Lucene search
K

710 matches found

CVE
CVE
added yesterday76 views

CVE-2026-49854

Summary: Tornado’s optional native extension tornado.speedups mishandles the websocket_mask length, reading beyond a four-byte buffer when invoked through the XSRF token decoder with the extension active. This out-of-bounds access affects Tornado up to version 6.5.5 and is fixed in 6.5.6. Impact:...

5.3CVSS6.1AI score0.00027EPSS
Exploits0References4
OSV
OSV
added yesterday5 views

ROOT-OS-DEBIAN-13-CVE-2026-53106 CVE-2026-53106 in rootio-linux - Patched by Root

Root has patched CVE-2026-53106 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

5.8AI score0.00145EPSS
Exploits0
Circl
Circl
added 2 days ago5 views

CVE-2026-6541

creationtimestamp| type| source ---|---|--- 2026-07-13 13:19:19+00:00| seen| https://bsky.app/profile/kriptabiz.bsky.social/post/3mqjrrssiwv27 2026-07-13 13:34:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mqjsnlua352g 2026-07-13 18:19:01+00:00| seen|...

4.3CVSS6.1AI score0.00152EPSS
Exploits0References4
NVD
NVD
added last week13 views

CVE-2026-59877

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

7.5CVSS0.0037EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 7:43 p.m.24 views

CVE-2026-43707

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash...

0.00307EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 12:22 p.m.5 views

Security Bulletin: IBM SOAR QRadar Plugin App is vulnerable to using components with known vulnerabilities (CVE-2026-7246)

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM SOAR QRadar Plugin App has addressed the applicable CVEs with an update. Vulnerability Details CVEID:CVE-2026-7246 DESCRIPTION: Pallets Click, versions 8.3.2...

7.2CVSS6AI score0.0081EPSS
Exploits1Affected Software1
Snyk
Snyk
added 2026/06/22 11:18 p.m.5 views

Improper Enforcement of Behavioral Workflow

Overview filament/filament is an A collection of full-stack components for accelerated Laravel app development. Affected versions of this package are vulnerable to Improper Enforcement of Behavioral Workflow through the improper handling of recovery codes in app-based multi-factor authentication...

9.1CVSS5.9AI score0.00193EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-48166

Filament is a collection of full-stack components for accelerated Laravel development. From 4.0.0 until 4.11.5 and 5.6.5, the login page has an observable timing discrepancy that allows unauthenticated attackers to enumerate registered email addresses. The impact is limited to disclosing whether ...

5.3CVSS0.0021EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 9:30 p.m.10 views

EUVD-2026-36960

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.8 views

EUVD-2026-36784

Incorrect access control in the webhook management component of Project Firefly III v6.5.9 allows attackers to scan internal resources via a crafted POST request...

5.3AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/15 8:20 p.m.7 views

Incorrect Resource Transfer Between Spheres

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via SimpleAsyncHTTPClient. An attacker can obtain sensitive credentials by exploiting...

7.7CVSS5.9AI score0.00034EPSS
Exploits0References2
OSV
OSV
added 2026/06/15 8:19 p.m.8 views

GHSA-MGF9-4VPG-HJ56 tornado AsyncHTTPClient accumulates decompressed chunks without size limit (gzip bomb)

Tornado's gzip decompression routines work in limited-size chunks, but have no overall limit for the total size of decompressed chunks that they will accumulate There has always been a limit for the total compressed size. This allows a malicious server to consume effectively unlimited amounts of...

7.5CVSS5.4AI score0.00052EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49398

Unauthenticated SQL Injection in SpeakOut! Email Petitions = 4.6.5 versions...

9.3CVSS5.7AI score0.00296EPSS
Exploits0References2
Circl
Circl
added 2026/06/13 6:1 p.m.22 views

CVE-2026-5513

creationtimestamp| type| source ---|---|--- 2026-06-13 18:01:43+00:00| seen| https://bsky.app/profile/pulse-wp.com/post/3mo6tilwrx22o 2026-06-14 06:01:57+00:00| seen| https://infosec.exchange/users/offseq/statuses/116746932965862347 2026-06-14 06:02:36+00:00| seen|...

7.2CVSS6.1AI score0.00312EPSS
Exploits1References9
Snyk
Snyk
added 2026/06/12 6:30 p.m.7 views

Buffer Over-read

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Buffer Over-read via the websocketmask function in the speedups component. An attacker can trigger a read past the end of the mas...

6.3CVSS5.4AI score0.00027EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 6:30 p.m.16 views

Tornado has out-of-bounds memory access via C extension

Summary Tornado's optional native extension tornado.speedups implements websocketmask without validating that the mask argument is exactly four bytes long. The C function reads four bytes from mask unconditionally, even when Python passes a shorter byte string. This can read beyond the provided...

5.3CVSS5.3AI score0.00027EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48929

Name of the Vulnerable Software and Affected Versions NanaZip versions 3.0.1000.0 through 6.0.1697.0 Description A heap out-of-bounds read exists in the Android Verified Boot AVB vbmeta image parser via the upstream 7-Zip AvbHandler. An unsigned integer underflow in a bounds check allows an...

5.4CVSS5.2AI score0.0017EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.9 views

CVE-2026-48297

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.13 views

CVE-2026-47983

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:3 p.m.11 views

CVE-2026-47962

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Rows per page
Query Builder