Lucene search
K

252 matches found

RedhatCVE
RedhatCVE
added 2026/06/18 3:2 p.m.9 views

CVE-2026-34356

A flaw was found in Apache HTTP Server. This heap-based buffer overflow vulnerability can be exploited by a malicious backend server when using ProxyPassReverseCookie directives. This could lead to a denial of service DoS condition, making the server unavailable to legitimate users. Mitigation To...

7.5CVSS5.5AI score0.00682EPSS
Exploits0References4
CVE
CVE
added 2026/06/04 6:25 a.m.26 views

CVE-2026-49203

The CVE-2026-49203 entry concerns crucial management API endpoints for cellular eSIM allocation that do not validate caller authorization, enabling remote profiles to be rewritten or deleted. Affected behavior: unauthorized caller can modify eSIM profiles via management APIs. Root cause: missing ...

8.3CVSS5.8AI score0.00168EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/06/03 12:0 a.m.8 views

NLLog: Lightweight, Explainable SOC Anomaly Detection Via Log-To-Language Rewriting

System-generated logs underpin security monitoring, yet their rigid template-based format hinders both automated analysis and human comprehension. We present NLLog Natural-Language Log, a lightweight pipeline that deterministically rewrites parsed templates into WHO-WHAT-SEVERITY sentences, pools...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/06/02 9:0 p.m.9 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/06/02 9:0 p.m.14 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that hides inside binary executable files triggered by a postinstall script. IronWorm is a sophisticated, Rust-based infostealer that functions as a self-replicating supply-chain attack. Its primary characteristi...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/20 8:29 a.m.6 views

CLSA-2026-1779265764 giflib: Fix of CVE-2026-26740

CVE-2026-26740: fix heap OOB write when rewriting truncated GCE in EGifGCBToSavedExtension...

8.2CVSS5.8AI score0.00618EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in SQLite3

SQLite 3.30.1 improperly handles certain parser-tree rewrites, related to expr.c, vdbeaux.c, and window.c. This issue is caused by incorrect error handling in the sqlite3WindowRewrite function...

5.3CVSS6.8AI score0.07856EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/19 3:53 p.m.11 views

Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

5.9AI score0.00091EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-41967

Name of the Vulnerable Software and Affected Versions Mailpit affected versions not specified Description A remote, unauthenticated attacker can cause a denial of service DoS by crashing the Mailpit process. The issue occurs because the screenshot/print proxy reads a package-level assets cache...

5.9CVSS5.9AI score0.00091EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.8 views

Be Kind, Rewrite: Benign Projections Via Rewriting Defend against LLM Data Poisoning Attacks

Large language models LLMs are highly susceptible to backdoor attacks BAs, wherein training samples are poisoned using trigger-based harmful content. Furthermore, existing defenses have proven ineffective when extensively tested across BA patterns. To better combat BAs, we explore the use of LLM...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. Versions of Mattermost 11.5.1 and earlier, including 11.5.x, have security vulnerabilities. These vulnerabilities stem from the lack of verification of channel members when processing AI-assisted...

6.5CVSS5.8AI score0.00205EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 4:17 p.m.11 views

EUVD-2026-21376

LiteLLM has a sandbox escape in custom-code guardrail...

8.8CVSS5.8AI score0.06496EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.18 views

PT-2026-39677

Summary The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and...

8.2CVSS5.9AI score0.00198EPSS
Exploits0References4
OSV
OSV
added 2026/05/05 7:16 p.m.5 views

GHSA-9857-6MW7-FQ2M gix-transport: HTTP credentials leaked to redirected host in curl backend

Summary The curl-based HTTP transport in gix-transport sends user credentials passwords, tokens to an attacker-controlled server after an HTTP redirect. When a server responds with a 302 redirect during the initial GET /info/refs, gitoxide records the redirected base URL and rewrites all subseque...

6.8CVSS5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-7381

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation...

9.1CVSS6.1AI score0.00442EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 11:16 p.m.7 views

DEBIAN-CVE-2026-7381

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

9.1CVSS5.6AI score0.00442EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 10:13 p.m.29 views

CVE-2026-7381 Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting

Plack::Middleware::XSendfile versions through 1.0053 for Perl can allow client-controlled path rewriting. Plack::Middleware::XSendfile allows the variation setting sendfile type to be set by the client via the X-Sendfile-Type header, if it is not considered in the middleware constructor or the...

0.00442EPSS
Exploits0References3
CVE
CVE
added 2026/04/29 10:13 p.m.13 views

CVE-2026-7381

Plack::Middleware::XSendfile (Perl)

9.1CVSS5.5AI score0.00442EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.6 views

PT-2026-36018

Name of the Vulnerable Software and Affected Versions Plack::Middleware::XSendfile versions prior to 1.0053 Description Plack::Middleware::XSendfile allows the variation setting sendfile type to be controlled by the client via the X-Sendfile-Type header if it is not defined in the middleware...

9.1CVSS5.4AI score0.00442EPSS
Exploits0References18
Github Security Blog
Github Security Blog
added 2026/04/24 3:19 p.m.14 views

Contour has Lua code injection via Cookie Path Rewrite Policy

Impact Contour's Cookie Rewriting feature is vulnerable to Lua code injection. An attacker with RBAC permissions to create or modify HTTPProxy resources can craft a malicious value in the following fields that results in arbitrary code execution in the Envoy proxy: -...

8.1CVSS6.3AI score0.00481EPSS
Exploits0References11Affected Software1
Rows per page
Query Builder