Lucene search
+L

61 matches found

Cvelist
Cvelist
added 2026/06/23 4:5 p.m.40 views

CVE-2026-56113 dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 4:5 p.m.5 views

CVE-2026-56113 dhcpcd Heap Use-After-Free in dhcp6_deprecateaddrs via DHCPv6 RENEW

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS6AI score0.00175EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/23 4:5 p.m.5 views

CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6CVSS5.9AI score0.00175EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Systemd

There is an exploitable denial-of-service vulnerability in Systemd 245. A specially crafted DHCP FORCERENEW packet can expose a server running the DHCP client to a DHCP ACK spoofing attack. An attacker can forge a pair of FORCERENEW and DCHP ACK packets to reconfigure the server...

6.1CVSS6.7AI score0.01399EPSS
Exploits1References2
OSV
OSV
added 2026/04/20 3:31 p.m.14 views

GHSA-WF66-MPHR-4C4R Apache Kafka exposes sensitive information in its DEBUG logs

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References5
NVD
NVD
added 2026/04/20 2:16 p.m.10 views

CVE-2026-33558

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS0.00535EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 1:20 p.m.104 views

CVE-2026-33558

CVE-2026-33558 affects Apache Kafka: the NetworkClient logs sensitive information at DEBUG level, exposing full requests/responses for certain APIs (AlterConfigsRequest, AlterUserScramCredentialsRequest, ExpireDelegationTokenRequest, IncrementalAlterConfigsRequest, RenewDelegationTokenRequest, Sa...

5.3CVSS5.7AI score0.00535EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/20 1:20 p.m.34 views

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

0.00535EPSS
Exploits0References2
OSV
OSV
added 2026/04/20 1:20 p.m.2 views

CVE-2026-33558 Apache Kafka, Apache Kafka Clients: Information Exposure Through Network Client Log Output

Information exposure vulnerability has been identified in Apache Kafka. The NetworkClient component will output entire requests and responses information in the DEBUG log level in the logs. By default, the log level is set to INFO level. If the DEBUG level is enabled, the sensitive information wi...

5.3CVSS5.8AI score0.00535EPSS
Exploits0References6
NVD
NVD
added 2026/04/07 8:16 p.m.3 views

CVE-2026-39366

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

6.5CVSS0.0017EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.8 views

PT-2026-30985

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description The AVideo platform, an open source video platform, has an issue in the PayPal IPN v1 handler located at 'plugin/PayPalYPT/ipn.php'. This handler does not properly deduplicate transactions, which coul...

6.5CVSS5.9AI score0.0017EPSS
Exploits0References6
EUVD
EUVD
added 2025/11/12 4:47 p.m.1 views

EUVD-2025-150132

Malicious code in tadashi-tssu-renew npm...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/06 4:3 a.m.11 views

CVE-2025-11835

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1
NVD
NVD
added 2025/11/05 4:15 a.m.10 views

CVE-2025-11835

The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability and validation check on the PMSAJAXCheckoutHandler::processpayment function in all versions up t...

5.3CVSS0.00213EPSS
Exploits0References2
CVE
CVE
added 2025/11/05 3:27 a.m.19 views

CVE-2025-11835

CVE-2025-11835 affects the WordPress plugin “Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction.” The issue arises from a missing capability check and validation in PMS_AJAX_Checkout_Handler::process_payment(), leading to unauthorized data modificatio...

5.3CVSS5AI score0.00213EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/16 12:30 p.m.10 views

Strapi is vulnerable to Insufficient Session Expiration

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS6.9AI score0.00633EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2025/10/16 12:30 p.m.7 views

GHSA-4R8W-3JWW-M2RP Strapi is vulnerable to Insufficient Session Expiration

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS6.9AI score0.00633EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/10/16 10:43 a.m.4 views

CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS6.5AI score0.00633EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/10/16 10:43 a.m.13 views

CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS0.00633EPSS
Exploits0References4
OSV
OSV
added 2025/10/16 10:43 a.m.8 views

CVE-2025-3930 Lack of JWT Expiration after Log Out in Strapi

Strapi uses JSON Web Tokens JWT for authentication. After logout or account deactivation, the JWT is not invalidated, which allows an attacker who has stolen or intercepted the token to freely reuse it until its expiration date which is set to 30 days by default, but can be changed. The existence...

6.3CVSS5.8AI score0.00633EPSS
Exploits0References6
Rows per page
Query Builder