Lucene search
K

17 matches found

RedHat Linux
RedHat Linux
added 3 days ago5 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
CVE
CVE
added 2026/06/18 8:47 p.m.25 views

CVE-2026-46699

CVE-2026-46699 affects the conda-smithy tool. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories due to using mutable GitHub usernames as identifiers for repository invitation routing, instead of stable GitHu...

7.6CVSS5.3AI score0.00201EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 1:13 a.m.6 views

Improper Validation of Specified Quantity in Input

Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input in the retrytopic-attempts header. An attacker can manipulate retry routing and backoff behavior by sending crafted headers with out-of-range attempt counts. Remediation Upgrade...

7.1CVSS5.3AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 12:0 a.m.9 views

CVE-2026-37235

FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...

5.8AI score0.0057EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/01 12:0 a.m.32 views

CVE-2026-37235

FlexRIC v2.0.0 trusts the xappid field from E42 message payloads without binding it to the sender's SCTP association. The validation function validxappid only checks that the value is within the assigned range. A remote unauthenticated attacker can impersonate any xApp by specifying their xappid ...

0.0057EPSS
Exploits1References2
OSV
OSV
added 2026/05/20 1:22 a.m.7 views

MAL-2026-4643 Malicious code in polymarket-clob-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7e0a3a7bbeb25fb478d59cdd4b62ebb34c13e8e236505813660e81abf61e74ec The package is published as polymarket-clob-client, an unscoped lookalike of the legitimate @polymarket/clob-client maintained by Polymarket, but the...

5.9AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/07 3:30 p.m.8 views

Apache Kafka Clients: Kafka Producer Message Corruption and Misrouting via Buffer Pool Race Condition

A race condition in the Apache Kafka Java producer client’s buffer pool management can cause messages to be silently delivered to incorrect topics. When a produce batch expires due to delivery.timeout.ms while a network request containing that batch is still in flight, the batch’s ByteBuffer is...

8.7CVSS5.9AI score0.00328EPSS
Exploits0References11Affected Software1
CVE
CVE
added 2026/04/07 1:7 p.m.48 views

CVE-2026-35554

Summary of CVE-2026-35554 : A race condition in the Apache Kafka Java producer client’s buffer pool management can cause message corruption and misrouting. When a produce batch expires due to delivery timeout while its network request is in flight, the batch ByteBuffer may be deallocated early an...

8.7CVSS6.1AI score0.00328EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/23 12:0 a.m.9 views

Linux Kernel Security Vulnerabilities

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by a leak in connection tracking in the wrong path, which may lead to reference counting issues...

5.5CVSS6AI score0.00114EPSS
Exploits0References8
Snyk
Snyk
added 2026/01/09 6:56 p.m.5 views

Improper Validation of Syntactic Correctness of Input

Overview Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the region input field. An attacker can cause AWS API calls to be routed to unintended or non-existent hosts by supplying an invalid value. Remediation Upgrade AWSSDK.Core to...

6.3CVSS6.8AI score0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/10 7:22 p.m.6 views

CVE-2025-9613

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

6.5CVSS7AI score0.00205EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.7 views

PT-2025-50218

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

7AI score0.00205EPSS
Exploits0References4
NVD
NVD
added 2025/11/14 8:15 p.m.7 views

CVE-2025-13033

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

7.5CVSS0.00509EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/04/01 12:0 a.m.6 views

Apache ActiveMQ Artemis 安全漏洞

Apache ActiveMQ Artemis is a high-performance open source messaging agent from the Apache Foundation USA. A security vulnerability exists in Apache ActiveMQ Artemis versions 2.0.0 through 2.39.0, which stems from the ability of a user with createDurableQueue or createNonDurableQueue permissions t...

4.3CVSS4.8AI score0.0058EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.7 views

PT-2025-4786 · Github · Github Desktop

Name of the Vulnerable Software and Affected Versions: GitHub Desktop versions prior to 3.4.12 Description: An attacker can access a user's credentials by convincing them to clone a repository directly or through a submodule using a maliciously crafted remote URL. GitHub Desktop relies on Git for...

6.6CVSS9.4AI score0.00747EPSS
Exploits0References12
CNNVD
CNNVD
added 2022/03/09 12:0 a.m.2 views

ISC BIND 环境问题漏洞

ISC BIND is a set of open source software from ISC that implements the DNS protocol. ISC BIND is vulnerable to an input validation error, which could be exploited by an attacker to cause a query to the wrong server, returning an error message to the client...

6.8CVSS5.6AI score0.0325EPSS
Exploits0References31
RedhatCVE
RedhatCVE
added 2021/05/11 8:55 p.m.27 views

CVE-2021-25736

A flaw was found in the Windows kube-proxy component. In a cloud environment that does not set the “.status.loadBalancer.ingress.ip” field in the LoadBalancer service status configuration for example in AWS the packets can be misrouted and reach an unintended destination...

6.3CVSS3.1AI score0.00908EPSS
Exploits0References4
Rows per page
Query Builder