Lucene search
+L

3231 matches found

NVD
NVD
added 2026/07/08 10:17 p.m.9 views

CVE-2026-54777

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF NetNamedPipe transport accepts attachment to a pre-existing named pipe instance, allowing local interception of NetNamedPipe traffic when an attacker races NamedPipeListen...

6.5CVSS0.00088EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 10:6 p.m.33 views

CVE-2026-54772 CoreWCF: Pre-authentication infinite-loop CPU exhaustion in CoreWCF net.tcp / net.pipe / net.uds framing handshake

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, an unauthenticated remote attacker that can reach a NetTcpBinding, NetNamedPipeBinding, or UnixDomainSocketBinding endpoint can trigger premature EOF handling in the CoreWCF...

7.5CVSS0.00476EPSS
Exploits0References6
CVE
CVE
added 2026/07/08 10:1 p.m.22 views

CVE-2026-54777

CoreWCF.NetNamedPipe transport is vulnerable to a local TOCTOU race where an attacker can race a NamedPipeListener between the shared-memory GUID publication and the creation of the service pipe, enabling interception of NetNamedPipe traffic by attaching to a pre-existing named pipe instance. Aff...

6.5CVSS6AI score0.00088EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 8:37 p.m.15 views

Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/08 8:37 p.m.2 views

MAL-2026-7021 Malicious code in @vite-js/ui (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 476576198de86a58304788ac79ac3c8ca21b5029d9e824e3ffab41f539146c3b Package @vite-js/ui impersonates the official vite package: package.json declares author 'Evan You', homepage 'https://vitejs.dev', ships an unmodifi...

6.3AI score
Exploits0References2
OSV
OSV
added 2026/07/06 5:55 a.m.6 views

BIT-MASTODON-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS6AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/07/04 1:16 p.m.9 views

CVE-2025-13475

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

7.3CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/04 12:49 p.m.8 views

EUVD-2025-210427

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/04 12:49 p.m.9 views

CVE-2025-13475

In multi-tenanted deployments, the application consent management mechanism fails to correctly isolate consent scopes between tenants. Consent granted by a user for a specific SaaS application within one tenant can be incorrectly applied to SaaS applications with the same name in other tenants,...

3.5CVSS5.9AI score0.00158EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/30 3:55 p.m.7 views

CVE-2026-58174

Hermes WebUI before 0.51.521 validates the workspace of an imported session under the active named profile but constructs the Session object without setting its profile in the /api/session/import handler, so the imported session is persisted with a null profile. Because a null profile is treated ...

6.5CVSS5.8AI score0.00265EPSS
Exploits0References6
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS0.0013EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.13 views

PT-2026-53735

Name of the Vulnerable Software and Affected Versions Matrix42 Empirum versions prior to 25.5 Matrix42 Empirum versions 26.x prior to 26.2 Description The PBackupVSS.exe component creates a named pipe at '.pipePBackupVSS' with a Discretionary Access Control List DACL that grants GENERIC READ and...

7.8CVSS6.2AI score0.0013EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 12:0 a.m.7 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS6.1AI score0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:0 a.m.7 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS6.1AI score0.0013EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 12:0 a.m.25 views

CVE-2026-57919

PBackupVSS.exe in Matrix42 Empirum before 25.5 and 26.x before 26.2 creates a named pipe \.\pipe\PBackupVSS with a DACL that grants GENERICREAD and GENERICWRITE permissions to all authenticated users. A low-privileged local attacker can connect to this pipe and send crafted IPC messages to trigge...

7.8CVSS0.0013EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/06/29 12:0 a.m.5 views

The vulnerability of the DNS request processing mechanism in the BIND DNS server’s named daemon allows a attacker to cause a service failure.

The vulnerability of the DNS request processing mechanism in the BIND DNS server’s named daemon is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS5.2AI score0.0181EPSS
Exploits0References6Affected Software5
CVE
CVE
added 2026/06/29 12:0 a.m.19 views

CVE-2026-57919

CVE-2026-57919 affects Matrix42 Empirum (pre-25.5 and pre-26.2). The issue: PBackupVSS.exe creates a named pipe (\.\pipe\PBackupVSS) with a permissive DACL granting GENERIC_READ/WRITE to all authenticated users, enabling a low-privileged, local attacker to connect and send crafted IPC messages to...

7.8CVSS6.1AI score0.0013EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 7:20 p.m.5 views

GHSA-CR2J-534F-MF3G Apptainer has incorrect path matching for 'limit container paths' directive

Impact The limit container paths directive in apptainer.conf is intended to allow a system administrator limit the paths from which containers can be run, under setuid mode. Due to incorrect matching of a path string, sibling directories with similar names may incorrectly be allowed. For example,...

4.8CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/24 7:40 p.m.4 views

CVE-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS6AI score0.00162EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 8:46 p.m.6 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview CoreWCF.NetNamedPipe is a port of the service side of Windows Communication Foundation WCF to .NET Core. The goal of this project is to enable existing WCF services to move to .NET Core. Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition v...

7.3CVSS5.9AI score0.00088EPSS
Exploits0References2
Rows per page
Query Builder