Lucene search
K

2960 matches found

NVD
NVD
•added 5 days ago•8 views

CVE-2026-56813

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
EUVD
EUVD
•added 5 days ago•8 views

EUVD-2026-42876

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
CVE
CVE
•added 5 days ago•10 views

CVE-2026-56813

The CVE-2026-56813 issue affects the Elixir Plug library (Plug.Conn.Cookies.encode/2). It enables attribute injection in Set-Cookie headers by not neutralizing the ; delimiter, allowing an attacker to inject or override cookie attributes (e.g., Domain, Path, or flags like Secure/HttpOnly) when at...

2.1CVSS6.1AI score0.00146EPSS
Exploits0References4
Cvelist
Cvelist
•added 5 days ago•32 views

CVE-2026-56813 Cookie attribute injection in Plug.Conn.Cookies.encode/2

Improper Neutralization of Parameter/Argument Delimiters vulnerability in elixir-plug plug allows an attacker to inject or override HTTP cookie attributes. The Plug.Conn.Cookies.encode/2 function in lib/plug/conn/cookies.ex builds the Set-Cookie response header by interpolating the cookie value a...

2.1CVSS0.00146EPSS
Exploits0References4
NVD
NVD
•added 5 days ago•6 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS0.00579EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
•added 5 days ago•7 views

CVE-2026-56814

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References10Affected Software1
EUVD
EUVD
•added 5 days ago•6 views

EUVD-2026-42873

Plug.Parsers.MULTIPART, the multipart request-body parser used to handle file uploads and multipart forms, does not enforce its :length budget against all consumed resources, allowing an unauthenticated remote attacker to cause denial of service. The parser charges the :length limit only for part...

6.9CVSS6.1AI score0.00579EPSS
Exploits0References9
EUVD
EUVD
•added 2026/07/06 7:38 p.m.•4 views

EUVD-2026-41913

A flaw was found in GIMP. The PlayStation TIM loader, responsible for handling PlayStation image files, incorrectly calculates the size of the Color Look-Up Table CLUT due to an integer overflow. This occurs when multiplying numcolors and numcluts, both 16-bit unsigned short integers, resulting i...

5.5CVSS6AI score0.00208EPSS
Exploits1References3
NVD
NVD
•added 2026/07/02 4:17 a.m.•11 views

CVE-2026-57270

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.0022EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
•added 2026/06/30 12:0 a.m.•13 views

Linux Distros Unpatched Vulnerability : CVE-2026-13595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw...

6.8CVSS5.9AI score0.00112EPSS
Exploits0References4
NVD
NVD
•added 2026/06/29 9:16 a.m.•15 views

CVE-2026-13595

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS0.00112EPSS
Exploits0References4
OSV
OSV
•added 2026/06/29 9:16 a.m.•4 views

UBUNTU-CVE-2026-13595

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS5.7AI score0.00112EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
•added 2026/06/29 8:6 a.m.•7 views

CVE-2026-13595

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS5.7AI score0.00112EPSS
Exploits0References5
CVE
CVE
•added 2026/06/29 8:6 a.m.•26 views

CVE-2026-13595

CVE-2026-13595 affects libblkid in util-linux. During nested partition probing, BSD/Minix/Solaris x86/UnixWare probers cache a parent partition pointer in a dynamically allocated array; on reallocation, the pointer becomes stale, causing a heap use-after-free read. An attacker with access to a cr...

6.8CVSS5.7AI score0.00112EPSS
Exploits0References4Affected Software3
Cvelist
Cvelist
•added 2026/06/29 8:6 a.m.•73 views

CVE-2026-13595 Util-linux: util-linux: heap use-after-free in libblkid nested partition probing

A flaw was found in the libblkid library of util-linux. During nested partition probing, the BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a parent partition entry in a dynamically allocated array. When subsequent partition additions cause the array to be...

6.8CVSS0.00112EPSS
Exploits0References4
Positive Technologies
Positive Technologies
•added 2026/06/29 12:0 a.m.•13 views

PT-2026-53234

Name of the Vulnerable Software and Affected Versions util-linux libblkid affected versions not specified Description A heap use-after-free read occurs in the libblkid library during nested partition probing. The BSD, Minix, Solaris x86, and UnixWare partition probers cache a raw pointer to a...

6.8CVSS6.1AI score0.00112EPSS
Exploits0References20
Circl
Circl
•added 2026/06/24 5:45 p.m.•5 views

CVE-2026-54982

creationtimestamp| type| source ---|---|--- 2026-06-24 17:45:03+00:00| seen| https://www.acn.gov.it/portale/w/rilevata-nuova-vulnerabilita-in-erlang-plug 2026-07-14 19:01:08+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0231...

8.8CVSS6.1AI score
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/06/24 12:0 a.m.•5 views

PT-2026-52025

ā€¼ļø Erlang Plug: disponibile in rete PoC per lo sfruttamento della CVE-2026-54982 Rischio: 🟠 Tipologia: šŸ”ø Denial of Service šŸ”— https://www.acn.gov.it/portale/w/rilevata-nuova-vulnerabilita-in-erlang-plug šŸ”„ Aggiornamenti disponibili šŸ”„...

8.8CVSS5.8AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
•added 2026/06/23 4:5 p.m.•4 views

Security Bulletin: Multiple Vulnerabilities have been identified in IBM WebSphere Application Server and WebSphere Application Server Liberty shipped with IBM WebSphere Remote Server

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM WebSphere Application Server and WebSphere Application Server Liberty have been published in a security bulletin...

9.8CVSS5.8AI score0.00409EPSS
Exploits0Affected Software1
NVD
NVD
•added 2026/06/23 1:16 p.m.•11 views

CVE-2026-54892

Inefficient algorithmic complexity in Plug's nested-parameter decoder allows an unauthenticated remote attacker to cause denial of service. Plug.Conn.Query.decode/4 and Plug.Conn.Query.decodeeach/2 parse query strings and application/x-www-form-urlencoded request bodies. When a key contains many...

8.7CVSS0.00707EPSS
Exploits0References8
Rows per page
Query Builder