Lucene search
+L

133492 matches found

F5 Networks
F5 Networks
added 7 hours ago3 views

K000162310: Linux kernel vulnerability CVE-2026-46316

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgicitsinvalidatecache walks the per-ITS translation cache with xaforeach and drops the cache's reference on each...

9.3CVSS6.6AI score0.00202EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added yesterday5 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability (CVE-2026-10842)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by a security bypass vulnerability with the appSecurity-1.0, appSecurity-2.0 , appSecurity-3.0 or appSecurity-4.0 feature enabled. Vulnerability Details CVEID:CVE-2026-10842 DESCRIPTION: IBM WebSphere...

6.1AI score
Exploits0Affected Software1
OSV
OSV
added yesterday4 views

GHSA-VJ7Q-GJH5-988W MCP Python SDK: WebSocket server transport does not support Host/Origin validation

Summary In affected versions, the deprecated WebSocket server transport mcp.server.websocket.websocketserver accepted the WebSocket handshake without applying any Host or Origin header validation. The TransportSecuritySettings mechanism that the SSE and Streamable HTTP transports use for this...

7.6CVSS6AI score0.00181EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added yesterday8 views

MCP Python SDK: WebSocket server transport does not support Host/Origin validation

Summary In affected versions, the deprecated WebSocket server transport mcp.server.websocket.websocketserver accepted the WebSocket handshake without applying any Host or Origin header validation. The TransportSecuritySettings mechanism that the SSE and Streamable HTTP transports use for this...

7.6CVSS6AI score0.00181EPSS
Exploits0References6Affected Software1
OSV
OSV
added yesterday4 views

GHSA-48QW-824M-86PR ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read

Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...

7.7CVSS6.4AI score
Exploits0References3
Github Security Blog
Github Security Blog
added yesterday6 views

ArcadeDB: Privilege escalation via reader role in /api/v1/command JS scripting language — arbitrary host file read

Impact A user holding only reader read-only privileges on a single database could execute arbitrary JVM code by sending a "language": "js" command to the POST /api/v1/command/database HTTP endpoint, and use it to read arbitrary files on the host filesystem e.g. /etc/passwd, configuration files,...

6.4AI score
Exploits0References3Affected Software1
OSV
OSV
added yesterday3 views

GHSA-5RG2-XV9J-GV5P nimiq-primitives: Out-of-bounds panic in KeyNibbles::Add from oversized child suffix in a deserialized proof

Impact A malicious peer acting as a state-sync source can crash a syncing node with a crafted TrieChunk whose proof contains a TrieNodeChild whose suffix, when concatenated with the parent key via KeyNibbles::Add, exceeds the fixed 63-byte backing array. Add primitives/src/keynibbles.rs:332 / :34...

3.7CVSS6.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday5 views

nimiq-primitives: Out-of-bounds panic in KeyNibbles::Add from oversized child suffix in a deserialized proof

Impact A malicious peer acting as a state-sync source can crash a syncing node with a crafted TrieChunk whose proof contains a TrieNodeChild whose suffix, when concatenated with the parent key via KeyNibbles::Add, exceeds the fixed 63-byte backing array. Add primitives/src/keynibbles.rs:332 / :34...

6.1AI score
Exploits0References5Affected Software1
OSV
OSV
added yesterday4 views

GHSA-46WQ-28CX-MHW4 nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys

Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...

3.7CVSS6.2AI score
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday6 views

nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys

Impact A malicious peer acting as a state-sync source can crash a syncing node by sending a crafted TrieChunk whose proof contains two TrieProofNodes with identical keys. TrieProof::verify calls TrieProofNode::childindex primitives/src/trie/trieproofnode.rs:94, which unconditionally unwraps...

6.2AI score
Exploits0References5Affected Software1
OSV
OSV
added yesterday3 views

GHSA-WPCJ-RMV4-86QG Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container

Summary Nuclio Dashboard exposes POST /api/functions without authentication by default NOP auth mode. The spec.handler field e.g., mymodule:myfunction is parsed by functionconfig.ParseHandler which splits on : only — no path validation is applied to the module portion. During function build,...

4.9CVSS6.3AI score
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday6 views

Nuclio: Unauthenticated path traversal in spec.handler allows arbitrary file write in Dashboard container

Summary Nuclio Dashboard exposes POST /api/functions without authentication by default NOP auth mode. The spec.handler field e.g., mymodule:myfunction is parsed by functionconfig.ParseHandler which splits on : only — no path validation is applied to the module portion. During function build,...

6.3AI score
Exploits0References5Affected Software1
OSV
OSV
added yesterday4 views

GHSA-3V79-M2CG-89WW Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

8CVSS6.5AI score
Exploits0References5
Github Security Blog
Github Security Blog
added yesterday6 views

Nuclio: Unsanitized runtimeAttributes.repositories injected into Groovy build.gradle leads to build-time RCE

Summary Nuclio's Java runtime generates a build.gradle file during function builds using Go's text/template package. The template renders runtimeAttributes.repositories values with the . action, which performs no escaping. An attacker can embed a closing brace to break out of the repositories blo...

6.5AI score
Exploits0References5Affected Software1
OSV
OSV
added yesterday4 views

GHSA-H7PQ-86H8-RP5X Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Controller has egress to attacker-controlled OCI registry - No registry allowlist none exists in code - Layer presents Docker/OCI...

6.5CVSS6.1AI score0.00044EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday6 views

Envoy Gateway: OCI layer extraction allocates make([]byte, h.Size) from untrusted tar header

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Controller has egress to attacker-controlled OCI registry - No registry allowlist none exists in code - Layer presents Docker/OCI...

6.1AI score0.00044EPSS
Exploits0References2Affected Software1
OSV
OSV
added yesterday3 views

GHSA-CXPQ-8V7Q-CG56 Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset optional field; check is post-decompression anyway - No operator...

6.5CVSS6.2AI score0.00044EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added yesterday7 views

Envoy Gateway: Wasm HTTP fetch decompresses gzip without output-size limit

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant can create EnvoyExtensionPolicy baseline - Attacker hosts a gzip-bomb at a reachable URL - sha256 unset optional field; check is post-decompression anyway - No operator...

6.2AI score0.00044EPSS
Exploits0References2Affected Software1
SUSE Linux
SUSE Linux
added yesterday2 views

Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.119. Security issues fixed: CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example bsc1269791. CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused...

6.9CVSS5.5AI score0.02569EPSS
Exploits1References24
SUSE Linux
SUSE Linux
added yesterday2 views

Security update for tomcat11

This update for tomcat11 fixes the following issues Update to Tomcat 11.0.23. Security issues fixed: CVE-2026-50229: improper neutralization of script-related HTML tags in the number guess example bsc1269791. CVE-2026-53404: always-incorrect control flow implementation in the rewrite valve caused...

6.9CVSS5.6AI score0.02569EPSS
Exploits1References26
Rows per page
Query Builder