Lucene search
K

9 matches found

NVD
NVD
added 2026/06/12 4:16 p.m.15 views

CVE-2026-50009

Netty is a network application framework for development of protocol servers and clients. Prior to version 4.2.15.Final, Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the...

4.8CVSS0.00204EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/08 1:7 p.m.145 views

Exploit for CVE-2026-3844

CVE-2026-3844 — Breeze Cache Unauthenticated Arbitrary File Up...

9.8CVSS6.5AI score0.36512EPSS
Exploits8
Cvelist
Cvelist
added 2026/03/27 7:19 p.m.24 views

CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/06 9:7 p.m.3 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/06 4:8 a.m.5 views

EUVD-2026-9980

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files project logos without validating the file type or content. It trusts the extension provided by the user...

6.3CVSS5.8AI score0.00211EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.6 views

CVE-2026-24773

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References1
OSV
OSV
added 2026/01/21 11:1 p.m.18 views

GHSA-XXJR-MMJV-4GPG Lodash has Prototype Pollution Vulnerability in `_.unset` and `_.omit` functions

Impact Lodash versions 4.0.0 through 4.17.22 are vulnerable to prototype pollution in the .unset and .omit functions. An attacker can pass crafted paths which cause Lodash to delete methods from global prototypes. The issue permits deletion of properties but does not allow overwriting their...

7.9CVSS5.9AI score0.01535EPSS
Exploits0References5
OSV
OSV
added 2026/01/10 5:37 a.m.7 views

CVE-2026-22611 AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This...

3.7CVSS5.7AI score0.00201EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/11/29 12:0 a.m.4 views

PT-2025-48353

Name of the Vulnerable Software and Affected Versions fontTools versions 4.33.0 through 4.60.1 Description fontTools is a Python library used for manipulating fonts. A flaw exists in the fontTools.varLib script, specifically within the main code path, which can lead to arbitrary file write and...

9.8CVSS8AI score0.01228EPSS
Exploits10References30
Rows per page
Query Builder