Lucene search
K

4926 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-61448

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS0.00245EPSS
Exploits0References2
CVE
CVE
added 3 days ago15 views

CVE-2026-61448

Parse Server is affected by a stored XSS in versions 9.0.0–9.9.9 (excluding 9.10.0-alpha.2) and 8.6.0x up to 8.6.83. When a file with an unrecognized extension is uploaded, the client-supplied Content-Type is kept. A malformed Content-Type (not valid type/subtype) can bypass fileUpload.fileExtens...

2.1CVSS6AI score0.00245EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-43183

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS6AI score0.00245EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-61448 Parse Server 9.0.0 Stored XSS via malformed Content-Type

Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...

2.1CVSS6AI score0.00245EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-57441

Name of the Vulnerable Software and Affected Versions Parse Server versions 9.0.0 through 9.10.0-alpha.1 Parse Server versions 8.x through 8.6.83 Description A stored cross-site scripting XSS issue exists when the software fails to recognize an uploaded file's extension via the mime package,...

2.1CVSS6AI score0.00245EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42435

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References2
Amazon
Amazon
added 6 days ago4 views

Medium: nerdctl

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Important: docker

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS7.5AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago4 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Medium: containerd

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS6.9AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago5 views

Important: ecs-init

Issue Overview: Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt ...

9.6CVSS7AI score0.00939EPSS
Exploits0
Amazon
Amazon
added 6 days ago6 views

Important: docker

Issue Overview: x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically bas...

7.5CVSS7.5AI score0.00939EPSS
Exploits0
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-42504

A flaw was found in the Golang MIME Multipurpose Internet Mail Extensions package. A remote attacker could exploit this vulnerability by sending a maliciously-crafted MIME header containing many invalid encoded-words. This could lead to excessive CPU consumption, resulting in a Denial of Service...

7.5CVSS7.1AI score0.0056EPSS
Exploits0References7
OSV
OSV
added 2026/07/06 6:26 a.m.4 views

OESA-2026-2812 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: Out-of-bounds Read vulnerability in Apache HTTP Server with modheaders and modmime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67.CVE-2026-43951...

6.5CVSS5.9AI score0.00525EPSS
Exploits0References2
OSV
OSV
added 2026/07/01 5:21 p.m.5 views

DRUPAL-CONTRIB-2026-066

The Canvas module allow you to upload image files via a custom API. The validation rules check the file extension of the uploaded file but not the file MIME type. This may allow a malicious user to upload a file that is not an image. Certain web-server configurations may serve the uploaded file...

6.1CVSS5.5AI score0.00204EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 9:31 a.m.2 views

httpd: Apache HTTP Server: Out-of-bounds Read in mod_headers and mod_mime

A flaw was found in Apache HTTP Server. An out-of-bounds read vulnerability exists when modheaders and modmime are used with multiple response languages. This could allow a remote attacker to disclose sensitive information from memory or cause a denial of service...

6.5CVSS5.9AI score0.00525EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 6:16 p.m.12 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

9.1CVSS0.00294EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 4:35 p.m.6 views

EUVD-2026-39480

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2023 : golist (ALAS2023-2026-1874)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1874 advisory. x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, . to execute repeatedly on the same...

7.5CVSS6.2AI score0.00939EPSS
Exploits0References8
Rows per page
Query Builder