Lucene search
K

3685 matches found

CVE
CVE
added yesterday3 views

CVE-2026-50346

CVE-2026-50346 is a Windows RPC Runtime-related elevation-of-privilege vulnerability (Netlogon RPC). The primary description indicates improper authorization that allows a locally authenticated attacker to escalate privileges. Public references include the NVD/NCSC entries and the Microsoft updat...

7.8CVSS6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 3 days ago2 views

p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS6AI score0.00137EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function

Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...

8.7CVSS0.00302EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

CVE-2026-56279 Capgo - Information Disclosure via get_orgs_v7 RPC Endpoint

Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...

8.7CVSS6.2AI score0.00313EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago2 views

p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS6AI score0.00137EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2534)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.7AI score0.01557EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-59818

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls t...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References3
NVD
NVD
added 6 days ago6 views

CVE-2026-57032

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS0.00421EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57032 Junos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc process crash

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS0.00421EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 6 days ago8 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.17.55 packages and security update

Red Hat OpenShift Container Platform release 4.17.55 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.17. Red Hat Product Security has rated this update as having a...

9.1CVSS6.9AI score0.01557EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-59818

A flaw was found in etcd, a distributed key-value store. When etcd is configured to use separate listeners for HTTP and gRPC client endpoints, the Certificate Revocation List CRL is not properly enforced on the gRPC listener. This oversight allows a client with a revoked certificate to successful...

8.1CVSS5.9AI score0.00319EPSS
Exploits0References12
OSV
OSV
added last week3 views

DEBIAN-CVE-2026-59818

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls to split HTTP and gRPC client endpoints onto separate listeners, the --client-crl-file Certificate Revocation List is not enforced on the...

8.1CVSS6.1AI score0.00319EPSS
Exploits0References1
Snyk
Snyk
added last week5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
Snyk
Snyk
added last week5 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to improper enforcement of the Certificate Revocation List on the gRPC listener when separate listeners are configured for HTTP and gRPC client endpoints. An attacker can gain unauthorized access and...

8.5CVSS6.1AI score0.00319EPSS
Exploits0References2
NVD
NVD
added last week5 views

CVE-2026-59803

rpcx through 1.9.3, fixed in commit 047aec1, contains a denial-of-service vulnerability in protocol.Message.Decode protocol/message.go. When a message has the compression flag set, the payload is gzip-decompressed via util.Unzip with no limit on the decompressed output size. The only built-in siz...

8.7CVSS0.00408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added last week4 views

micrometer: micrometer-core: Micrometer: Denial of Service via specially crafted gRPC requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted gRPC gRPC Remote Procedure Call requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS6AI score0.00474EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 11:45 a.m.4 views

PYSEC-2026-1131 Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...

7.5CVSS7AI score0.01203EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/07/06 8:43 p.m.8 views

CVE-2026-59712 Leantime - JSON-RPC API Broken Access Control via users.getUser

Leantime's Users::getUser method in the JSON-RPC API lacks proper authorization checks, allowing authenticated users to retrieve full user credential rows including password hashes, TOTP secrets, and session tokens. Attackers can exploit this by calling users.getUser with arbitrary user IDs to...

8.6CVSS6AI score0.0025EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

9.1CVSS0.00471EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.13 views

PT-2026-55524

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions 1.26.0 and later Description The backend /services/request-service RPC accepts a URL controlled by an attacker from any client connected to the standard /services messaging endpoint. The server performs the HTTP request...

8.5CVSS6.1AI score0.00297EPSS
Exploits0References7
Rows per page
Query Builder