Lucene search
K

810 matches found

CVE
CVE
added 6 days ago24 views

CVE-2026-54776

CoreWCF (UnixDomainSocket transport) with PosixIdentity client credentials is affected by a vulnerability where connections can bypass the framing-layer identity checks by skipping the application/unixposix stream upgrade before message dispatch. Affected versions include CoreWCF prior to 1.8.1 a...

4.4CVSS6AI score0.00109EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-54776 CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS0.00109EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/07 4:40 p.m.5 views

Buffer Access with Incorrect Length Value

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Buffer Access with Incorrect Length Value in the GDALRaster process when constructed from a bytes object. An attacker can access...

6.3CVSS6AI score0.00291EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:2 a.m.13 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/06 7:55 a.m.6 views

CVE-2026-46453

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel ElasticSearch Rest Client. The camel-elasticsearch-rest-client component reads several Exchange headers to control its behaviour - SEARCHQUERY an advanced query body, OPERATION which...

6AI score0.00451EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/07/04 11:13 a.m.6 views

Improper Resource Shutdown or Release

Overview Affected versions of this package are vulnerable to Improper Resource Shutdown or Release via the RRCInactiveTransitionReport function of the NGAP Message Handler component. An attacker can cause a service disruption by sending specially crafted messages remotely. Remediation Upgrade...

5.3CVSS6AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2026/06/23 2:37 p.m.6 views

BIT-APISIX-2026-49871 Apache APISIX: cas-auth login CSRF / session injection issue

Cross-Site Request Forgery CSRF vulnerability in the cas-auth plugin under default configurations. This defect allows a remote attacker that manages to send a victim to a webpage controlled by them can cause the victim's browser to become authenticated as a different identity. Actions the victim...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References3
CBLMariner
CBLMariner
added 2026/06/22 9:21 p.m.6 views

CVE-2026-46136 affecting package kernel for versions less than 6.6.141.1-1

CVE-2026-46136 affecting package kernel for versions less than 6.6.141.1-1. An upgraded version of the package is available that resolves this issue...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/19 8:46 p.m.7 views

CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...

4.4CVSS5.8AI score0.00109EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 8:46 p.m.5 views

GHSA-WJPQ-6766-7F5J CoreWCF: Unix Domain Socket PosixIdentity transport accepts connections that skip the security upgrade

Impact A CoreWCF service hosted on Unix Domain Sockets with the PosixIdentity client credential type UnixDomainSocketBinding with Security.Mode = TransportCredentialOnly and Security.Transport.ClientCredentialType = PosixIdentity does not require the client to perform the application/unixposix...

4.4CVSS5.8AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51073

Name of the Vulnerable Software and Affected Versions CoreWCF versions prior to 1.8.1 CoreWCF versions prior to 1.9.1 Description A CoreWCF service hosted on Unix Domain Sockets using PosixIdentity client credentials may accept connections that bypass the application/unixposix stream upgrade befo...

4.4CVSS6AI score0.00109EPSS
Exploits0References12
NVD
NVD
added 2026/06/12 10:16 a.m.12 views

CVE-2026-50629

The 'clientId' parameter from incoming HTTP requests is directly concatenated into OAuth2 server log warning messages without sanitizing control characters. This allows an attacker to inject arbitrary content, including fake log entries, into the server's log files. Users are recommended to upgra...

5.3CVSS0.0047EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 8:56 a.m.8 views

EUVD-2026-36396

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

5.2AI score0.00668EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48851

A further incomplete fix for a previous advisory CVE-2026-44417 Untrusted JMS configuration can lead to RCE for Apache CXF has been identified, which can allow code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions...

5.7AI score0.00646EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47720

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-samba versions prior to 4.12.6 Description The GCSToSambaOperator in the Apache Airflow Samba provider fails to perform a containment check when joining GCS object names to the SMB destination path. This allows an...

6.5CVSS5.6AI score0.00695EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/07 2:30 a.m.11 views

EUVD-2026-34981

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS5.4AI score0.01572EPSS
Exploits1References5
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS5.7AI score0.00651EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 8:37 a.m.12 views

CVE-2026-48827 Apache MINA SSHD: Path traversal in org.apache.sshd:sshd-git

Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated over SSH access to git repositories outside the configured git server root directory. Applications are affected if th...

7.1CVSS5.8AI score0.00527EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 9:41 a.m.11 views

Server-side Request Forgery (SSRF)

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF. The NoPrivateNetworkHttpClient is designed to be a security boundary that blocks requests to private/interna...

8.8CVSS5.8AI score0.00029EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 3:0 p.m.16 views

CVE-2026-42797

Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related...

5.8AI score0.00436EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder