Lucene search
K

102 matches found

CVE
CVE
added 6 days ago22 views

CVE-2026-55470

CVE-2026-55470 affects the DSTU2 module of HAPI FHIR (org.hl7.fhir.dstu2) where FHIRPathEngine.matches() still uses raw String.matches(sw) with no RegexTimeout, enabling unauthenticated attackers to trigger catastrophic regex backtracking and exhaust CPU. The issue is resolved by upgrading to 6.9...

7.5CVSS5.9AI score0.00354EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-55470 HAPI FHIR: DSTU2 FHIRPathEngine.matches() missing RegexTimeout protection allows ReDoS

HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to 6.9.10, the fix for CVE-2026-45367 incompletely patched the DSTU2 module, leaving FHIRPathEngine.matches in org.hl7.fhir.dstu2/utils/FHIRPathEngine.java to call raw String.matchessw...

7.5CVSS0.00354EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:53 a.m.8 views

CVE-2026-11833

Overview: A vulnerability has been found in FAST/TOOLS and CI Server. The web server may return a response containing the CI Server setting information. This information could be exploited by an attacker for other attacks. The affected products and versions are as follows: FAST/TOOLS Packages:...

8.2CVSS5.7AI score0.00217EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 6:47 p.m.6 views

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...

8.9CVSS6.1AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 6:44 a.m.13 views

USN-8417-1 tomcat9, tomcat10 vulnerabilities

It was discovered that Tomcat did not properly limit the size of WebDAV LOCK and PROPFIND request bodies. A remote attacker could use this issue to cause Tomcat to consume excessive memory, resulting in a denial of service. CVE-2026-41284 It was discovered that Tomcat incorrectly validated HTTP/2...

9.8CVSS7.7AI score0.01339EPSS
Exploits2References7
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in ModSecurity-Apache

ModSecurity is an open-source, cross-platform Web Application Firewall WAF engine for Apache, IIS, and Nginx. Versions prior to 2.9.10 contain a denial-of-service vulnerability similar to GHSA-859r-vvv8-rm8r/CVE-2025-47947. The sanitiseArg and sanitizeArg – it’s the same action, just a alias...

7.5CVSS7.7AI score0.00797EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/18 7:10 p.m.16 views

Microsoft Security Advisory CVE-2026-42899 – ASP.NET Core Denial of Service Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. Loop with unreachable exit...

7.5CVSS5.7AI score0.0243EPSS
Exploits0References5Affected Software12
Github Security Blog
Github Security Blog
added 2026/05/18 7:8 p.m.20 views

Microsoft Security Advisory CVE-2026-32175 – .NET Core Tampering Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A tampering vulnerability...

4.3CVSS5.8AI score0.00711EPSS
Exploits0References5Affected Software4
NVD
NVD
added 2026/05/12 6:17 p.m.15 views

CVE-2026-44183

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, TrustedNetworkAuthenticationHandler.ResolveClientIp parses the leftmost entry of the X-Forwarded-For header as the client IP. That entr...

9.8CVSS0.00222EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 5:33 p.m.39 views

CVE-2026-44184 Cleanuparr: Reflective CORS combined with trusted-network auth allows cross-origin admin API reads

Cleanuparr is a tool for automating the cleanup of unwanted or blocked files in Sonarr, Radarr, and supported download clients like qBittorrent. Prior to 2.9.10, Cleanuparr's global CORS policy reflects every request Origin and combines it with AllowCredentials. When DisableAuthForLocalAddresses ...

8CVSS0.0012EPSS
Exploits0References1
Atlassian
Atlassian
added 2026/05/11 11:29 p.m.22 views

DoS (Denial of Service) at postgresql dependency in Crucible Server

This High severity DoS Denial of Service vulnerability was introduced in version 4.9.0 of Crucible Server. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an unauthenticated attacker to cause a resource to...

7.5CVSS5.7AI score0.0077EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/04 6:10 p.m.64 views

CVE-2026-43964

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number...

3.7CVSS0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/04/20 6:16 p.m.7 views

CVE-2026-23757

GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...

5.4CVSS0.00141EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.10 views

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system developed by the American company Dell. It provides a horizontally scalable NAS solution through the PowerScale OneFS operating system. Vulnerabilities exist in Dell PowerScale OneFS versions 9.10.1.6 and earlier, as well as 9.13.0.0 and earlier. These...

4.4CVSS5.8AI score0.00159EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/18 6:31 p.m.6 views

EUVD-2026-12856

In the Linux kernel, the following vulnerability has been resolved: xfs: only call xfarray,blobdestroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid pointer, and be sure to null out that pointer afterwards. Note that this patch fixes a large number of...

5.7AI score0.00122EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/11 9:11 p.m.12 views

.NET Denial of Service Vulnerability

Microsoft Security Advisory CVE-2026-26130 – .NET Denial of Service Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to...

7.5CVSS6AI score0.02818EPSS
Exploits0References5Affected Software12
EUVD
EUVD
added 2026/03/04 3:30 p.m.3 views

EUVD-2026-9399

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

6.7CVSS6.1AI score0.00127EPSS
Exploits0References2
CVE
CVE
added 2026/03/04 12:41 p.m.15 views

CVE-2026-21426

CVE-2026-21426 affects Dell PowerScale OneFS prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1. The vulnerability is described as an execution with unnecessary privileges, allowing a high-privileged local attacker to cause denial of service, privilege escalation, and information disclosure...

6.7CVSS6.1AI score0.0013EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/04 7:37 a.m.7 views

CVE-2026-20801

Cleartext Transmission of Sensitive Information CWE-319 in a component used in the Gallagher Hanwha VMS and Gallagher NxWitness VMS integrations allows unprivileged users with local network access to view live video streams. This issue affects all versions of Gallagher NxWitness VMS integration...

5.6CVSS5.9AI score0.00102EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.9 views

PT-2026-22903

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect default permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to code execution, denial of service, elevation of...

6.7CVSS6AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder