Lucene search
K

7165 matches found

CVE
CVE
added 2026/06/29 6:44 p.m.18 views

CVE-2026-13757

CVE-2026-13757 affects p11-kit. The RPC attribute parsing functions p11_rpc_message_get_attribute() and p11_rpc_message_get_attribute_array_value() can form a mutually-recursive call chain with no recursion depth limit when handling nested CKA_WRAP_TEMPLATE, CKA_UNWRAP_TEMPLATE, and CKA_DERIVE_TE...

6.2CVSS5.8AI score0.00132EPSS
Exploits0References4Affected Software3
Debian CVE
Debian CVE
added 2026/06/29 6:44 p.m.6 views

CVE-2026-13757

A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...

6.2CVSS5.8AI score0.00132EPSS
Exploits0
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-316 cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes

Summary utils.getsharedsecret always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes. Details utils.py getsharedsecret: def getsharedsecret - Unionstr, int: """ The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree o...

9.8CVSS7.3AI score0.03948EPSS
Exploits6References7
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:15 a.m.6 views

misc: fastrpc: fix use-after-free race in fastrpc_map_create

...

7.8CVSS5.8AI score0.00125EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : kata-containers (EulerOS-SA-2026-2484)

"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 10:54 a.m.35 views

CVE-2026-57918

libnfs through 6.0.2 before 935b8db has an xid integer underflow in READIOVEC in rpcreadfromsocket in lib/socket.c during a connection to a crafted NFS server, when the expected pdu size exceeds the absolute pdu size from the xid/record-marker...

7.1CVSS0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 10:41 a.m.10 views

CVE-2026-13325

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 10:41 a.m.5 views

EUVD-2026-39645

A flaw was found in KubeVirt's migration proxy. When spec.configuration.migrations.disableTLS is set to true on the KubeVirt custom resource, the target virt-handler binds a plain TCP listener on all interfaces 0.0.0.0/:: on a random port with no authentication, peer allow-list, or handshake toke...

8.5CVSS5.8AI score0.00175EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 7:6 a.m.3 views

SUSE-SU-2026:2640-1 Security update for containerd

This update for containerd fixes the following issues - CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2 :path pseudo- header bsc1260296. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...

9.6CVSS6.7AI score0.01557EPSS
Exploits1References9
EUVD
EUVD
added 2026/06/26 1:11 a.m.7 views

EUVD-2026-39602

Bypass to the fix for CVE-2026-34916. Variants of such vectors have been also reported by phucrio and offsetmd. The fix can be bypassed either by sending a disallowed but otherwise valid plugin identifier as type, or using the ox.setChannelTargeting XML-RPC API method...

8.8CVSS6.6AI score0.02734EPSS
Exploits2References2
CVE
CVE
added 2026/06/26 1:11 a.m.10 views

CVE-2026-50744

Revive Adserver 6.0.7 is affected by a bypass of the admin‑only restriction in the XML‑RPC API. The ox.login method returned a session ID cookie in HTTP headers and, although it reported an error, the session was not invalidated, allowing a leaked session ID to be reused for subsequent API calls ...

4.3CVSS5.9AI score0.00173EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2026/06/26 1:11 a.m.29 views

CVE-2026-50741

CVE-2026-50741 concerns Revive Adserver and describes bypassing the fix for CVE-2026-34916. The connected documents indicate that the bypass can be achieved by: (1) sending a disallowed but otherwise valid plugin identifier as the plugin type, and (2) calling the XML-RPC API method ox.setChannelT...

8.8CVSS7.2AI score0.02734EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/25 6:43 p.m.10 views

MAL-2026-6472 Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 6:43 p.m.7 views

Malicious code in tailwindcss-effector (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4780f88b1924c1d5104a4ea18803a0180e9339e5c9a9bf787f9ed4901e1729e3 src/index.js appends a heavily obfuscated async IIFE after a legitimate-looking TailwindCSS plugin. On import, the IIFE issues HTTPS requests to remo...

6AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 6:5 p.m.40 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS0.00401EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/25 6:5 p.m.4 views

CVE-2026-46608 Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE-2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin:...

7.4CVSS5.8AI score0.00409EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 6:0 p.m.20 views

CVE-2026-46611 Glances: XML-RPC Server Missing Host Header Validation Enables DNS Rebinding Attack

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, the Glances XML-RPC server glances -s, implemented in glances/server.py does not validate the HTTP Host header, leaving it vulnerable to DNS rebinding attacks. An attacker can exploit DNS rebinding to exfiltrate the...

5.3CVSS0.00156EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 6:0 p.m.22 views

CVE-2026-46611

Glances XML-RPC server (glances/server.py) before 4.5.5 does not validate the HTTP Host header, enabling DNS rebinding attacks to exfiltrate the victim’s monitoring data. The vulnerability affects the XML-RPC backend used by glances -s (XML-RPC path /RPC2) and allows an attacker to cause the brow...

5.3CVSS5.9AI score0.00156EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.6 views

CVE-2026-53159

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to findvma misuse fastrpcgetargs uses findvma to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA,...

5.5CVSS5.6AI score0.00122EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.8 views

CVE-2026-53158

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
Rows per page
Query Builder