Lucene search
K

64 matches found

NVD
NVD
added last week12 views

CVE-2026-59725

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS0.00354EPSS
Exploits0References3
CVE
CVE
added last week7 views

CVE-2026-59725

CVE-2026-59725 affects Socket.IO’s Engine.IO polling transport (versions 4.1.0–6.6.6). The root cause is that invalid binary POST requests with Content-Type: application/octet-stream are not properly closing the HTTP response, enabling unauthenticated attackers to exhaust server-side connections ...

7.5CVSS6AI score0.00354EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added last week34 views

CVE-2026-59725 Socket.IO: Engine.IO Polling Transport Connection Exhaustion

Socket.IO enables bidirectional and low-latency communication for every platform. From 4.1.0 before 6.6.7, Engine.IO protocol v4 polling transport does not properly close the HTTP response for invalid binary POST requests with Content-Type: application/octet-stream, allowing an unauthenticated...

7.5CVSS0.00354EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56488

Name of the Vulnerable Software and Affected Versions Socket.IO versions 4.1.0 through 6.6.6 Description The Engine.IO protocol v4 polling transport fails to properly close the HTTP response when receiving invalid binary POST requests that use the Content-Type: application/octet-stream header. Th...

7.5CVSS6AI score0.00354EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/06/02 11:13 a.m.45 views

CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks

D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...

6.5CVSS0.00225EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

DITEC D.Launcher 2 安全漏洞

DITEC D.Launcher 2 is an electronic signature component and integration client developed by DITEC Corporation. DITEC D.Launcher 2 has a security vulnerability. This vulnerability stems from the application registering multiple custom URL handlers. It may allow attackers to exploit these handlers ...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.9 views

CVE-2026-3048

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

5.1CVSS0.00257EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 5:11 p.m.8 views

CVE-2026-3048 Nexus Repository 3 - Improper LDAP Referral Handling

An authenticated administrator who configures or tests LDAP connectivity in Sonatype Nexus Repository Manager versions 3.0.0 through 3.91.1 may be able to initiate unintended server-side connections when interacting with a malicious LDAP server...

5.1CVSS5.8AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/30 12:32 p.m.6 views

EUVD-2018-21712

Valentina Studio 9.0.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Host field. Attackers can trigger the crash by pasting a 256-byte buffer of repeated characters into the Host parameter during serv...

6.9CVSS6AI score0.00206EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.25 views

EUVD-2022-3858

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0382EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-5919

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00525EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2016-5443

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. CVE-2016-5443...

4.7CVSS5.9AI score0.00417EPSS
Exploits0References2
NVD
NVD
added 2025/08/13 5:15 p.m.6 views

CVE-2025-2183

An insufficient certificate validation issue in the Palo Alto Networks GlobalProtect™ app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root...

5.3CVSS0.00112EPSS
Exploits0References1
CVE
CVE
added 2025/08/13 5:5 p.m.37 views

CVE-2025-2183

The provided documents identify CVE-2025-2183 as an improper certificate validation in Palo Alto Networks GlobalProtect App for Windows. Affected are GlobalProtect App on Windows 6.x before 6.2.8-h3 and 6.3.x before 6.3.3-h2. The underlying issue is insufficient certificate validation which can a...

5.3CVSS7.1AI score0.00112EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.9 views

CVE-2022-34204

A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server...

4.3CVSS6.5AI score0.00525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.34 views

CVE-2019-1003081

A missing permission check in Jenkins OpenShift Deployer Plugin in the DeployApplication.DeployApplicationDescriptordoCheckLogin form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.10 views

CVE-2019-1003098

A cross-site request forgery vulnerability in Jenkins openid Plugin in the OpenIdSsoSecurityRealm.DescriptorImpldoValidate form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01312EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2025/02/15 12:15 a.m.4 views

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

8.6CVSS7AI score0.00533EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/02/15 12:0 a.m.6 views

Monero 安全漏洞

Monero is a decentralized cryptocurrency from the Monero project. A security vulnerability exists in Monero 0.18.3.4 and earlier versions that stems from an unresponsive limit on HTTP server connections...

8.6CVSS6.4AI score0.00533EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/02/14 12:0 a.m.5 views

CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

8.6CVSS7.2AI score0.00533EPSS
Exploits0References1
Rows per page
Query Builder