Lucene search
K

28 matches found

CVE
CVE
added yesterday75 views

CVE-2026-45065

CVE-2026-45065 affects Symfony’s UrlGenerator in the Symfony PHP framework. Prior to versions 5.4.52, 6.4.40, 7.4.12, and 8.0.12, UrlGenerator validates route parameters with a pattern built as ^ + raw requirement + $, and ungrouped alternations can cause middle alternatives to match as unanchore...

6.1CVSS6.1AI score0.0004EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2026/06/20 1:39 p.m.9 views

Authentication Bypass

LiteLLM is vulnerable to Authentication Bypass. The vulnerability is due to improper Host header parsing during route validation, where the authentication layer derives the effective route from Host-influenced request metadata and may evaluate a different route than the one processed by FastAPI,...

9.8CVSS5.8AI score0.00559EPSS
Exploits1References7Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45058

Name of the Vulnerable Software and Affected Versions PraisonAI Platform affected versions not specified Description A systemic object-level authorization flaw exists in workspace-scoped REST routes. An authenticated user can access, modify, or delete objects belonging to another workspace by...

8.8CVSS6.1AI score0.00044EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/02/24 9:5 p.m.2 views

CVE-2026-25882

Fiber is an Express inspired web framework written in Go. A denial of service vulnerability exists in Fiber v2 and v3 that allows remote attackers to crash the application by sending requests to routes with more than 30 parameters. The vulnerability results from missing validation during route...

7.5CVSS5.9AI score0.00594EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.15 views

Fiber 安全漏洞

Fiber is an open-source web framework written in Go. Versions of Fiber prior to 2.52.12 and 3.1.0 contain security vulnerabilities. These vulnerabilities stem from lack of validation during route registration and unbounded array writes during request matching, which may lead to application crashe...

7.5CVSS5.8AI score0.00594EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.10 views

PT-2026-8059

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'call by route name' function in the routing layer only validating user capabilities without enforci...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/11/13 12:0 a.m.2 views

CVE-2025-60694

A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...

7.8AI score0.01149EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.7 views

PT-2025-46868

Name of the Vulnerable Software and Affected Versions Linksys E1200 v2 router firmware versions prior to 2.0.11.001 us Description A flaw exists in the validate static route function of the httpd binary. This function does not properly check the size of data when combining CGI parameters – route...

7.5CVSS7.7AI score0.01149EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/07/11 2:43 p.m.24 views

CVE-2025-52958 Junos OS and Junos OS Evolved: When route validation is enabled, BGP connection establishment failure causes RPD crash

A Reachable Assertion vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service DoS.On all Junos OS and Junos OS Evolved devices, when route validation is enabled, a rare condition...

6CVSS0.00211EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: frr (CVE-2024-55553)

The version of frr installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-55553 advisory. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update receiv...

7.5CVSS7.3AI score0.00837EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/07/11 12:0 a.m.4 views

Azure Linux 3.0 Security Update: frr (CVE-2024-55553)

The version of frr installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-55553 advisory. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update receiv...

7.5CVSS7.3AI score0.00837EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/06 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2024-55553

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer...

7.5CVSS7.2AI score0.00837EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2024-45239

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP an ROA or a...

7.5CVSS7.4AI score0.00481EPSS
Exploits0References2
Debian
Debian
added 2025/01/23 12:6 p.m.6 views

[SECURITY] [DLA 4029-1] frr security update

From: Arturo Borrero Gonzalez [email protected] To: [email protected] Subject: SECURITY DLA 4029-1 frr security update - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4029-1 [email protected]...

7.5CVSS6.6AI score0.00837EPSS
Exploits0
OSV
OSV
added 2025/01/06 11:15 p.m.1 views

DEBIAN-CVE-2024-55553

In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...

7.5CVSS8AI score0.00837EPSS
Exploits0References1
OSV
OSV
added 2025/01/06 11:15 p.m.7 views

AZL-55066 CVE-2024-55553 affecting package frr for versions less than 9.1.1-3

In FRRouting FRR before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than th...

7.5CVSS7.5AI score0.00837EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/06 12:0 a.m.4 views

PT-2025-1316

Name of the Vulnerable Software and Affected Versions FRRouting versions 6.0 through 10.2.1 FRRouting versions prior to 10.3 Description The issue is related to the re-validation of routes in FRRouting. An attacker can trigger re-parsing of the RIB for FRR routers using RTR by causing more than t...

9.8CVSS8.1AI score0.00837EPSS
Exploits0References36
OSV
OSV
added 2024/12/18 5:15 a.m.3 views

DEBIAN-CVE-2024-56170

A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent...

5.3CVSS5.4AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2024/08/24 11:15 p.m.1 views

DEBIAN-CVE-2024-45236

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying...

7.5CVSS5.3AI score0.00481EPSS
Exploits0References1
OSV
OSV
added 2024/08/24 11:15 p.m.1 views

DEBIAN-CVE-2024-45238

An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a trusted Trust Anchor can serve via rsync or RRDP a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsin...

7.5CVSS5.3AI score0.00305EPSS
Exploits0References1
Rows per page
Query Builder