Lucene search
K

956699 matches found

RedHat Linux
RedHat Linux
added 3 hours ago4 views

netty-transport-sctp: Netty-transport-sctp: Denial of Service due to unbounded memory growth from SctpMessage fragments

A flaw was found in netty-transport-sctp. A remote attacker can exploit this vulnerability by sending specially crafted, non-complete Stream Control Transmission Protocol SCTP message fragments. This can lead to unbounded memory growth within the application, causing a Denial of Service DoS...

7.5CVSS6AI score0.00371EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 hours ago4 views

org.apache.cxf/cxf-rt-transports-jms: Apache CXF: Remote Code Execution via untrusted JMS configuration

A flaw was found in Apache CXF. Untrusted users, if allowed to configure Java Message Service JMS for Apache CXF, can exploit this vulnerability to achieve remote code execution RCE. This issue arises from an incomplete fix for a prior security flaw, indicating an alternative path that could lead...

7.5CVSS6.6AI score0.0064EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 hours ago3 views

netty: Netty: High integrity impact due to improper DNS domain name constraint enforcement

A flaw was found in Netty. Netty's DNS Domain Name System codec does not properly enforce domain name constraints as defined in RFC 1035 during both encoding and decoding processes. This vulnerability allows a remote attacker to exploit the decoder using malicious DNS responses or exploit the...

9.1CVSS6.9AI score0.00818EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 3 hours ago3 views

micrometer-core: micrometer-jetty11: micrometer-jetty12: Micrometer: Denial of Service via specially crafted HTTP requests

A flaw was found in Micrometer. A remote attacker can provide specially crafted HTTP requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system...

7.5CVSS5.9AI score0.00573EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 3 hours ago3 views

netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression

A flaw was found in Netty. A remote attacker can bypass the configured decompression limit in the HttpContentDecompressor by sending a specially crafted compressed payload using Brotli br, Zstandard zstd, or Snappy content encodings. This can lead to unbounded memory allocation, resulting in an...

7.5CVSS6.8AI score0.00863EPSS
Exploits1References5
NVD
NVD
added 3 hours ago5 views

CVE-2026-60108

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS
Exploits0References3
Cvelist
Cvelist
added 3 hours ago3 views

CVE-2026-15188 manjurulhoque django-job-portal Employee Dashboard Endpoint views.py EditEmployeeProfileAPIView access control

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS
Exploits0References6
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-42606

A weakness has been identified in manjurulhoque django-job-portal up to dfa352f305bba44445ac5dc12e9b2a98c9dcd71f. Affected by this vulnerability is the function EditEmployeeProfileAPIView of the file accounts/api/views.py of the component Employee Dashboard Endpoint. This manipulation of the...

6.5CVSS6.2AI score
Exploits0References6
CVE
CVE
added 3 hours ago4 views

CVE-2026-15188

The CVE affects manjurulhoque django-job-portal (up to commit dfa352f305bba44445ac5dc12e9b2a98c9dcd71f). The vulnerability resides in EditEmployeeProfileAPIView (accounts/api/views.py) of the Employee Dashboard Endpoint, where manipulating the role argument leads to improper access controls. An a...

6.5CVSS5.6AI score
Exploits0References6
RedHat Linux
RedHat Linux
added 4 hours ago4 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.2AI score0.00381EPSS
Exploits0References5
CVE
CVE
added 4 hours ago4 views

CVE-2026-15187

The CVE-2026-15187 issue affects the enquirer package (versions up to 2.4.1) and specifically the Enquirer.set function. The root cause is a prototype pollution vulnerability caused by manipulating the argument name (question.name), allowing improper modification of object prototype attributes. I...

5.3CVSS5.6AI score
Exploits0References7
Cvelist
Cvelist
added 4 hours ago3 views

CVE-2026-15187 enquirer Public Package API Enquirer.set prototype pollution

A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely...

5.3CVSS
Exploits0References7
EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-42599

A security flaw has been discovered in enquirer up to 2.4.1. Affected is the function Enquirer.set of the component Public Package API. The manipulation of the argument question.name results in improperly controlled modification of object prototype attributes. The attack can be launched remotely...

5.3CVSS5.6AI score
Exploits0References7
CVE
CVE
added 4 hours ago8 views

CVE-2026-60109

Zeek

8.7CVSS6AI score
Exploits0References3
NVD
NVD
added 4 hours ago4 views

CVE-2026-60094

Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...

6.9CVSS
Exploits0References3
NVD
NVD
added 4 hours ago6 views

CVE-2026-60095

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...

6.9CVSS
Exploits0References3
NVD
NVD
added 4 hours ago5 views

CVE-2026-15186

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS
Exploits0References6
NVD
NVD
added 4 hours ago6 views

CVE-2026-14261

A vulnerability in the Xerte Online Tools allows for authentication bypass and remote code execution via reinstallation through the /setup/ folder, enabling attackers to reinstall the service to a remote database they control...

9.1CVSS
Exploits0References3
NVD
NVD
added 4 hours ago4 views

CVE-2026-12116

A vulnerability in the Xerte Online Tools allows for RCE through the antivirus binary path in the tools server settings, which can be changed to a PHP interpreter, allowing an attacker to upload PHP data that will then be executed...

9.8CVSS
Exploits0References3
Cvelist
Cvelist
added 5 hours ago7 views

CVE-2026-60095 Vinchin Backup & Recovery 9.0.0.86562 Stack Buffer Overflow via ModuleHandShake

Vinchin Backup & Recovery through 9.0.0.86562 contains a stack buffer overflow vulnerability in the ModuleHandShake function of the agentlinkserver service that allows unauthenticated remote attackers to overwrite the saved return address by supplying an oversized listenuuid field that is measure...

6.9CVSS
Exploits0References3
Rows per page
Query Builder