective and bi-linear transforms Bina...

9.8CVSS6.8AI score0.01735EPSS
Exploits0
RedHat Linux
RedHat Linux
โ€ขadded 2026/07/02 12:3 a.m.โ€ข4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
NVD
NVD
โ€ขadded 2026/06/29 6:16 p.m.โ€ข11 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS0.00264EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
โ€ขadded 2026/06/29 5:16 p.m.โ€ข5 views

CVE-2026-56783

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References6
EUVD
EUVD
โ€ขadded 2026/06/29 5:16 p.m.โ€ข7 views

EUVD-2026-40159

Parseable before 2.9.2 contains an information disclosure vulnerability in the notification-target API endpoints that returns webhook tokens and basic-auth credentials in cleartext due to commented-out secret-masking functionality. Any authenticated user with the GetAlert action, including...

7.1CVSS5.8AI score0.00264EPSS
Exploits0References5
NVD
NVD
โ€ขadded 2026/06/25 8:17 p.m.โ€ข6 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS0.00263EPSS
Exploits0References2
OSV
OSV
โ€ขadded 2026/06/23 12:59 p.m.โ€ข11 views

JLSEC-2026-622 Predictable WebSocket masking key and handshake nonce in HTTP.jl client

Description The WebSocket client masking key wssendframe! and the Sec-WebSocket-Key handshake nonce wsrandomhandshakekey were generated with randUInt8, n, which draws from the task-local Xoshiro256++ PRNG. Xoshiro is not cryptographically secure: its internal state can be recovered from a short r...

5.9AI score
Exploits0References2
Fedora
Fedora
โ€ขadded 2026/06/23 1:9 a.m.โ€ข8 views

[SECURITY] Fedora 44 Update: thorvg-1.0.6-1.fc44

ThorVG is an open-source graphics library designed for creating vector-based scenes and animations. It combines immense power with remarkable lightweight efficiency, as Thor embodies a dual meaning=E2=80=94symbolizing both thundero us strength and lightning-fast agility. Embracing the philosophy ...

4.3CVSS5.8AI score0.00235EPSS
Exploits0
RedHat Linux
RedHat Linux
โ€ขadded 2026/06/17 11:5 p.m.โ€ข12 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.3AI score0.00573EPSS
Exploits0References7
RedHat Linux
RedHat Linux
โ€ขadded 2026/06/17 4:18 p.m.โ€ข11 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.4AI score0.00573EPSS
Exploits0References7
RedHat Linux
RedHat Linux
โ€ขadded 2026/06/17 3:45 p.m.โ€ข10 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.3AI score0.00573EPSS
Exploits0References7
Snyk
Snyk
โ€ขadded 2026/06/12 6:30 p.m.โ€ข7 views

Buffer Over-read

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Buffer Over-read via the websocketmask function in the speedups component. An attacker can trigger a read past the end of the mas...

6.3CVSS5.4AI score0.00027EPSS
Exploits0References2
RedhatCVE
RedhatCVE
โ€ขadded 2026/06/12 9:48 a.m.โ€ข19 views

CVE-2026-44249

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5AI score0.00573EPSS
Exploits0References6
OSV
OSV
โ€ขadded 2026/06/11 10:16 p.m.โ€ข9 views

UBUNTU-CVE-2026-44249

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

8.1CVSS5.3AI score0.00573EPSS
Exploits0References5
OSV
OSV
โ€ขadded 2026/06/11 8:46 p.m.โ€ข1 views

CVE-2026-44249 Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking

Netty is a network application framework for development of protocol servers and clients. In netty-handler prior to versions 4.1.135.Final and 4.2.15.Final, an attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo. Valid public IP addresses ca...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References15
Rows per page
Query Builder