Lucene search
K

29 matches found

RedhatCVE
RedhatCVE
added 2026/05/04 6:29 a.m.8 views

CVE-2026-40974

A flaw was found in Spring Boot's Cassandra auto-configuration. This vulnerability allows an adjacent attacker to bypass hostname verification during SSL Secure Sockets Layer connection establishment to Cassandra. This could enable a man-in-the-middle attack, potentially leading to unauthorized...

9.8CVSS5.7AI score0.00182EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/01 11:1 p.m.4 views

CVE-2026-34525

A flaw was found in aiohttp, an asynchronous HTTP client/server framework for Python. This vulnerability allows a remote attacker to send multiple Host headers in a single request. This can lead to unexpected behavior, potentially bypassing security controls or causing cache poisoning, which may...

6.3CVSS5.8AI score0.00288EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/26 3:0 p.m.5 views

CVE-2026-27901

A flaw was found in svelte, a performance-oriented web framework. When rendering untrusted data as the initial value for bind:innerText and bind:textContent on contenteditable elements on the server, the contents were not properly escaped. This improper handling could allow a remote attacker to...

6.1CVSS5.8AI score0.00214EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/20 11:49 p.m.15 views

CVE-2026-27121

svelte is a performance oriented web framework. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious...

5.6CVSS5.8AI score0.00189EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/29 10:45 p.m.7 views

CVE-2026-25068

alsa-lib versions 1.2.2 up to and including 1.2.15.2, prior to commit 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without validating it...

4.6CVSS5.9AI score0.00191EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/27 10:27 p.m.6 views

CVE-2026-24515

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment,...

2.9CVSS5.8AI score0.0017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/22 3:7 a.m.4 views

CVE-2025-13878

A flaw was found in bind. A remote attacker can send a specially crafted request that results in a corrupt or malicious record, causing the 'named' service to crash. This vulnerability leads to a Denial of Service DoS for authoritative servers and resolvers. Mitigation Mitigation for this issue i...

7.5CVSS5.1AI score0.08219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/21 12:55 a.m.7 views

CVE-2025-59464

A resource consumption flaw has been discovered in NodeJS. A memory leak in Node.js’s OpenSSL integration occurs when converting X.509 certificate fields to UTF-8 without freeing the allocated buffer. When applications call socket.getPeerCertificatetrue, each certificate field leaks memory,...

7.5CVSS6.7AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/10 11:21 p.m.5 views

CVE-2025-66628

ImageMagick is a software suite to create, edit, compose, or convert bitmap images. In versions 7.1.2-9 and prior, the TIM PSX TIM image parser contains a critical integer overflow vulnerability in its ReadTIMImage function coders/tim.c. The code reads width and height 16-bit values from the file...

7.5CVSS6.7AI score0.00439EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/10/22 9:9 p.m.9 views

CVE-2025-11966

In Eclipse Vert.x versions 4.0.0, 4.5.21 and 5.0.0, 5.0.4, when "directory listing" is enabled, file and directory names are inserted into generated HTML without proper escaping in the href, title, and link attributes. An attacker who can create or rename files or directories within a served path...

4.9CVSS5.3AI score0.00265EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/09/05 12:24 p.m.5 views

CVE-2025-55305

A vulnerability has been identified in Electron where ASAR integrity validation can be bypassed through modification of application resources. An attacker with local write access to the application’s installation directory can tamper with files inside the resources folder, undermining the intende...

6.1CVSS6.4AI score0.00267EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2025/09/04 5:57 a.m.4 views

CVE-2025-9864

Use after free in V8 in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High Mitigation Mitigation for this issue is either not available or the currently available options don't meet the Re...

8.8CVSS6.5AI score0.00138EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/13 6:6 p.m.4 views

CVE-2025-55005

A heap-based buffer overflow flaw was found in ImageMagick. When preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This issue leads to corrupting memory beyond the end of the...

5.5CVSS7.5AI score0.00243EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/08/13 2:52 p.m.7 views

CVE-2025-48989

A flaw was found in Apache Tomcat where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream...

7.5CVSS7AI score0.03389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/06 2:32 p.m.5 views

CVE-2025-8419

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...

6.5CVSS6.3AI score0.00411EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/28 8:20 a.m.14 views

CVE-2024-58262

A flaw was found in curve25519-dalek. The crate’s implementation of constant-time operations on elliptic curve scalars lacks proper LLVM optimization, potentially revealing information about the scalar's bits. A local attacker can observe timing differences during scalar operations. This...

5.1CVSS5.7AI score0.00152EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/06/17 2:54 p.m.5 views

CVE-2025-49179

A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks. Mitigation Mitigation for this issue is either not available or the currently available...

7.3CVSS6.5AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/13 12:21 p.m.6 views

CVE-2025-6052

A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is already very large, combining it with more input can cause a hidden overflow in the size calculation. This makes the system think it has enough memory when it doesn’t. As a result, data may be writte...

7.5CVSS4AI score0.00419EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/11 9:33 p.m.6 views

CVE-2025-49146

A connection handling flaw was found in the pgjdbc connection driver in configurations that require channel binding. Connections created with authentication methods that should not allow channel binding permit connections to use channel binding. This flaw allows attackers to position themselves i...

8.2CVSS7.9AI score0.00461EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/06/10 1:39 p.m.5 views

CVE-2024-47081

A flaw was found in the Requests HTTP library. This vulnerability allows leakage of .netrc credentials to third parties via maliciously crafted URLs that exploit a URL parsing issue. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Re...

5.3CVSS5AI score0.00846EPSS
Exploits1References13
Rows per page
Query Builder