Lucene search
K

8680 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-57220

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00429EPSS
Exploits1References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS0.00341EPSS
Exploits1References6
OSV
OSV
added 4 days ago1 views

CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...

6.8CVSS6.1AI score0.00341EPSS
Exploits1References8
CVE
CVE
added 4 days ago12 views

CVE-2026-57220

RabbitMQ (server) prior to 4.2.6 is vulnerable in the stream listener: during authentication and before Tune negotiation, it does not enforce the configured stream frame-size limit. An unauthenticated remote client can declare oversized frame lengths, potentially exhausting broker memory via rabb...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References6Affected Software1
OSV
OSV
added 4 days ago2 views

CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References8
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-57220 RabbitMQ: Stream listener does not enforce configured frame-size limit during authentication, permitting unauth'd mem-exhaust DoS

RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while assembling frames during authentication and before Tune negotiation, allowing an unauthenticated remote client to declare oversized frame length...

7.5CVSS0.00429EPSS
Exploits1References6
Metasploit
Metasploit
added 4 days ago14 views

FTP Fetch, Linux Command Shell, Reverse SCTP Stager

Fetch and execute an x64 payload from an FTP server. Spawn a command shell staged. Connect back to the attacker Module Options msf use payload/cmd/linux/ftp/x64/shell/reversesctp msf payloadreversesctp show actions ...actions... msf payloadreversesctp set ACTION msf payloadreversesctp show option...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-59725

A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP...

7.5CVSS6AI score0.00354EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago3 views

socket.io: engine.io: Socket.IO: Denial of Service via invalid binary POST requests

A flaw was found in Socket.IO, specifically within the Engine.IO protocol v4 polling transport. An unauthenticated attacker can exploit this vulnerability by sending invalid binary POST requests with a Content-Type of application/octet-stream. This improper handling of requests prevents the HTTP...

7.5CVSS6AI score0.00354EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-57305

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 4.2.6 Description The RabbitMQ stream listener fails to enforce the configured stream frame-size limit when assembling frames during authentication and before Tune negotiation. This allows an unauthenticated remote...

7.5CVSS6.1AI score0.00429EPSS
Exploits1References8
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-55865 Python Liquid: Infinite loop when parsing malformed `{% case %}` tags

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.1, given a malformed % case % tag without an associated % when % or % else % block and no terminating % endcase % tag, Python Liquid hangs in an infinite loop at parse time because liquid.TokenStream.eof did not give...

7.1CVSS0.00451EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-53655

A flaw was found in node-tar. This vulnerability arises because node-tar incorrectly applies PAX extended header size records to subsequent intermediary metadata headers, leading to a desynchronization of the tar stream cursor compared to other standard tar implementations. A remote attacker coul...

6.9CVSS5.9AI score0.00107EPSS
Exploits1References4
Mageia
Mageia
added 5 days ago4 views

Updated 7zip packages fix a security vulnerability

7-Zip has a heap buffer overflow via NTFS compressed stream buffer under-allocation. CVE-2026-48095...

8.8CVSS6.2AI score0.00938EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-59936

A flaw was found in pypdf, a pure-Python PDF library. A remote attacker can craft a malicious PDF document containing an unterminated inline image within its page content stream. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop,...

8.7CVSS5.9AI score0.00345EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 5 days ago4 views

kernel: sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A race condition exists in the SCTPSENDALL path where a cached list entry is not properly revalidated after the socket lock is temporarily released. This allows a local attacker or a remote attacker v...

7.8CVSS6.2AI score0.00104EPSS
Exploits0References5
CVE
CVE
added 5 days ago9 views

CVE-2026-51597

CVE-2026-51597 affects the Mercury MIPC252W IP camera, version 1.0.5 Build 230306 Rel.79931n. The issue is that RTSP Digest authentication does not expire nonces, enabling an adjacent network attacker to capture a legitimate authentication exchange and replay the nonce and response in a new conne...

9.1CVSS6AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-10536

A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References6
CVE
CVE
added 6 days ago7 views

CVE-2026-59725

CVE-2026-59725 affects Socket.IO’s Engine.IO polling transport (versions 4.1.0–6.6.6). The root cause is that invalid binary POST requests with Content-Type: application/octet-stream are not properly closing the HTTP response, enabling unauthenticated attackers to exhaust server-side connections ...

7.5CVSS6AI score0.00354EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-54061 Dgraph Alpha group stores can be replaced via unauthenticated external snapshot import

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...

9.1CVSS0.00388EPSS
Exploits0References2
EUVD
EUVD
added 6 days ago4 views

EUVD-2026-42235

Dgraph is an open source distributed GraphQL database. Prior to version 25.3.5, Dgraph Alpha exposes the RPCs used for external snapshot import on the public gRPC port :9080 without authentication or authorization. As a result, an unauthenticated network client can open StreamExtSnapshot and send...

9.1CVSS5.9AI score0.00388EPSS
Exploits0References2
Rows per page
Query Builder