Lucene search
K

19552 matches found

RedhatCVE
RedhatCVE
added 2026/06/19 3:29 a.m.9 views

CVE-2026-12049

A flaw was found in pgAdmin 4. This open redirect vulnerability exists in the multi-factor authentication MFA flow. An authenticated user could be tricked into clicking a specially crafted link, which would redirect them to an attacker-controlled website. This could increase the success rate of...

6.1CVSS5AI score0.00218EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/19 1:57 a.m.5 views

SUSE CVE-2026-12316

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

9.1CVSS5.8AI score0.00245EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/18 4:45 p.m.8 views

CVE-2026-42530

A flaw was found in the ngxhttpv3module module of NGINX. When NGINX is configured to use the HTTP/3 QUIC module, an attacker can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream and cause a use-after-free issue, potentially allowing code execution or a denial of service by...

9.2CVSS6.3AI score0.03225EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2026/06/18 3:2 p.m.9 views

CVE-2026-34356

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users. Mitigation To...

7.5CVSS5.5AI score0.00682EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/18 11:51 a.m.6 views

CVE-2026-9675

A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of...

7.5CVSS5.9AI score0.00426EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/18 8:50 a.m.17 views

CVE-2026-42507

A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...

5.3CVSS5.1AI score0.0037EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/17 11:20 p.m.6 views

CVE-2026-6733

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS4.9AI score0.00228EPSS
Exploits0References6
NVD
NVD
added 2026/06/17 11:17 p.m.12 views

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 11:14 p.m.7 views

CVE-2026-11525

A flaw was found in undici. When undici processes Set-Cookie headers, it incorrectly interprets the SameSite attribute, accepting partial matches instead of exact ones. This allows a malicious server to downgrade a cookie's SameSite policy to a less secure setting, potentially leading to unintend...

3.7CVSS4.9AI score0.00248EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/17 10:29 p.m.8 views

CVE-2026-48818

A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery SSRF. A remote attacker can exploit this by providing a specially crafted Universal Naming Convention UNC path, which causes the system to initia...

7.5CVSS5AI score0.00368EPSS
Exploits0References7
CVE
CVE
added 2026/06/17 9:44 p.m.24 views

CVE-2026-50200

The CVE affects Steeltoe’s Environment actuator sanitization for Steeltoe.Management.Endpoint <4.2.0 and Steeltoe.Management.EndpointCore <3.4.0. The Sanitizer uses a suffix-based key match list (default: password, secret, key, token, .credentials. , vcap_services) that does not cover Conne...

7.5CVSS5.3AI score0.00185EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 9:44 p.m.17 views

CVE-2026-50200 Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Management.Endpoint prior to version 4.2.0 and Steeltoe.Management.EndpointCore prior to version 3.4.0, the Sanitizer component in the Environment actuator...

7.5CVSS0.00185EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/17 8:23 p.m.7 views

CVE-2026-12315

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.1CVSS5.2AI score0.00251EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/17 8:23 p.m.7 views

CVE-2026-12302

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

6.5CVSS5.2AI score0.00248EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/17 5:14 p.m.19 views

CVE-2026-6733 undici vulnerable to HTTP response queue poisoning via keep-alive socket reuse

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS0.00228EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/17 3:49 p.m.7 views

CVE-2026-46448

A flaw was found in OpenStack Nova. The server creation application programming interface API fails to remove specific hint data, leading to instances being created without proper Placement allocation. This can result in a denial of service, as resources may not be correctly assigned or managed f...

8.5CVSS4.8AI score0.00272EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/06/17 3:44 p.m.7 views

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

8.1CVSS5.2AI score0.00372EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/17 3:24 p.m.10 views

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

8.1CVSS5.2AI score0.00372EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/17 3:11 p.m.9 views

CVE-2026-48776

A flaw was found in the LangGraph Python SDK. This vulnerability allows a remote attacker with low privileges to manipulate URL paths by providing unsanitized input. This could result in unintended access, modification, or deletion of resources, potentially compromising data confidentiality and...

9.1CVSS5.3AI score0.00216EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 2:37 p.m.8 views

firefox: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

8.1CVSS5.2AI score0.00372EPSS
Exploits0References6
Rows per page
Query Builder