Lucene search
+L

899 matches found

CNNVD
CNNVD
added 2026/05/06 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a 1-byte padding hole in the proto field of the struct xfrmusersaid structure in the buildmapping...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/04 4:50 p.m.7 views

CVE-2026-42077 Evolver: Prototype Pollution via `Object.assign()` in mailbox store operations

Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all JavaScript objects by injecting malicious properties into Object.prototype. The vulnerability exists...

5.2CVSS5.7AI score0.00109EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 12:19 p.m.9 views

Security Bulletin: Denial of Service in Axios via Malicious __proto__ in Configuration Object

Summary Axios is a promise based HTTP client for the browser and Node.js. Prior to versions 0.30.3 and 1.13.5, the mergeConfig function in axios crashes with a TypeError when processing configuration objects containing proto as an own property. An attacker can trigger this by providing a maliciou...

7.5CVSS6.8AI score0.025EPSS
Exploits1Affected Software1
RustSec
RustSec
added 2026/05/01 12:0 p.m.15 views

CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

5.3CVSS6.8AI score0.00801EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/01 12:0 p.m.17 views

async-std-resolver (>=0.25.0-alpha.1 <=0.25.0-alpha.5), ezk-sip-ua (>=0.5.0 <=0.7.1) +3 more potentially affected by unknown CVE via hickory-proto (=0.25.0-alpha.5)

hickory-proto CARGO version =0.25.0-alpha.5 is affected by a known vulnerability. The following packages have a transitive dependency on hickory-proto and may be impacted: - async-std-resolver =0.25.0-alpha.1, =0.5.0, =0.25.0-alpha.1, =0.25.0-alpha.5 - hickory-resolver =0.25.0-alpha.1 Source cves...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/01 12:0 p.m.6 views

RUSTSEC-2026-0119 CPU exhaustion during message encoding due to O(n²) name compression

During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...

5.3CVSS6.8AI score0.00801EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/05/01 8:19 a.m.164 views

Exploit for Improper Handling of Insufficient Permissions or Privileges in Google Android

CVE-2026-0047: Missing Permission Check in ActivityManagerServ...

8.4CVSS6.1AI score0.00138EPSS
Exploits1
NVD
NVD
added 2026/05/01 2:16 a.m.7 views

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

10CVSS0.01823EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/01 1:30 a.m.47 views

CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

10CVSS0.01823EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/01 1:30 a.m.4 views

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

10CVSS5.3AI score0.01823EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.8 views

PT-2026-36291

Name of the Vulnerable Software and Affected Versions Totolink A8000RU version 7.1cu.643 b20200521 Description An OS command injection issue exists in the CGI Handler component. A remote attacker can initiate an attack by manipulating the proto argument within the '/cgi-bin/cstecgi.cgi' endpoint...

10CVSS7.6AI score0.01823EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2026/04/22 9:54 p.m.76 views

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

7.5CVSS5.8AI score0.26356EPSS
Exploits0References5
OSV
OSV
added 2026/04/22 3:31 p.m.61 views

GHSA-XFXP-PPX7-CQRP camel-infinispan Vulnerable to Deserialization of Untrusted Data

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2026/04/22 2:7 p.m.123 views

Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header

A flaw was found in Node.js. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request that includes a header named proto. When a Node.js application processes this request and attempts to access distinct headers, it encounters an unhandled error, leading to an...

7.5CVSS7.3AI score0.26356EPSS
Exploits0References5
NVD
NVD
added 2026/04/22 1:16 p.m.23 views

CVE-2026-6857

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS0.00667EPSS
Exploits1References5
CVE
CVE
added 2026/04/22 12:55 p.m.16 views

CVE-2026-6857

CVE-2026-6857 affects camel-infinispan via unsafe deserialization in the ProtoStream remote aggregation repository. The flaw allows a remote attacker with low privileges to send crafted data to trigger arbitrary code execution, potentially gaining full control over the affected system and impacti...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 12:55 p.m.5 views

CVE-2026-6857

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/04/22 12:54 p.m.5 views

CVE-2026-6857

A flaw was found in camel-infinispan. This vulnerability involves unsafe deserialization in the ProtoStream remote aggregation repository. A remote attacker with low privileges could exploit this by sending specially crafted data, leading to arbitrary code execution. This allows the attacker to...

7.5CVSS5.9AI score0.00667EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.17 views

PT-2026-34329

Name of the Vulnerable Software and Affected Versions camel-infinispan affected versions not specified Description Unsafe deserialization exists in the ProtoStream remote aggregation repository. A remote attacker with low privileges can send specially crafted data to achieve arbitrary code...

7.5CVSS6.1AI score0.00667EPSS
Exploits1References9
NVD
NVD
added 2026/04/21 6:16 p.m.8 views

CVE-2026-40594

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS0.00171EPSS
Exploits1References1
Rows per page
Query Builder