Lucene search
K

42306 matches found

BDU FSTEC
BDU FSTEC
added yesterday8 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
CVE
CVE
added yesterday14 views

CVE-2026-59245

The CVE affects Apache Airflow FAB provider: FAB auth manager. A DAG with dag_id/DAGs collides with the global all-DAGs permission name produced by resource_name(), causing a per-DAG access_control grant on that DAG to silently confer the global all-DAGs permission. This yields privilege escalati...

8.1CVSS6.1AI score
Exploits0References3Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43500

In the Apache Airflow FAB auth manager, a DAG whose dagid is DAGs collided with the global all-DAGs permission resource name produced by resourcename, so a user granted per-DAG accesscontrol on that one DAG was silently granted the global all-DAGs permission privilege escalation. The escalation...

8.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-49876 Apache Gravitino: Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs

Authenticated SSRF in Gravitino JobManager allows server-side HTTP requests to internal network and cloud metadata endpoints via unvalidated job template URIs. A vulnerability in Apache Gravitino. This issue affects Apache Gravitino: from 1.0.0 through 1.2.1. Users are recommended to upgrade to...

0.00204EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday6 views

Spring Framework Path Traversal in Functional Web Frameworks

Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application...

7.5CVSS6.7AI score0.54862EPSS
Exploits6References3
NVD
NVD
added 4 days ago8 views

CVE-2026-41482

Frappe is a full-stack web application framework. Prior to 16.18.3, possible path traversal and local file inclusion were possible through secure local resource access in the Chrome PDF Generator. This issue is fixed in version 16.18.3...

7.1CVSS0.00338EPSS
Exploits0References6
CVE
CVE
added 4 days ago23 views

CVE-2026-55884

Tilt HUD server in github.com/tilt-dev/tilt is affected in versions 0.20.8–0.37.3 where the HUD HTTP server registers handlers on a gorilla/mux router without authentication. When bound to a non-loopback address, an unauthenticated network caller can trigger developer-defined Tiltfile resources, ...

9.2CVSS6.2AI score0.00397EPSS
Exploits0References4
NVD
NVD
added 4 days ago4 views

CVE-2026-55229

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.34.0, Gotenberg's /forms/libreoffice/convert endpoint allows a specially crafted document to cause LibreOffice to automatically retrieve external HTTPS resources and local file resources during document conversion, enabling bli...

7.5CVSS0.00355EPSS
Exploits0References3
CVE
CVE
added 4 days ago85 views

CVE-2026-55229

Gotenberg prior to 8.34.0 contains an SSRF/local-file disclosure in the /forms/libreoffice/convert endpoint. A specially crafted DOCX can cause LibreOffice to fetch external HTTP(S) resources (blind SSRF) and load local image resources during conversion, potentially exposing internal endpoints an...

7.5CVSS6.1AI score0.00355EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42943

Grav is a file-based Web platform. Prior to 1.7.53 and 2.0.0-rc.8, Grav allows an unauthenticated visitor to exhaust server memory and CPU by requesting image derivatives with oversized dimensions through URL query image actions such as forceResize in Grav::fallbackUrl, which passes request...

8.7CVSS6.1AI score0.00301EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-42723

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS5.9AI score0.00411EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago10 views

Kibana 8.x < 8.19.15 / 9.x < 9.3.4 DoS (ESA-2026-49)

The version of Kibana installed on the remote host is 8.x prior to 8.19.15 or 9.x prior to 9.3.4. It is, therefore, affected by a denial of service vulnerability: - Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can lead to a denial of service. An authenticated user can...

6.5CVSS6.1AI score0.00251EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago12 views

EUVD-2026-33939

mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References5
NVD
NVD
added 5 days ago6 views

CVE-2026-57032

An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...

7.1CVSS0.00411EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42643

Tenda CP3 V3.0 firmware V31.1.9.91 does not validate the Content-Length header field in RTSP requests including DESCRIBE, SETUP, and PLAY methods. When a request carrying a Content-Length header is received without a corresponding message body, the RTSP parser enters a persistent body-awaiting...

7.5CVSS6AI score0.00404EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago9 views

CVE-2026-45409

A flaw was found in the idna library, which handles Internationalized Domain Names in Python applications. A remote attacker could exploit this vulnerability by sending specially crafted, excessively long inputs to the library's encoding function. This could cause the system to consume significan...

6.9CVSS6.4AI score0.00408EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago4 views

netty-codec-http2: netty-codec-http2: Denial of Service due to resource leak

A flaw was found in netty-codec-http2. A remote attacker could send specially crafted frames that cause a resource leak within the DelegatingDecompressorFrameListener class. This resource leak could lead to an Out Of Memory Error OOME, potentially causing a Denial of Service DoS by taking down th...

7.5CVSS6AI score0.00594EPSS
Exploits0References7
NVD
NVD
added 5 days ago9 views

CVE-2026-15186

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-15186 macrozheng mall Portal Endpoint create resource injection

A vulnerability was identified in macrozheng mall up to 1.0.3. This impacts an unknown function of the file /returnApply/create of the component Portal Endpoint. The manipulation of the argument orderId leads to improper control of resource identifiers. The attack can be initiated remotely. The...

6.5CVSS0.00237EPSS
Exploits0References6
CVE
CVE
added 5 days ago12 views

CVE-2026-15186

The CVE-2026-15186 vulnerability affects macrozheng mall (up to version 1.0.3) in the Portal Endpoint’s /returnApply/create function, where manipulating the orderId can lead to improper control of resource identifiers. This is a network-exposed issue with a low- to medium-severity CVSS range (bas...

6.5CVSS6.3AI score0.00237EPSS
Exploits0References6
Rows per page
Query Builder