Lucene search
+L

16 matches found

RedHat Linux
RedHat Linux
added 3 days ago6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/06 2:47 p.m.9 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 9:56 p.m.16 views

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in Apache Kafka (CVE-2026-35554)

Summary A vulnerability in Apache Kafka that is used by InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2026-33558 DESCRIPTION: Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and response...

8.7CVSS5.8AI score0.00535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/19 2:17 p.m.8 views

Security Bulletin: IBM WebSphere Automation is vulnerable to CVE-2026-35554 which affects the kakfa client library

Summary IBM WebSphere Automation is vulnerable to CVE-2026-35554, which causes a race condition in the Apache Kafka Java producer client's buffer pool management which can cause messages to be silently delivered to incorrect topics. Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race...

8.7CVSS6AI score0.00328EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/05/13 8:27 a.m.1 views

CVE-2026-5773 wrong reuse of SMB connection

libcurl might in some circumstances reuse the wrong connection for SMBS transfers. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of criteria must be met. Due to a logical error in the...

7.5CVSS7AI score0.00549EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/04/23 1:23 a.m.7 views

SUSE CVE-2026-35554

A race condition in the Apache Kafka Java producer client's buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch's ByteBuffer is...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

Apache Kafka 安全漏洞

Apache Kafka is an open-source distributed streaming platform developed by the Apache Foundation in the United States. This platform enables the acquisition of real-time data, allowing for the creation of applications that can respond in real time to changes in data streams. There are security...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30827

Name of the Vulnerable Software and Affected Versions Apache Kafka versions 3.9.1 and earlier, 4.0.1 and earlier, and 4.1.1 and earlier Description A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References81
Cvelist
Cvelist
added 2025/11/04 8:48 p.m.9 views

CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

5.4CVSS0.00149EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/29 10:43 a.m.3 views

EUVD-2025-36636

NextAuthjs Email misdelivery Vulnerability...

6.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/29 10:43 a.m.31 views

NextAuthjs Email misdelivery Vulnerability

Summary NextAuth.js's email sign-in can be forced to deliver authentication emails to an attacker-controlled mailbox due to a bug in nodemailer's address parser used by the project fixed in nodemailer v7.0.7. A crafted input such as: "[email protected]"@victim.com is parsed incorrectly and results i...

6.9AI score
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/29 10:43 a.m.8 views

GHSA-5JPX-9HW9-2FX4 NextAuthjs Email misdelivery Vulnerability

Summary NextAuth.js's email sign-in can be forced to deliver authentication emails to an attacker-controlled mailbox due to a bug in nodemailer's address parser used by the project fixed in nodemailer v7.0.7. A crafted input such as: "[email protected]"@victim.com is parsed incorrectly and results i...

8.3CVSS5.9AI score
Exploits0References4
CNNVD
CNNVD
added 2025/05/09 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly resetting the IRTE, which could result in interrupt misdelivery...

7.8CVSS6.5AI score0.00259EPSS
Exploits0References7
NVD
NVD
added 2025/05/08 8:15 p.m.14 views

CVE-2024-9448

On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if th...

7.5CVSS0.00485EPSS
Exploits0References1
OSV
OSV
added 2020/05/22 3:15 p.m.1 views

DEBIAN-CVE-2020-11077

In Puma RubyGem before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the firs...

7.5CVSS6.2AI score0.02806EPSS
Exploits0References1
Qualys Blog
Qualys Blog
added 2020/05/20 6:5 p.m.35 views

Verizon Data Breach Investigations Report 2020

One of the most respected publications in cybersecurity is the Verizon Data Breach Investigations Report DBIR, analyzing over 150,000 incidents and providing a comprehensive analysis covering the 32,002 incidents and 3950 breaches that meet Verizon's quality standards. I liked very much how they...

0.4AI score
Exploits0
Rows per page
Query Builder