2503 matches found
PT-2026-49003
Name of the Vulnerable Software and Affected Versions Nezha Monitoring versions 1.0.0 through 2.1.x Description The dashboard exposes two endpoints that create long-lived WebSocket streams to monitored agents: "/api/v1/terminal" which triggers the createTerminal function, and "/api/v1/file" which...
Linux Distros Unpatched Vulnerability : CVE-2026-47244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final,...
UBUNTU-CVE-2026-53702
A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...
Uncaught Exception
Overview @grpc/grpc-js is a gRPC Library for Node Affected versions of this package are vulnerable to Uncaught Exception via the handling of invalid incoming HTTP/2 stream initiation. An attacker can cause the server process to crash by sending a specially crafted malformed request. Remediation...
CVE-2026-9746
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
Brickcom多款产品 访问控制错误漏洞
Brickcom Cube, among others, are products of the Brickcom company. The Brickcom Cube is a series of indoor network surveillance cameras. The Brickcom Dome is a series of hemispherical network surveillance cameras. The Brickcom Bullet is a series of gun-type network surveillance cameras. Several o...
CVE-2026-47774
A denial-of-service vulnerability was found in Envoy's HTTP/2 HPACK header compression implementation. A remote attacker could send a specially crafted HTTP/2 request that triggers disproportionately large memory allocations on the server, leading to resource exhaustion and denial of service...
EUVD-2026-35862
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746 Server crashes in case of the use of exchange
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
CVE-2026-9746
CVE-2026-9746 affects MongoDB Server when using $changestreams with $_requestReshardingResumeToken and the exchange option. The issue causes the server to hit an invariant and crash without requiring special privileges (user must be logged in). The available data identifies the affected feature (...
Server crashes in case of the use of exchange
When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...
WinRAR Flaw Exploited by Russia-Aligned Groups to Deploy Stealers in Ukraine
Two Russia-aligned cyber attack campaigns have continued to exploit a security flaw in WinRAR to target Ukrainian organisations, almost a year after patches for the vulnerability were released. The activity has been attributed by Trend Micro to Earth Dahu aka Gamaredon and SHADOW-EARTH-066 aka...
PT-2026-48292
Name of the Vulnerable Software and Affected Versions MongoDB affected versions not specified Description A server crash occurs when using $changestreams and $ requestReshardingResumeToken with the exchange option. This issue is triggered when the server hits an invariant, and it can be executed ...
GHSA-5X3R-WRVG-RP6Q Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...
Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
Impact DefaultHttp2Connection.DefaultEndpoint initialises maxActiveStreams/maxStreams to Integer.MAXVALUE, and Http2Settings never inserts SETTINGSMAXCONCURRENTSTREAMS by default Http2Settings.java:305-307 only clamps a user-supplied value. Unless the application explicitly calls...
Allocation of Resources Without Limits or Throttling
Overview io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of enforcement of the advertised...
PT-2026-47612
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.135.Final Netty versions prior to 4.2.15.Final Description In the network application framework, DefaultHttp2Connection.DefaultEndpoint initializes maxActiveStreams and maxStreams to Integer.MAX VALUE, while...
Amazon Linux 2023 : 7zip, 7zip-reduced, 7zip-standalone (ALAS2023-2026-1820)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1820 advisory. A heap buffer overflow vulnerability GHSL-2026-140 exists in 7-Zip version 26.00, caused by an under- allocation in the NTFS compressed stream buffer GetCuSize shift UB, potentially allowing attackers ...
CVE-2026-48095
A flaw was found in 7-Zip. A remote attacker could exploit a heap buffer overflow vulnerability in the application's handling of NTFS compressed streams. By crafting a malicious image and convincing a user to open it, the attacker can cause an under-allocation of a buffer, leading to an overwrite...