Lucene search
K

4145 matches found

RedHat Linux
RedHat Linux
added yesterday2 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday2 views

foreman: Foreman: Information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.7AI score
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday3 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
Cvelist
Cvelist
added yesterday5 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS
Exploits0References6
Vulnrichment
Vulnrichment
added yesterday3 views

CVE-2026-5138 Foreman: foreman: information disclosure via improper validation of nested request parameters

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score
Exploits0References4
EUVD
EUVD
added yesterday5 views

EUVD-2026-41003

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score
Exploits0References4
Nuclei
Nuclei
added yesterday11 views

Mongoose - NoSQL Injection

NoSQL injection vulnerability in Mongoose 8.9.5 affecting the populate function's match option. This vulnerability exists due to an incomplete fix for CVE-2024-53900. While direct $where injection is blocked, attackers can bypass this protection by nesting $where operators within logical operator...

9.8CVSS7.8AI score0.07025EPSS
Exploits3References4
SUSE CVE
SUSE CVE
added yesterday5 views

SUSE CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References3
NVD
NVD
added yesterday7 views

CVE-2026-54592

Oj Optimized JSON is a JSON parser and Object marshaller packaged as a Ruby gem. In versions prior to 3.17.3, Oj::Doceachchild, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process, leading to DoS. In a two-step chain in...

7.5CVSS0.00263EPSS
Exploits0References1
CVE
CVE
added 2 days ago21 views

CVE-2026-54592

The CVE-2026-54592 vulnerability affects Oj (Optimized JSON), a Ruby gem JSON parser/marshaller. In versions prior to 3.17.3, Oj::Doc#each_child can overflow a fixed-size stack buffer when recursively traversing deeply nested JSON, causing a DoS. The issue arises from a two-step chain in ext/oj/f...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-50193

A flaw was found in jackson-databind, a general-purpose data-binding library for Jackson Data Processor. A remote attacker can exploit this vulnerability by sending deeply nested JSON JavaScript Object Notation data to a service that reads and processes it. This can lead to a Denial of Service Do...

7.5CVSS5.7AI score0.00616EPSS
Exploits1References6
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40379

IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 could allow an adjacent attacker to cause a denial of service due to improper validation in the XDF decoder. The application processes deeply nested Protocol Buffers messages and attacker-controlled length prefixes without sufficient bounds...

6.5CVSS5.8AI score0.00269EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2 days ago3 views

CVE-2026-58016

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

9.1CVSS5.8AI score0.00339EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2 days ago6 views

CVE-2026-58016 Glib: integer underflow in gio/gdbusintrospection.c via "g_dbus_node_info_new_for_xml"

A flaw was found in GLib. A state confusion issue exists in gdbusnodeinfonewforxml in the gio/gdbusintrospection.c file when processing malformed D-Bus introspection XML, specifically with a element nested within other elements like , , or . This issue can cause an unsigned integer overflow and...

7.5CVSS5.8AI score0.00339EPSS
Exploits1References3
CVE
CVE
added 2 days ago9 views

CVE-2026-57081

CVE-2026-57081 affects Net::BitTorrent for Perl up to version 2.0.1. The root cause is unbounded recursion in the bdecode decoder: each nested list/dictionary level causes a recursive call that copies the remaining input buffer, producing O(N^2) memory growth for deeply nested inputs. In practice...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago4 views

CVE-2026-57081

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
Cvelist
Cvelist
added 2 days ago27 views

CVE-2026-57081 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

0.00263EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40290

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches captu...

7.5CVSS6AI score0.00263EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-13757

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2 days ago2 views

UBUNTU-CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.0012EPSS
Exploits0References3
Rows per page
Query Builder