Lucene search
K

7 matches found

EUVD
EUVD
added 2026/03/27 5:21 p.m.7 views

EUVD-2026-16490

Local Incus UI web server vulnerable to nuthentication bypass...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/26 10:43 p.m.7 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:32 p.m.4 views

CVE-2026-33542

Incus is a system container and virtual machine manager. Prior to version 6.23.0, a lack of validation of the image fingerprint when downloading from simplestreams image servers opens the door to image cache poisoning and under very narrow circumstances exposes other tenants to running attacker...

7.1CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.11 views

MiracleLinux 9 : skopeo-1.20.0-3.el9_7 (AXSA:2026-230:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-230:01 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustio...

10CVSS6AI score0.01945EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2026/01/14 7:7 p.m.2 views

CVE-2026-22036

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

7.5CVSS5.5AI score0.00433EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/01/14 7:7 p.m.6 views

CVE-2026-22036 Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion

Undici is an HTTP/1.1 client for Node.js. Prior to 7.18.0 and 6.23.0, the number of links in the decompression chain is unbounded and the default maxHeaderSize allows a malicious server to insert thousands compression steps leading to high CPU usage and excessive memory allocation. This...

5.9CVSS6.7AI score0.00433EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.7 views

PT-2026-2950

Name of the Vulnerable Software and Affected Versions Undici versions prior to 7.18.0 Undici versions prior to 6.23.0 Description Undici is an HTTP/1.1 client for Node.js. A malicious server can insert thousands of compression steps due to an unbounded number of links in the decompression chain a...

7.5CVSS6.6AI score0.00433EPSS
Exploits0References77
Rows per page
Query Builder