Lucene search
K

6408 matches found

RedHat Linux
RedHat Linux
added yesterday5 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.2AI score0.03459EPSS
Exploits1References5
EUVD
EUVD
added yesterday6 views

EUVD-2026-43306

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS6.1AI score0.00239EPSS
Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-62143

A Server-Side Request Forgery SSRF protection bypass existed in the htmltomarkdown expansion module of misp-modules. The module attempts to prevent requests to loopback, private, link-local, and other restricted IP address ranges. However, IP addresses were compared against the blocked ranges...

8.3CVSS0.00239EPSS
Exploits0References1
CVE
CVE
added yesterday11 views

CVE-2026-62143

The CVE-2026-62143 issue affects the html_to_markdown expansion module of misp-modules. An SSRF protection bypass occurred because IPv4-mapped IPv6 addresses were not normalised before checking blocked IP ranges, allowing an authenticated attacker to supply addresses like http://[::ffff:127.0.0.1...

8.3CVSS6.1AI score0.00239EPSS
Exploits0References1
Fedora
Fedora
added 2 days ago7 views

[SECURITY] Fedora 44 Update: p11-kit-0.26.4-1.fc44

p11-kit provides a way to load and enumerate PKCS11 modules, as well as a standard configuration setup for installing PKCS11 modules in such a way that they're discoverable...

6.2CVSS6.1AI score0.00137EPSS
Exploits0
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42385

Path equivalence: vulnerability in Progress MOVEit Transfer File Upload modules. This issue affects MOVEit Transfer: before 2025.0.8, from 2025.1.0 before 2025.1.4...

3.5CVSS5.9AI score0.00311EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-60125 importModule function in MISP ignores per-organisation import module restrictions

MISP’s importModule path used getEnabledModule to resolve a single import module by name, but this lookup did not enforce the per-organisation module restriction checked by getEnabledModules. As a result, an authenticated user from an organisation that was not allowed to use a module restricted v...

5.3CVSS0.00207EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.7AI score0.03459EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 6 days ago9 views

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-427_100_1, kpatch-patch-5_14_0-427_113_1, kpatch-patch-5_14_0-427_126_1, kpatch-patch-5_14_0-427_68_2, and kpatch-patch-5_14_0-427_84_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS6AI score0.0049EPSS
Exploits0References4
Fedora
Fedora
added 6 days ago6 views

[SECURITY] Fedora 43 Update: perl-IO-Compress-2.221-1.fc43

This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 i.e. gzip and zip files/buffers. The following modules used to be distributed...

7.8CVSS5.9AI score0.00373EPSS
Exploits3
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56574

Name of the Vulnerable Software and Affected Versions MOVEit Transfer versions prior to 2025.0.8 MOVEit Transfer versions 2025.1.0 through 2025.1.3 Description Progress MOVEit Transfer contains a path equivalence issue within its File Upload modules. This flaw has been targeted by numerous...

9.8CVSS6AI score0.00311EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added last week7 views

CVE-2026-48956 Joomla! Core - [20260710] - Incorrect Access Control in com_modules

An improper access check allows users to display a list of modules in the frontend...

6.4CVSS6AI score0.00168EPSS
Exploits0References1
NVD
NVD
added last week10 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
Cvelist
Cvelist
added last week31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References4
EUVD
EUVD
added last week5 views

EUVD-2026-42054

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
CVE
CVE
added last week12 views

CVE-2026-23698

Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
CVE
CVE
added last week14 views

CVE-2011-10043

Technical details about CVE-2011-10043 are not publicly available in the provided documents. Monitor for updates from official advisories; no confirmed exploit vectors, affected products, or remediation details are included here.

9.8CVSS6.1AI score0.00429EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 9:16 p.m.4 views

DEBIAN-CVE-2026-50135

Hugo is a static site generator. From 0.123.0 to 0.161.1, a regression made RootMappingFs.statRoot use Stat follows symlinks instead of Lstat , so a direct resources.Get of a symlink pointing outside its mount returned the target's contents — letting a symlink planted in a local mount e.g. a...

5.5CVSS5.9AI score0.00275EPSS
Exploits0References1
NVD
NVD
added 2026/07/06 9:16 p.m.8 views

CVE-2026-14468

HashiCorp Terraform Enterprise contained an issue in its version control system VCS ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in ...

7.7CVSS0.00295EPSS
Exploits0References1
Rows per page
Query Builder