CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

CVE-2026-3048

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

EUVD-2018-21712

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during serv...

EUVD-2022-3858

Malicious code in bioql PyPI...

EUVD-2022-5919

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-5443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. CVE-2016-5443...

CVE-2025-2183

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...

CVE-2025-2183

The provided documents identify CVE-2025-2183 as an improper certificate validation in Palo Alto Networks GlobalProtect App for Windows. Affected are GlobalProtect App on Windows 6.x before 6.2.8-h3 and 6.3.x before 6.3.3-h2. The underlying issue is insufficient certificate validation which can a...

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

CVE-2019-1003081

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

CVE-2019-1003098

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

Monero 安全漏洞

Monero is a decentralized cryptocurrency from the Monero project. A security vulnerability exists in Monero 0.18.3.4 and earlier versions that stems from an unresponsive limit on HTTP server connections...

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

BIT-NODE-MIN-2020-8251

Node.js 14.11.0 is vulnerable to HTTP denial of service DoS attacks based on delayed requests submission which can make the server unable to accept new connections...

CVE-2024-5921

CVE-2024-5921 : Palo Alto Networks GlobalProtect app suffers from insufficient certificate validation, allowing the client to connect to arbitrary servers. This can enable a local non-admin user or an attacker on the same subnet to install malicious root certificates and subsequently execute malw...

UBUNTU-CVE-2024-5288

An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSLCHECKSIGFAULTS is used in signing operations with private ECC keys, such as in server-side TLS connections, the connection is halted if any fault...

Fedora 40 : exercism (2024-35c28f59d1)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-35c28f59d1 advisory. Update to latest version Security fix for CVE-2023-39325 Tenable has extracted the preceding description block directly from the Fedora security...

CentOS 9 : toolbox-0.0.99.3-9.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the toolbox-0.0.99.3-9.el9 build changelog. - An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP heade...