Lucene search
K

548 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42873

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2 days ago6 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
RedHat Linux
RedHat Linux
added 4 days ago3 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7AI score0.00606EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 8:40 p.m.4 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-22331

Unauthenticated Local File Inclusion in AutoParts = 1.5.8 versions...

8.1CVSS0.00363EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 6:43 a.m.6 views

MGASA-2026-0216 Updated python-tornado packages fix security vulnerabilities

Tornado has a DoS due to too many multipart parts. CVE-2026-31958 In Tornado, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.setcookie were not checked for crafted characters. CVE-2026-35536...

8.7CVSS5.3AI score0.00375EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 4:45 a.m.13 views

EUVD-2026-36693

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS8.2AI score0.00371EPSS
Exploits0References5
OSV
OSV
added 2026/06/09 7:25 p.m.8 views

MINI-CR67-2PPM-VRF2

Bulletin has no description...

7.5CVSS5.2AI score0.00341EPSS
Exploits0
OSV
OSV
added 2026/06/05 1:3 p.m.10 views

MINI-P7FC-796J-4H2C

Bulletin has no description...

7.5CVSS5.2AI score0.00939EPSS
Exploits0
OSV
OSV
added 2026/06/03 2:16 p.m.10 views

UBUNTU-CVE-2026-44546

daphne before 4.2.2 reconstructs a raw HTTP request from Twisted's parsed headers and feeds it to autobahn for WebSocket handshake processing. Twisted does not treat \x0b, \x0c, \x1c, \x1d, \x1e, or \x85 as header line separators, but autobahn decodes header values to str and calls splitlines. An...

5.3CVSS5.5AI score0.00172EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.16 views

SUSE CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 5:17 p.m.39 views

CVE-2026-45157

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS0.00231EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:39 p.m.19 views

CVE-2026-45157

CVE-2026-45157 affects Nextcloud Server: versions 32.0.0 up to but not including 32.0.9, and 33.0.0 up to but not including 33.0.3. A user with access to another user’s file share can use the share token to access the share’s chunking upload process and view temporary part files during ongoing up...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/01 12:49 a.m.15 views

[SECURITY] Fedora 44 Update: libsoup3-3.6.6-8.fc44

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications...

8.2CVSS5.8AI score0.00254EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45473

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.9, and 33.0.0 to before 33.0.3, when a malicious user has access to a file share of a user, they could use this share token to also access the chunking upload directly and see...

6.3CVSS5.7AI score0.00231EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/30 6:16 p.m.128 views

cyanide

Cyanide By @zeroxjf — an iOS...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/26 9:16 p.m.21 views

CVE-2026-44844

emlparser serves as a python module for parsing eml files and returning various information found in the e-mail as well as computed information. Prior to 3.0.1, EmlParser.getrawbodytext recurses unconditionally for every nested message/rfc822 attachment without any depth limit. An attacker who ca...

6.3CVSS0.00395EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/05/21 11:52 a.m.21 views

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes it worrying. The...

6.4AI score0.00079EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Jetty9

Jetty is a Java-based web server and servlet engine. In affected versions, servlets that support multipart requests e.g., annotated with @MultipartConfig and call HttpServletRequest.getParameter or HttpServletRequest.getParts may cause an OutOfMemoryError when the client sends a multipart request...

5.3CVSS6.5AI score0.0326EPSS
Exploits0References2
Rows per page
Query Builder