Lucene search
K

25 matches found

RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-14362

A flaw was found in HashiCorp memberlist. An attacker with network access to the gossip port could exploit a vulnerability in the push/pull state handling. This could lead to memory exhaustion on a receiving node, causing the process to terminate. This flaw results in a Denial of Service DoS...

7.5CVSS5.9AI score0.00251EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added last week3 views

Security Bulletin: Denial of service via crafted push/pull gossip message in memberlist

Summary HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-1436...

4.9CVSS5.9AI score0.00251EPSS
Exploits0Affected Software1
NVD
NVD
added last week7 views

CVE-2026-14362

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS0.00251EPSS
Exploits0References1
OSV
OSV
added last week3 views

CVE-2026-14362 Denial of service via crafted push/pull gossip message in memberlist

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS6.1AI score0.00251EPSS
Exploits0References4
Cvelist
Cvelist
added last week33 views

CVE-2026-14362 Denial of service via crafted push/pull gossip message in memberlist

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS0.00251EPSS
Exploits0References1
EUVD
EUVD
added last week5 views

EUVD-2026-42342

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS6AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-14362

HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-14362 is fix...

4.9CVSS6AI score0.00251EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week10 views

CVE-2026-14362

The CVE-2026-14362 entry applies to HashiCorp’s memberlist prior to version 0.6.0. The vulnerability resides in the push/pull gossip state handling, allowing an attacker with network access to the gossip port to exhaust memory on a receiving node, leading to process termination. Impact is a denia...

4.9CVSS6AI score0.00251EPSS
Exploits0References1
HashiCorp Security Advisories
HashiCorp Security Advisories
added last week8 views

Memberlist vulnerable to denial of service via gossip message

Summary HashiCorp memberlist before version 0.6.0 is vulnerable to a denial-of-service issue in its push/pull state handling that may allow an attacker with network access to the gossip port to exhaust memory on a receiving node and cause the process to terminate. This vulnerability CVE-2026-1436...

4.9CVSS6.1AI score0.00251EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/04/10 2:16 a.m.7 views

CVE-2026-1263

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS0.00277EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/10 1:24 a.m.8 views

EUVD-2026-21248

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS6.1AI score0.00277EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/10 1:24 a.m.8 views

CVE-2026-1263

The Webling plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 3.9.0 due to insufficient input sanitization, insufficient output escaping, and missing capabilities checks in the 'weblingadminsaveform' and 'weblingadminsavememberlist' functions...

6.4CVSS6.1AI score0.00277EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/26 2:16 p.m.3 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.9AI score0.00249EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/26 1:36 p.m.6 views

CVE-2026-33413

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

8.8CVSS5.8AI score0.00249EPSS
Exploits0References2Affected Software1
Openbugbounty
Openbugbounty
added 2017/10/05 5:7 p.m.12 views

hispanicchamberflorida.org XSS vulnerability

Vulnerable URL: http://www.hispanicchamberflorida.org/memberlist.php?category=13'"73 Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 11494151 VIP website status:| No Coordinated Disclosure Timeline: Description|...

6.3AI score
Exploits0
Prion
Prion
added 2014/07/25 7:55 p.m.21 views

Sql injection

SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteriastartswith parameter to ajax/render/memberlistitems...

7.5CVSS9.1AI score0.0135EPSS
Exploits1References4Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

MyBB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/13827/info MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2010/02/24 12:0 a.m.16 views

ShortCMS 1.11F(B) (con) - SQL Injection

ShortCMS 1.11FB con - SQL Injection ShortCMS v. 1.11FB con SQL Injection Vulnerability Author : Gamoscu Homepage : http://www.1923turk.com Blog : http://gamoscu.wordpress.com/ Script : ShortCMS Download : http://www.shortcms.de/index.php?dwnldct Vulnerable File printview.php?func=con&pvid= SQL Xp...

0.2AI score
Exploits0
Prion
Prion
added 2009/12/30 8:0 p.m.19 views

Deserialization of untrusted data

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...

4CVSS7AI score0.01657EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2009/12/30 7:0 p.m.26 views

CVE-2009-4467

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...

6.5AI score0.01657EPSS
Exploits2References3
Rows per page
Query Builder