Lucene search
K

3092 matches found

Positive Technologies
Positive Technologies
added yesterday4 views

PT-2026-58726

Name of the Vulnerable Software and Affected Versions Amazon AWS Load Balancer Controller versions prior to 3.4.2 Description An issue exists in the Gateway API listener-rule generation where rules are ordered by route type rather than specificity when an HTTPRoute and GRPCRoute share an ALB...

8.5CVSS6.1AI score
Exploits0References4
RedhatCVE
RedhatCVE
added 4 days ago8 views

CVE-2026-52747

A flaw was found in ModSecurity, an open-source web application firewall WAF. The multipart/form-data request body parser in libmodsecurity incorrectly handles embedded line breaks in non-file form-field values. This discrepancy between ModSecurity and backend applications, which preserve line...

8.6CVSS6.1AI score0.0046EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 6 days ago4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
OSV
OSV
added last week3 views

CVE-2026-58251 NATS Server: Queue Subscribe Authz Bypass

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.0, 2.12.7, and 2.11.16, an authenticated user with subscription deny permissions could bypass a plain subject deny rule by using a queue subscription, because queue-specific deny...

6.5CVSS6.1AI score0.00463EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/02 12:3 a.m.4 views

netty-handler: netty-handler: IPv6 subnet rule bypass due to incorrect masking operation

A flaw was found in netty-handler, a component of the Netty network application framework. A remote attacker can exploit an incorrect masking operation in the IpSubnetFilterRule.compareTo function to bypass configured IPv6 subnet rules. This allows valid public IP addresses to circumvent intended...

8.1CVSS5.9AI score0.00573EPSS
Exploits0References7
NVD
NVD
added 2026/07/01 5:16 a.m.13 views

CVE-2026-7829

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS0.00571EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.9 views

CVE-2026-7829 UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS6.3AI score0.00571EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.7 views

EUVD-2026-40881

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

9.1CVSS6.3AI score0.00571EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 3:33 a.m.35 views

CVE-2026-7829 UltraVNC repeater authenticated out-of-bounds write in rule parser via oversized token

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpys copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a N...

7.2CVSS0.00571EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 3:33 a.m.16 views

CVE-2026-7829

UltraVNC repeater (= destination size, the NUL byte is written past the end of the stack array, corrupting adjacent data and potentially enabling code execution on the repeater host. An attacker with admin credentials (including via CVE-2026-7839 default password) can trigger this. The provided d...

7.2CVSS6.3AI score0.00571EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.11 views

PT-2026-54485

UltraVNC repeater through 1.8.2.2 contains a post-authentication out-of-bounds write in the allow/deny rule parser. In repeater/webgui/settings.c:225-272, after strncpy s copies a rule token into temp1rule1 25-byte destination or temp2/temp3 16-byte destination, the code unconditionally writes a...

7.2CVSS6.3AI score0.00571EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/29 7:28 p.m.3 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection in the rule ID path parameter of the alert-history endpoints. An attacker can execute arbitrary database queries and access sensitive data by injecting specially crafted input. This may also allow the attacker to perform...

8.5CVSS6.2AI score0.00235EPSS
Exploits0References2
NVD
NVD
added 2026/06/29 6:16 p.m.11 views

CVE-2026-57955

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 5:22 p.m.9 views

EUVD-2026-40141

SigNoz through 0.130.1 contains a broken access control vulnerability that allows authenticated users to access other organizations' alert rules by supplying a target rule UUID, as the alert rule store predicates fail to filter by organization ID. Attackers can read, edit, and delete alert rules...

6.4CVSS5.8AI score0.00177EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/29 5:22 p.m.36 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS0.00235EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/29 5:22 p.m.8 views

EUVD-2026-40140

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.5CVSS6.1AI score0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 5:22 p.m.23 views

CVE-2026-57955

SigNoz versions up to 0.130.1 are affected by a SQL injection in the alert-history endpoints. The issue arises from unsanitized rule ID interpolation into ClickHouse queries, allowing authenticated attackers to inject URL-encoded quotes via the rule ID path parameter. The consequence is potential...

8.5CVSS6.1AI score0.00235EPSS
Exploits0References2
OSV
OSV
added 2026/06/29 5:22 p.m.3 views

CVE-2026-57955 SigNoz 0.130.1 - SQL Injection in Alert History Endpoints via Rule ID Parameter

SigNoz through 0.130.1 contains a SQL injection vulnerability that allows authenticated attackers to execute arbitrary ClickHouse queries by injecting URL-encoded quotes into the rule ID path parameter of the alert-history endpoints. Attackers can manipulate the unsanitized rule ID interpolated...

8.3CVSS6.2AI score0.00235EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:8 a.m.6 views

batman-adv: frag: disallow unicast fragment in fragment

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
OSV
OSV
added 2026/06/26 10:32 p.m.3 views

GHSA-J748-H363-WQJ8 Authelia has an Edge Case Access Control Rule Mismatch

Impact CVSSv4 Baseline Score: Low 2.4 CVSSv4 Weighted Score: Low 1.3 The full CVSSv4 Vector for this vulnerability is: CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/CR:H/IR:L/AR:L/MAV:N/MAC:H/MAT:P/MPR:L/MVC:L/MVI:N/MVA:N/MSC:L/MSI:N/MSA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Amber...

2.3CVSS5.7AI score0.00283EPSS
Exploits0References4
Rows per page
Query Builder