Lucene search
K

2503 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.12 views

PT-2026-49003

Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: "/api/v1/terminal" which triggers the createTerminal function, and "/api/v1/file" which...

6.5CVSS5.2AI score0.00289EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-47244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...

5.3CVSS5.4AI score0.00292EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 p.m.7 views

UBUNTU-CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/11 1:27 p.m.7 views

Uncaught Exception

Overview @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Uncaught Exception via the handling of invalid incoming HTTP/2 stream initiation. An attacker can cause the server process to crash by sending a specially crafted malformed request. Remediation...

8.7CVSS5.4AI score0.00052EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.16 views

Brickcom多款产品 访问控制错误漏洞

Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...

8.3CVSS5.4AI score0.00156EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 11:45 a.m.13 views

CVE-2026-47774

A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service...

7.5CVSS5.7AI score0.00815EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/10 12:31 a.m.19 views

EUVD-2026-35862

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 11:17 p.m.26 views

CVE-2026-9746

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 10:2 p.m.10 views

CVE-2026-9746 Server crashes in case of the use of exchange

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 10:2 p.m.44 views

CVE-2026-9746

CVE-2026-9746 affects MongoDB Server when using $changestreams with $_requestReshardingResumeToken and the exchange option. The issue causes the server to hit an invariant and crash without requiring special privileges (user must be logged in). The available data identifies the affected feature (...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
MongoDB
MongoDB
added 2026/06/09 10:2 p.m.13 views

Server crashes in case of the use of exchange

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2026/06/09 12:26 p.m.22 views

WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine

Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu aka Gamaredon and SHADOW-EARTH-066 aka...

8.8CVSS5.6AI score0.80906EPSS
Exploits35
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48292

Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A server crash occurs when using $changestreams and $ requestReshardingResumeToken with the exchange option. This issue is triggered when the server hits an invariant, and it can be executed ...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References7
OSV
OSV
added 2026/06/08 11:2 p.m.11 views

GHSA-5X3R-WRVG-RP6Q Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...

5.3CVSS5.4AI score0.00292EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/08 11:2 p.m.16 views

Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced

Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...

5.3CVSS7AI score0.00292EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/06/08 11:2 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...

6.9CVSS5.5AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.25 views

PT-2026-47612

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description In the network application framework, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams and maxStreams to Integer.MAX VALUE, while...

5.3CVSS5.2AI score0.00292EPSS
Exploits0References53
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.7 views

Amazon Linux 2023 : 7zip, 7zip-reduced, 7zip-standalone (ALAS2023-2026-1820)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1820 advisory. A heap buffer overflow vulnerability GHSL-2026-140 exists in 7-Zip version 26.00, caused by an under- allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers ...

8.8CVSS6.5AI score0.00938EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 3:47 p.m.14 views

CVE-2026-48095

A flaw was found in 7-Zip. A remote attacker could exploit a heap buffer overflow vulnerability in the application's handling of NTFS compressed streams. By crafting a malicious image and convincing a user to open it, the attacker can cause an under-allocation of a buffer, leading to an overwrite...

8.8CVSS6.1AI score0.00938EPSS
Exploits1References2
Rows per page
Query Builder