Lucene search
K

122 matches found

Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54775 CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service listening on a Kafka topic stops processing new records from that topic when KafkaTransportPump receives a null-value tombstone record, causing a persistent...

6.5CVSS0.00336EPSS
Exploits0References6
CVE
CVE
added 6 days ago16 views

CVE-2026-54775

Summary: CVE-2026-54775 affects CoreWCF.Kafka’s KafkaTransportPump. Before versions 1.8.1 and 1.9.1, a null-value tombstone (Kafka tombstone) on a topic causes the pump to halt, stopping processing of new records and potentially causing persistent endpoint denial of service for topics with produc...

6.5CVSS6AI score0.00336EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-57242 Foxit PDF Editor/Reader Page Use-After-Free Vulnerability

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42179

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago8 views

CVE-2026-57242

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51755

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description An issue exists where the HTTP Referer: header persists even after being explicitly cleared. Although passing NULL to CURLOPT REFERER is intended to suppress the header, the internal state is...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References35
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.8 views

CoreWCF: Kafka consume pump halts permanently on a Kafka tombstone (null-value record), causing persistent endpoint denial of service.

Impact A CoreWCF service is running and listening on a Kafka topic receiving a null-value record will stop processing new records from that topic. Preconditions The attacker has produce/write permission on a topic that CoreWCF is consuming from. If the broker permits anonymous publishes, no...

6.5CVSS5.9AI score0.00336EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51072

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service listening on a Kafka topic stops processing new records when the KafkaTransportPump receives a null-value tombstone record. A tombstone record is a...

6.5CVSS6AI score0.00336EPSS
Exploits0References12
OSV
OSV
added 2026/06/08 5:16 p.m.9 views

UBUNTU-CVE-2026-46284

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

5.5CVSS5.3AI score0.00121EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.43 views

CVE-2026-46284 mm/hugetlb: fix early boot crash on parameters without '=' separator

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

0.00121EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.20 views

PT-2026-47356

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A crash can occur during early boot if the kernel command line parameters hugepages, hugepagesz, or default hugepagesz are...

9.8CVSS5.2AI score0.03663EPSS
Exploits28References337
EUVD
EUVD
added 2026/05/27 8:19 p.m.10 views

EUVD-2026-32660

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, src/device.c passed the return values of udisksdrivegetserial, udisksdrivegetvendor, and udisksdrivegetmodel directly to strcmp without NULL checks. The GIO/UDisks API documentation states these...

4.6CVSS5.8AI score0.00178EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44110

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.8.7 Description In src/device.c, the return values of the functions udisks drive get serial, udisks drive get vendor, and udisks drive get model are passed directly to strcmp without NULL checks. According to...

4.6CVSS5.8AI score0.00178EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/16 11:21 p.m.28 views

CVE-2026-8723

Summary qs.stringify throws TypeError when called with arrayFormat: 'comma' and encodeValuesOnly: true on an array containing null or undefined. The throw is synchronous and not handled by any of qs's null-related options skipNulls, strictNullHandling. Details In the comma + encodeValuesOnly...

6.3CVSS5.9AI score0.00351EPSS
Exploits0
OSV
OSV
added 2026/04/06 2:49 p.m.2 views

BIT-PARSE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session upda...

5.4CVSS5.8AI score0.0021EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/01 5:4 p.m.7 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.4CVSS5.7AI score0.0021EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 12:3 a.m.3 views

GHSA-F6J3-W9V3-CQ22 Parse Server has a session field immutability bypass via falsy-value guard

Impact An authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the session update endpoint. This allows nullifying the session expiry, making the session valid indefinitely and bypassing configured session length...

5.3CVSS5.9AI score0.0021EPSS
Exploits0References7
NVD
NVD
added 2026/03/31 4:16 p.m.4 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.4CVSS0.0021EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/31 3:8 p.m.6 views

CVE-2026-34574 Parse Server: Session field immutability bypass via falsy-value guard

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/31 3:8 p.m.1 views

CVE-2026-34574

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.69 and 9.7.0-alpha.14, an authenticated user can bypass the immutability guard on session fields expiresAt, createdWith by sending a null value in a PUT request to the...

5.3CVSS5.7AI score0.0021EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder