Lucene search
K

3341 matches found

EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-43310

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
CVE
CVE
added 5 hours ago8 views

CVE-2026-15574

The CVE-2026-15574 issue affects the vllm-orchestrator-gateway component, where the production binary logs incoming authorization headers and full chat payloads, potentially exposing PII, secrets, bearer tokens, and conversation content. This data exposure arises from a hard-coded debug/default l...

7.5CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 5 hours ago6 views

CVE-2026-15574

A flaw was found in the vllm-orchestrator-gateway component. The system's production binary logs all incoming authorization headers and full chat payloads, which may contain personally identifiable information PII and secrets, to persistent logs. This sensitive data, including bearer tokens and...

7.5CVSS6AI score
Exploits0References3
Nuclei
Nuclei
added 8 hours ago46 views

Webmin < 1.920 - Authenticated Remote Code Execution

rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialisevariable makes an eval call. NOTE: the WebminServersIndex documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must...

8.8CVSS7.1AI score0.38038EPSS
Exploits4References5
Vulnrichment
Vulnrichment
added 3 days ago3 views

CVE-2026-33382 Denial of service via unbounded request body size

Several Grafana API endpoints, some of them unauthenticated, do not limit the size of the request body before processing it. An attacker can send very large payloads that force excessive memory allocation, potentially exhausting memory and causing a denial of service...

7.5CVSS6.1AI score0.0038EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-58144

Cotonti Siena 0.9.26 and earlier contains a stored cross-site scripting vulnerability that allows authenticated users with PFS access to inject arbitrary script payloads by supplying malicious HTML in the ntitle parameter processed through the TXT filter in pfs.main.php. Attackers can create a...

5.4CVSS6AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-12590

A flaw was found in body-parser. When the parser is configured with an invalid limit option, such as an unparseable string or a non-numeric value, the request body size check is bypassed. This allows a remote attacker to send arbitrarily large payloads, consuming excessive memory and CPU resource...

5.9CVSS5.9AI score0.0025EPSS
Exploits0References5
NVD
NVD
added 4 days ago10 views

CVE-2026-58459

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS0.00726EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago5 views

EUVD-2026-42622

gpsd through release-3.27.5, fixed at commit 4c06658, contains a command injection vulnerability in gpsprof that allows attackers who control the GPS device subtype value to execute arbitrary shell commands by embedding backtick payloads in the gnuplot plot title without proper escaping. The...

8.4CVSS6.3AI score0.00726EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in polymarket-apis (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd77c8861490c0b5607b4029f8f9e51f12efb83a6696fc51b953b0a3cde1356b The package impersonates the Polymarket brand name polymarket-apis, author polymarket but contains no Polymarket API integration. Its exported...

6.4AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago3 views

netty-codec-redis: netty-codec-redis: Denial of Service via crafted Redis payloads

A flaw was found in netty-codec-redis. A remote attacker can exploit this vulnerability by sending specially crafted Redis payloads across multiple connections without proper termination. This can exhaust the server's direct memory pool, leading to a Denial of Service DoS condition where legitima...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.18.1.P1 for Spring Boot release.

Red Hat build of Apache Camel 4.18.1.P1 for Spring Boot patch release and security update is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.4AI score0.00969EPSS
Exploits6References33
NVD
NVD
added 5 days ago9 views

CVE-2026-44160

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Prior to 1.19.3, Fluentd's inhttp and inforward plugins support gzip-compressed data but enforce limits only on compressed payloads through settings such as bodysizelimit and...

7.5CVSS0.0063EPSS
Exploits0References4
NVD
NVD
added 5 days ago5 views

CVE-2026-59802

PasswordPusher before 2.8.1 accepts data URI schemes in URL push payloads due to insufficient validation in the validurl function. Attackers can create malicious pushes containing data:text/html URIs that execute arbitrary JavaScript in victims' browsers when clicked, enabling phishing and...

8.2CVSS0.00192EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56539

Name of the Vulnerable Software and Affected Versions PasswordPusher versions prior to 2.8.1 Description Insufficient validation in the valid url function allows the application to accept data URI schemes in URL push payloads. This enables attackers to create malicious pushes containing...

8.2CVSS6.1AI score0.00192EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53763

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology...

3.8CVSS6.2AI score0.00149EPSS
Exploits0References3
OSV
OSV
added last week2 views

DEBIAN-CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-53763

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.0.0 and prior to version 4.11.0, 32-bit integer overflows in OP-TEE core's AES-GCM implementation cause the...

3.8CVSS6AI score0.00149EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 10:16 a.m.39 views

CVE-2026-4249 Denial of Service via Malicious JSON Payloads in Throttling Events in Multiple WSO2 Products Causing Persistent Service Disruption

The throttling event handling mechanism in multiple WSO2 products accepts user-supplied JSON payloads without sufficient validation of their structure and content. This allows an unauthenticated remote attacker to inject malicious JSON data that can lead to a persistent denial of service conditio...

8.6CVSS0.00339EPSS
Exploits0References1
Rows per page
Query Builder