Lucene search
K

27 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/15 12:0 a.m.8 views

Arista Networks EOS Tunnel Decapsulation Improper Validation (SA0137)

On affected platforms running Arista EOS where a tunnel decapsulation configuration - such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface - is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packets wit...

6.9CVSS6.1AI score0.00836EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.10 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS5.4AI score0.00444EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/28 3:18 p.m.5 views

EUVD-2026-26065

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS5.3AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/28 3:18 p.m.28 views

CVE-2026-41873 Pony Mail: Admin account takeover via request smuggling

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

0.00444EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.5 views

PT-2026-35747

Name of the Vulnerable Software and Affected Versions Pony Mail Lua implementation affected versions not specified Description Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a...

9.8CVSS5.8AI score0.00444EPSS
Exploits0References10
Snyk
Snyk
added 2026/04/18 1:5 a.m.4 views

Allocation of Resources Without Limits or Throttling

Overview OpenTelemetry.Exporter.Jaeger is a Jaeger exporter for OpenTelemetry .NET Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the span and tag conversion. An attacker can drive sustained memory pressure and denial of service by...

8.2CVSS5.7AI score0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/03 3:30 p.m.6 views

EUVD-2026-18653

UNSUPPORTED WHEN ASSIGNED Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued...

4.3CVSS5.9AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 2026/02/23 10:16 p.m.3 views

CVE-2026-3040

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

7.2CVSS5.5AI score0.09102EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/23 10:2 p.m.27 views

CVE-2026-3040 DrayTek Vigor 300B Web Management uploadlangs cgiGetFile os command injection

A vulnerability was identified in DrayTek Vigor 300B up to 1.5.1.6. This affects the function cgiGetFile of the file /cgi-bin/mainfunction.cgi/uploadlangs of the component Web Management Interface. The manipulation of the argument File leads to os command injection. The attack may be initiated...

5.8CVSS0.09102EPSS
Exploits1References4
EUVD
EUVD
added 2026/01/26 11:29 a.m.6 views

EUVD-2016-10802

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/26 11:29 a.m.6 views

CVE-2016-15057

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands on the...

9.9CVSS5.9AI score0.03732EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:36 a.m.10 views

CVE-2024-34365

UNSUPPORTED WHEN ASSIGNED Improper Input Validation vulnerability in Apache Karaf Cave.This issue affects all versions of Apache Karaf Cave. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to th...

9.1CVSS6.7AI score0.01161EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/09 12:23 a.m.3 views

SUSE CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

7.5CVSS6.9AI score0.00672EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/16 9:30 a.m.6 views

Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

7.5CVSS6.8AI score0.00672EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/10/16 9:15 a.m.4 views

CVE-2025-61581

UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...

7.5CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2025/10/16 8:40 a.m.16 views

CVE-2025-61581

CVE-2025-61581 describes an Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control affecting all versions. The description states that users with access to the Traffic Router management interface could supply malicious patterns, potentially causing unavailability. The p...

7.5CVSS6.5AI score0.00672EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/18 12:0 a.m.5 views

PT-2025-33693 · Apache +1 · Apache Commons Ognl +1

Name of the Vulnerable Software and Affected Versions: Apache Commons OGNL affected versions not specified Description: An improper neutralization of expression/command delimiters issue exists in Apache Commons OGNL. The OGNL engine, when used with the Ognl.getValue API, parses and evaluates...

8.8CVSS7AI score0.0052EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2025/07/30 11:21 p.m.2 views

SUSE CVE-2025-54656

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

6.5CVSS7.8AI score0.00561EPSS
Exploits0References3
OSV
OSV
added 2025/07/30 6:31 p.m.2 views

GHSA-CX25-XG7C-XFM5 Apache Struts Extras Before 2 has an Improper Output Neutralization for Logs Vulnerability

UNSUPPORTED WHEN ASSIGNED Improper Output Neutralization for Logs vulnerability in Apache Struts. This issue affects Apache Struts Extras: before 2. When using LookupDispatchAction, in some cases, Struts may print untrusted input to the logs without any filtering. Specially-crafted input may lead...

6.5CVSS7.1AI score0.00561EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 10:44 a.m.7 views

CVE-2024-36264

UNSUPPORTED WHEN ASSIGNED Improper Authentication vulnerability in Apache Submarine Commons Utils. If the user doesn't explicitly set submarine.auth.default.secret, a default value will be used. This issue affects Apache Submarine Commons Utils: from 0.8.0. As this project is retired, we do not...

9.8CVSS6.8AI score0.01008EPSS
Exploits0
Rows per page
Query Builder