Lucene search
K

120 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/30 10:8 p.m.6 views

CVE-2026-56318

Capgo before 12.128.2 contains an information disclosure vulnerability in the /private/validatepasswordcompliance endpoint that returns different error responses for malformed, non-existent, and existing organization IDs. Unauthenticated attackers can enumerate valid organization UUIDs by observi...

6.9CVSS5.8AI score0.00261EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/17 12:3 p.m.9 views

postfix security update

An update is available for postfix. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The postfix packages provide a Mail Transport Agent MTA, which supports...

7.5CVSS5.7AI score0.00415EPSS
Exploits0
OSV
OSV
added 2026/06/17 6:0 a.m.6 views

RLSA-2026:25932 Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/15 10:36 a.m.9 views

postfix: buffer over-read via malformed enhanced status code

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

7.5CVSS5.7AI score0.00415EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/15 10:7 a.m.11 views

postfix: buffer over-read via malformed enhanced status code

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

7.5CVSS5.7AI score0.00415EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49504

Unauthenticated SQL Injection in Advanced 301 and 302 Redirect = 1.6.9 versions...

9.3CVSS5.7AI score0.00289EPSS
Exploits0References2
Mageia
Mageia
added 2026/06/10 5:11 p.m.11 views

Updated postfix packages fix security vulnerability

Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number. CVE-2026-43964...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/03 8:22 p.m.13 views

USN-8253-2: Postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

7.5CVSS5.6AI score0.00415EPSS
Exploits0
OSV
OSV
added 2026/06/03 8:22 p.m.10 views

USN-8253-2 postfix vulnerability

USN-8253-1 fixed a vulnerability in Postfix. This update provides the corresponding fix for Postfix on Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes....

7.5CVSS5.9AI score0.00415EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 2:2 p.m.11 views

CVE-2026-43964

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

7.5CVSS6AI score0.00415EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 1:59 p.m.11 views

OESA-2026-2288 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

7.5CVSS6.1AI score0.00415EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.11 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Postfix vulnerability (USN-8253-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8253-1 advisory. Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:30 p.m.9 views

OESA-2026-2209 postfix security update

Postfix is a Mail Transport Agent MTA. Security Fixes: Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number.CVE-2026-43964...

7.5CVSS6.1AI score0.00415EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 2:31 p.m.9 views

USN-8253-1 postfix vulnerability

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00415EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/07 2:31 p.m.15 views

USN-8253-1: Postfix vulnerability

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

7.5CVSS5.8AI score0.00415EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.16 views

PT-2026-39180

Kamil Frankowicz discovered that Postfix incorrectly handled certain enhanced status codes. A remote attacker could possibly use this issue to cause Postfix to crash, resulting in a denial of service...

3.7CVSS5.8AI score0.00415EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.15 views

Postfix 安全漏洞

Postfix is an open-source mail transfer agent software developed by Postfix. Vulnerabilities existed in versions prior to Postfix 3.8.16, 3.9.10, and 3.10.9. These vulnerabilities stemmed from the lack of text after the third digit in enhanced status codes, which could lead to excessive buffer...

7.5CVSS5.9AI score0.00415EPSS
Exploits0References1
NVD
NVD
added 2026/04/24 6:16 p.m.6 views

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

8.2CVSS0.00611EPSS
Exploits1References41
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:55 p.m.6 views

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

4.8CVSS5.3AI score0.00611EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/04/24 5:55 p.m.38 views

CVE-2026-42041

CVE-2026-42041 affects Axios, a promise-based HTTP client for browser and Node.js. The issue is a prototype pollution gadget in the validateStatus merge strategy (uses the in operator), allowing pollution of Object.prototype to cause HTTP error responses (401/403/500, etc.) to be treated as succe...

8.2CVSS5.3AI score0.00611EPSS
Exploits1References41Affected Software1
Rows per page
Query Builder