Lucene search
K

394 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 6:19 p.m.7 views

CVE-2026-53916

Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. An unauthenticated client that opens a STOMP NIO connection can send header bytes that never terminate which makes the broker buffer them without limit, exhausting the JVM hea...

7.5CVSS5.8AI score0.00796EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 9:4 p.m.8 views

CVE-2026-48090

A flaw was found in Envoy's HTTP OAuth2 filter. A use-after-free vulnerability exists where an in-flight async token exchange can remain attached to a downstream stream that has already been torn down, leading to undefined behavior, worker crashes, and denial of service. Mitigation Mitigation for...

5.9CVSS5.6AI score0.00579EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/26 9:4 p.m.9 views

CVE-2026-47205

A flaw was found in Envoy's extauthz HTTP filter. A use-after-free vulnerability exists when processing per-route authorization overrides concurrently with rapid downstream client disconnects. This can lead to a segmentation fault and denial of service. Mitigation Mitigation for this issue is...

5.9CVSS5.6AI score0.00387EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/04/28 11:23 a.m.11 views

CVE-2026-6921

A race flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=493315759 Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.6CVSS4.8AI score0.00187EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/10 5:3 p.m.5 views

CVE-2026-40046

A flaw was found in Apache ActiveMQ, Apache ActiveMQ All and Apache ActiveMQ MQTT. The fix for CVE-2025-66168 was not applied for 6.0.0+ versions. This exposed the underlying integer overflow/wraparound vulnerability when handling MQTT control packets, causing the broker to misinterpret payloads...

8.8CVSS5.7AI score0.0078EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/07 11:32 p.m.3 views

CVE-2026-33815

A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

9.8CVSS5.8AI score0.00605EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/06 5:33 p.m.4 views

CVE-2026-34764

A flaw was found in Electron, a framework for building desktop applications. This vulnerability, a use-after-free, affects applications that utilize offscreen rendering with GPU shared textures. Under specific conditions, a callback function can attempt to access memory that has already been...

5.5CVSS5.8AI score0.001EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/30 8:48 p.m.3 views

CVE-2025-66037

A flaw was found in OpenSC, an open-source smart card tools and middleware. An attacker could exploit this vulnerability by providing a specially crafted input. This crafted input causes an out-of-bounds heap read, where the software attempts to read data beyond its allocated memory. Mitigation...

6.8CVSS5.8AI score0.00253EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/20 6:59 a.m.4 views

CVE-2026-32874

A flaw was found in UltraJSON, a fast JSON encoder and decoder. A remote attacker can exploit this vulnerability by providing specially crafted JSON input that contains extremely large integers. When UltraJSON attempts to parse these inputs, it leads to an accumulating memory leak. This excessive...

7.5CVSS5.7AI score0.00479EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/03/12 6:23 a.m.2 views

CVE-2026-31959

A flaw was found in Quill. This Server-Side Request Forgery SSRF vulnerability occurs when Quill attempts to fetch Apple notarization submission logs. An attacker, capable of tampering with API responses from Apple's notarization service e.g., in environments with TLS-intercepting proxies, can...

5.3CVSS5.8AI score0.00097EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/12 6:18 a.m.2 views

CVE-2026-31961

A flaw was found in Quill. An attacker can exploit this unbounded memory allocation vulnerability by providing a specially crafted Mach-O binary to Quill for processing. This malicious binary contains oversized values in its code signing structures, causing Quill to attempt to allocate excessive...

5.5CVSS5.6AI score0.001EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/12 6:5 a.m.1 views

CVE-2026-31958

A flaw was found in tornado-python. A remote attacker can exploit this vulnerability by sending a specially crafted, very large multipart body with numerous parts. Because the parsing of these large bodies occurs synchronously on the main thread, it can consume excessive resources, leading to a...

8.7CVSS5.7AI score0.00375EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/12 6:5 a.m.2 views

CVE-2026-29777

A flaw was found in Traefik. A tenant with write access to an HTTPRoute resource can exploit this vulnerability by injecting specially crafted rule tokens into Traefik's router rule language through unsanitized header or query parameter match values. This allows the attacker to bypass listener...

6.8CVSS5.6AI score0.00277EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/11 11:56 p.m.3 views

CVE-2026-3784

A flaw was found in curl. This vulnerability allows curl to wrongly reuse an existing HTTP proxy connection when performing a CONNECT request to a server, even if the new request uses different authentication credentials for the HTTP proxy. This improper connection reuse could lead to an attacker...

6.5CVSS5.6AI score0.00302EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/03/11 11:56 p.m.1 views

CVE-2026-1965

A flaw was found in curl. When an application uses libcurl to make multiple Negotiate-authenticated HTTP or HTTPS requests to the same server with different credentials, libcurl may incorrectly reuse an existing connection. This logical error can cause a subsequent request to be sent using the...

6.8CVSS5.6AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/11 4:17 p.m.3 views

CVE-2026-3805

A flaw was found in curl. When handling a second Server Message Block SMB request to the same host, curl incorrectly accesses memory that has already been freed. This memory corruption vulnerability, known as a use-after-free, could allow a remote attacker to potentially execute arbitrary code or...

7.5CVSS6AI score0.00715EPSS
Exploits2References7
RedhatCVE
RedhatCVE
added 2026/03/11 11:17 a.m.4 views

CVE-2026-26131

A flaw was found in .NET. Incorrect default permissions allow an authorized local attacker to exploit this vulnerability. This can lead to local privilege escalation, enabling the attacker to gain higher access rights on the system. Mitigation Mitigation for this issue is either not available or...

7.8CVSS5.7AI score0.00359EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/11 10:14 a.m.1 views

CVE-2026-28292

A vulnerability was discovered in the simple-git Node.js library. The issue is caused by improper validation of user-supplied input when constructing Git commands. An attacker able to supply specially crafted repository URLs or arguments could exploit Git’s ext:: protocol handler to execute...

9.8CVSS6AI score0.01296EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/11 9:36 a.m.2 views

CVE-2026-2742

A flaw was found in com.vaadin/flow-server. This authentication bypass vulnerability allows an unauthenticated attacker to bypass security filters by accessing the /VAADIN endpoint without a trailing slash. This inconsistent path pattern matching enables the attacker to trigger framework...

6.3CVSS5.6AI score0.00391EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/03/11 12:9 a.m.1 views

CVE-2026-31812

A flaw was found in quinn-proto, a pure-Rust implementation of the IETF QUIC transport protocol. A remote, unauthenticated attacker can trigger a denial of service in applications using vulnerable quinn versions by sending a crafted QUIC Initial packet containing malformed quictransportparameters...

8.7CVSS5.6AI score0.005EPSS
Exploits0References4
Rows per page
Query Builder