3265 matches found
EUVD-2026-37802
Improper neutralization of argument delimiters in AWS Bedrock AgentCore Python SDK installpackages...
CVE-2026-5078
A flaw was found in the morgan HTTP request logging middleware versions 1.2.0 through 1.10.1. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted...
CVE-2026-24720
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
PT-2026-48369
Name of the Vulnerable Software and Affected Versions File Station versions prior to 5.5.6.5243 Description An issue exists where resources are allocated without limits or throttling. A remote attacker with a user account can exploit this to prevent other systems, applications, or processes from...
PT-2026-48372
Name of the Vulnerable Software and Affected Versions File Station 5 versions prior to 5.5.6.5208 Description A buffer overflow occurs when a program writes more data to a memory buffer than it can hold, potentially overwriting adjacent memory. A remote attacker with a user account can exploit th...
EUVD-2026-35420
A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...
CVE-2026-11666
Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
PT-2026-47492
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.103 Description Insufficient validation of untrusted input allows a remote attacker to perform UI spoofing, which is the act of mimicking a legitimate user interface to deceive users, via a crafted HT...
SUSE CVE-2026-11192
Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. Chromium security severity: Medium...
CVE-2026-35081
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
CVE-2026-35084
A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...
CVE-2026-35079
The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35078
The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35080
The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
Linux Distros Unpatched Vulnerability : CVE-2026-5078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Impact: The morgan logging middleware's :remote-user token extracts the Basic auth username from the Authorization request header and writes it to the log strea...
CVE-2026-35081
The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input...
CVE-2026-35076
The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...
CVE-2026-35085
CVE-2026-35085 describes a stack buffer overflow in gdv-serverconfig that can be exploited by a remote attacker authenticated with user privileges to achieve full system access as root. The CVE is rated HIGH (CVSS 4.0: 8.7) with NETWORK attack vector, low complexity, and requires low privileges; ...
CVE-2026-35085 Stack buffer overflow in method gdv-serverconfig
A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...
CVE-2026-35083
Technical details about affected product, component, and remediation are not publicly available in the provided documents. Monitor for updates to CVE-2026-35083.