Lucene search
K

125 matches found

RedHat Linux
RedHat Linux
added 2026/07/07 9:54 a.m.5 views

perl-HTTP-Daemon: HTTP::Daemon: Arbitrary code execution via OS command injection in send_file()

A flaw was found in HTTP::Daemon, a Perl module used for creating HTTP servers. A remote attacker can exploit this vulnerability by providing specially crafted input to the sendfile function, leading to OS command injection. This allows the attacker to execute arbitrary commands on the system wit...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References7
NVD
NVD
added 2026/07/04 12:16 p.m.8 views

CVE-2026-14625

A security flaw has been discovered in NousResearch hermes-agent up to 0.15.2. The affected element is the function shell.exec of the file tuigateway/server.py. The manipulation results in protection mechanism failure. It is possible to launch the attack remotely. The exploit has been released to...

6.5CVSS0.00224EPSS
Exploits0References5
OSV
OSV
added 2026/07/02 4:6 p.m.3 views

EEF-CVE-2026-53422 SFTP REALPATH path-existence oracle allowing filesystem enumeration outside configured root

Summary Observable Response Discrepancy vulnerability in Erlang OTP ssh ssh\sftpd module allows an authenticated SFTP user to enumerate the existence of files and directories outside the configured root directory. The SSH\FXP\REALPATH handler in ssh\sftpd calls relate\file\name/3 with...

2.3CVSS5.8AI score0.00262EPSS
Exploits0References6
OSV
OSV
added 2026/06/13 12:3 a.m.14 views

RLSA-2026:25057 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.3AI score0.11471EPSS
Exploits8References2
RedHat Linux
RedHat Linux
added 2026/06/11 10:46 a.m.15 views

Important: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References2
OSV
OSV
added 2026/06/08 4:16 p.m.9 views

ALPINE-CVE-2026-49975

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References1
Cvelist
Cvelist
added 2026/06/01 5:0 p.m.32 views

CVE-2026-10276 hekmon8 Jenkins-server-mcp get_build_status/get_build_log/trigger_build index.ts jobPath server-side request forgery

A vulnerability has been found in hekmon8 Jenkins-server-mcp 0.1.0. This vulnerability affects the function jobPath of the file src/index.ts of the component getbuildstatus/getbuildlog/triggerbuild. Such manipulation leads to server-side request forgery. The attack may be performed from remote. T...

6.5CVSS0.0027EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:49 p.m.13 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/13 2:12 p.m.8 views

CVE-2026-40701

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

6.3CVSS5.8AI score0.00677EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/12 5:37 p.m.10 views

CVE-2026-33006

A flaw was found in the modauthdigest module of httpd. A remote unauthenticated attacker can bypass digest authentication by measuring timing discrepancies of requests. This issue leads to unauthorized access to resources protected by digest authentication. Mitigation Mitigation for this issue is...

4.8CVSS5.7AI score0.00557EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/05/11 6:31 a.m.20 views

bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS4.9AI score0.00389EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/05/11 6:31 a.m.21 views

GHSA-JCQV-2G3V-GM88 bettercap Has an Integer Coercion Error in modules/mysql_server/mysql_server.go

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS4.9AI score0.00389EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/11 5:15 a.m.10 views

CVE-2026-8276 bettercap MySQL Server mysql_server.go integer coercion

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS5AI score0.00389EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/11 5:15 a.m.14 views

CVE-2026-8276

A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires...

6.3CVSS5AI score0.00389EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-8276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysqlserver/mysqlserver.go of the...

6.3CVSS5.5AI score0.00389EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/29 12:0 a.m.12 views

Filesystem MCP Server 路径遍历漏洞

The Filesystem MCP Server is a context-based protocol developed by Manan Sharma, which provides comprehensive access and manipulation of the file system. Version 1.0.0 of the Filesystem MCP Server contains a path traversal vulnerability. This vulnerability stems from improper handling of the...

7.5CVSS7AI score0.0043EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/26 12:0 a.m.14 views

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from the improper handling of the page parameter in the frmL7ProtForm function of the goform/L7Prot component in the http...

9CVSS7.8AI score0.00619EPSS
Exploits1References1
Fedora
Fedora
added 2026/04/25 1:52 a.m.17 views

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44

NGINX module for Brotli compression...

8.8CVSS8.7AI score0.21621EPSS
Exploits0
EUVD
EUVD
added 2026/04/13 6:30 p.m.9 views

EUVD-2026-21990

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

8.7CVSS5.8AI score0.00938EPSS
Exploits0References2
NVD
NVD
added 2026/04/13 4:16 p.m.6 views

CVE-2026-30809

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800...

8.8CVSS0.00938EPSS
Exploits0References1
Rows per page
Query Builder