Lucene search
K

2501 matches found

Snyk
Snyk
added 2026/06/11 1:27 p.m.7 views

Uncaught Exception

Overview @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Uncaught Exception via the handling of invalid incoming HTTP/2 stream initiation. An attacker can cause the server process to crash by sending a specially crafted malformed request. Remediation...

8.7CVSS5.4AI score0.00052EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Brickcom多款产品 访问控制错误漏洞

Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...

8.3CVSS5.4AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 11:45 a.m.13 views

CVE-2026-47774

A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service...

7.5CVSS5.7AI score0.00815EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/10 12:31 a.m.19 views

EUVD-2026-35862

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.26 views

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 10:2 p.m.10 views

CVE-2026-9746 Server crashes in case of the use of exchange

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:2 p.m.43 views

CVE-2026-9746

CVE-2026-9746 affects MongoDB Server when using $changestreams with $_requestReshardingResumeToken and the exchange option. The issue causes the server to hit an invariant and crash without requiring special privileges (user must be logged in). The available data identifies the affected feature (...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/09 10:2 p.m.12 views

Server crashes in case of the use of exchange

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/09 12:26 p.m.22 views

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu aka Gamaredon and SHADOW-EARTH-066 aka...

8.8CVSS5.6AI score0.85778EPSS
Exploits35
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48292

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A server crash occurs when using $changestreams and $ requestReshardingResumeToken with the exchange option. This issue is triggered when the server hits an invariant, and it can be executed ...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.16 views

Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...

5.3CVSS7AI score0.00292EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/08 11:2 p.m.11 views

GHSA-5X3R-WRVG-RP6Q Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...

5.3CVSS5.4AI score0.00292EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/08 11:2 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47612

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description In the network application framework, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams and maxStreams to Integer.MAX VALUE, while...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.7 views

Amazon Linux 2023 : 7zip, 7zip-reduced, 7zip-standalone (ALAS2023-2026-1820)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1820 advisory. A heap buffer overflow vulnerability GHSL-2026-140 exists in 7-Zip version 26.00, caused by an under- allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers ...

8.8CVSS6.5AI score0.00938EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 3:47 p.m.14 views

CVE-2026-48095

A flaw was found in 7-Zip. A remote attacker could exploit a heap buffer overflow vulnerability in the application's handling of NTFS compressed streams. By crafting a malicious image and convincing a user to open it, the attacker can cause an under-allocation of a buffer, leading to an overwrite...

8.8CVSS6.1AI score0.00938EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/06/05 1:57 p.m.4 views

CVE-2026-48095

7-Zip is a file archiver with a high compression ratio. Versions 26.00 and prior contain a heap buffer overflow vulnerability caused by an under-allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers to cause arbitrary code execution or application...

8.8CVSS6.4AI score0.00938EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/04 10:7 p.m.13 views

CVE-2026-48156

A flaw was found in pypdf, a free and open-source pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file. This file, containing specific cross-reference streams with /W 0 0 0 values and large /Size values, can lead to excessively long processi...

5.1CVSS5.7AI score0.00124EPSS
Exploits0References6
FreeBSD
FreeBSD
added 2026/06/04 12:0 a.m.8 views

h2o -- HTTP/2 state amplification denial of service

h2o project reports: An HTTP/2 attack can combine HPACK decompression state amplification with stalled streams. Depending on server configuration, decoded header state can be retained by stalled streams, causing excessive memory use and denial of service...

5.4AI score
Exploits0References2
Rows per page
Query Builder