Lucene search
K

1423 matches found

Nuclei
Nuclei
added yesterday20 views

CodiMD <2.5.4 - Insecure Filename Randomization

CodiMD does not require valid authentication to access uploaded images or to upload new image data. An attacker who can determine an uploaded image's URL can gain unauthorised access to uploaded image data. Due to the insecure random filename generation in the underlying Formidable library, an...

5.3CVSS6.1AI score0.01158EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added last week7 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.7AI score0.03459EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/07/07 8:36 a.m.7 views

CVE-2026-13199

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References3
NVD
NVD
added 2026/06/27 10:16 a.m.12 views

CVE-2026-49414

The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. An unprivileged local user ca...

7.8CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/27 9:22 a.m.26 views

CVE-2026-49414

CVE-2026-49414 is a local ASLR bypass in FreeBSD: the ELF image activator clears per-process ASLR preferences for setuid binaries after computing the PIE base, allowing an unprivileged local user to disable ASLR for a setuid PIE binary via procctl(2) before execve(2). This makes exploitation of a...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/27 12:0 a.m.11 views

PT-2026-53064

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The ELF image activator cleared per-process ASLR Address Space Layout Randomization, a security technique that randomizes memory addresses to prevent exploitatio...

7.8CVSS5.8AI score0.00106EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 5:41 p.m.9 views

JLSEC-2026-629 Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token...

Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter is not checked for overflow, allowing a malicious sender to trigger an overflow that causes the receiver process to read and return data from outside the intended...

6.1CVSS6AI score0.0078EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52937

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.5CVSS0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:25 p.m.3 views

CVE-2026-56425

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/19 1:52 a.m.9 views

SUSE CVE-2026-42530

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

8.1CVSS6.3AI score0.03225EPSS
Exploits3References3
OSV
OSV
added 2026/06/17 3:16 p.m.3 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS7.8AI score0.03459EPSS
Exploits1References9
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.35 views

CVE-2026-42530 NGINX Open-Source ngx_http_v3_module vulnerability

NGINX Open Source has a vulnerability in the ngxhttpv3module module. When NGINX Open Source is configured to use the HTTP/3 QUIC module, a remote unauthenticated attacker along with conditions beyond their control can use a specially crafted HTTP/3 session to reopen a QPACK encoder stream. This m...

9.2CVSS0.03225EPSS
Exploits3References1
AlpineLinux
AlpineLinux
added 2026/06/17 2:4 p.m.5 views

CVE-2026-42055

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and the...

9.2CVSS6.5AI score0.03459EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/16 10:16 a.m.9 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 10:16 a.m.10 views

EUVD-2026-37062

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

8.6CVSS5.3AI score0.00472EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49653

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

FreeBSD : FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2) (7e61007e-6474-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 7e61007e-6474-11f1-958d-bc241121aa0a advisory. The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code th...

7.8CVSS5.5AI score0.00106EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/06/09 12:0 a.m.28 views

FreeBSD-kernel -- ASLR bypass for setuid executables via procctl(2)

Problem Description: The ELF image activator cleared per-process ASLR preference flags for setuid binaries after the code that computes the PIE base address, rather than before. As a result, a user-requested ASLR disable was still in effect at the point where the base address was chosen. Impact: ...

7.8CVSS5.5AI score0.00106EPSS
Exploits0
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...

9.2CVSS6AI score0.04261EPSS
Exploits3
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a replacement string...

9.2CVSS6.1AI score0.04261EPSS
Exploits3
Rows per page
Query Builder