Lucene search
K

72 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54297

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3,...

7.5CVSS5.8AI score0.00391EPSS
Exploits1References2
Cvelist
Cvelist
added last week33 views

CVE-2026-54297 Faraday: Uncontrolled recursion in NestedParamsEncoder allows stack exhaustion DoS via deeply nested query parameters

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS0.00391EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/11 1:56 p.m.13 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/11 1:53 p.m.8 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS7.2AI score0.01945EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44364

MISP modules are autonomous modules that can be used to extend MISP for new services. In 3.0.7 and earlier, a Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerabili...

9.3CVSS5.5AI score0.00185EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 7:15 p.m.19 views

CVE-2026-44364

The CVE affects the MISP-modules component in MISP modules’ home blueprint prior to 3.0.7, where CSRF protection was disabled, allowing an authenticated user to trigger unintended requests and potentially modify session query data. The issue was fixed by enabling CSRF protection for the affected ...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 2:22 p.m.7 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.8 views

EUVD-2026-29509

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

6.5AI score0.00405EPSS
Exploits0References3
OSV
OSV
added 2026/05/12 6:30 p.m.3 views

GHSA-2799-6G5R-MMC7 Superduper: Remote code execution via unsafe eval in superduper query parsing

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00405EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/12 6:30 p.m.13 views

Superduper: Remote code execution via unsafe eval in superduper query parsing

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS6.5AI score0.00405EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/12 4:16 p.m.10 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

8.8CVSS0.00405EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 12:0 a.m.32 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

0.00405EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.9 views

PT-2026-40064

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parse op part function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Althoug...

6.5AI score0.00405EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/12 12:0 a.m.6 views

CVE-2026-31225

The superduper project thru v0.10.0 contains a critical remote code execution vulnerability in its query parsing component. The parseoppart function in query.py uses the unsafe eval function to dynamically evaluate user-supplied query operands without proper sanitization or restriction. Although...

6.5AI score0.00405EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 8:16 p.m.4 views

DEBIAN-CVE-2026-39825

ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery...

5.3CVSS5.8AI score0.0039EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 10:31 p.m.3 views

GHSA-J4RH-7JCR-QM69 misp-modules website - Missing CSRF protection in the website home blueprint

A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the home endpoint. The vulnerability was due to the home blueprint being exempted from CSRF protection. This could allow modification of sessi...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 9:14 a.m.13 views

CLSA-2026-1772575666 containernetworking-plugins: Fix of 3 CVEs

rebuild with newer golang version 1.22.9-1.el92.tuxcare.els6 to fix the following CVE - CVE-2025-61729: fix excessive resource consumption when constructing hostname error messages for certificates with many SANs - CVE-2025-61726: limit parsed URL query parameters to mitigate excessive memory...

10CVSS7.1AI score0.01945EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38309

Name of the Vulnerable Software and Affected Versions MISP modules versions 3.0.7 and earlier Description A Cross-Site Request Forgery CSRF issue in the MISP Modules website allows an attacker to trick an authenticated user into submitting unintended requests to the "/home" endpoint. This occurs...

9.3CVSS5.8AI score0.00185EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/04/20 6:53 p.m.10 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.6AI score0.01945EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.4 views

RHEL 9 : skopeo (RHSA-2026:9098)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:9098 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and...

10CVSS7AI score0.01945EPSS
Exploits3References10
Rows per page
Query Builder