Lucene search
+L

400 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/13 12:0 a.m.18 views

Amazon Linux 2023 : libnghttp2, libnghttp2-devel, nghttp2 (ALAS2023-2026-1542)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1542 advisory. nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API...

7.5CVSS6.7AI score0.00775EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.2 views

FreeBSD : nghttp2 -- CWE-617: Reachable Assertion (c08273b5-30e5-11f1-b9f2-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c08273b5-30e5-11f1-b9f2-b42e991fc52e advisory. https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 reports: nghttp2 is an...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/01 9:6 p.m.3 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization via the test.php endpoint and the retrieveSubscriptions process. An attacker can terminate active Stripe subscriptions belonging to other use...

7.1CVSS5.8AI score0.00281EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 9:4 p.m.11 views

GHSA-4JCG-JXPF-5VQ3 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php

Summary The AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but performs no authentication or authorization checks before doing so. An...

7.5CVSS5.9AI score0.00479EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/01 9:16 a.m.6 views

CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

5.5CVSS5.7AI score0.00177EPSS
Exploits0References15
Cvelist
Cvelist
added 2026/03/31 8:50 p.m.30 views

CVE-2026-34731 AVideo: Unauthenticated Live Stream Termination via RTMP Callback on_publish_done.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but perform...

7.5CVSS0.00479EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.10 views

WWBN AVideo 访问控制错误漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 26.0 contained an access control vulnerability. This vulnerability stemmed from the lack of authentication for the onpublishdone.php endpoint in the Live plugin, which could allo...

7.5CVSS5.8AI score0.00479EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/27 10:28 p.m.3 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization in the sessions/:sessionKey/kill HTTP route. An attacker can terminate arbitrary sessions without proper authorization by sending a bearer-authenticated request th...

8.1CVSS6AI score0.00346EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.5 views

CVE-2026-20690

An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. Processing an audio stream in a maliciousl...

6.5CVSS5.8AI score0.00724EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:10 p.m.5 views

CVE-2026-1717

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...

6.8CVSS5.9AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-2640

During an internal security assessment, a potential vulnerability was discovered in Lenovo PC Manager that could allow a local authenticated user to terminate privileged processes...

6.8CVSS5.8AI score0.00114EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.18 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of the American company Apple. Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Versions of Apple iOS prior to 26.4 and iPadOS prior to 26.4 contained security vulnerabilities. These...

7.5CVSS5.8AI score0.00445EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 3:16 p.m.5 views

CVE-2026-27654

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpdavmodule module that might allow an attacker to trigger a buffer overflow to the NGINX worker process; this vulnerability may result in termination of the NGINX worker process or modification of source or destination file names...

8.8CVSS0.21621EPSS
Exploits0References19
OSV
OSV
added 2026/03/23 10:38 p.m.7 views

JLSEC-2026-5 nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References55
SUSE CVE
SUSE CVE
added 2026/03/19 12:26 a.m.6 views

SUSE CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References27
OSV
OSV
added 2026/03/18 6:16 p.m.6 views

ALPINE-CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS7.5AI score0.00775EPSS
Exploits0References1
NVD
NVD
added 2026/03/18 6:16 p.m.6 views

CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS0.00775EPSS
Exploits0References55
UbuntuCve
UbuntuCve
added 2026/03/18 6:16 p.m.5 views

CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References4
OSV
OSV
added 2026/03/18 6:16 p.m.4 views

UBUNTU-CVE-2026-27135

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS5.8AI score0.00775EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/18 5:59 p.m.27 views

CVE-2026-27135 nghttp2 Denial of service: Assertion failure due to the missing state validation

nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesession or nghttp2sessionterminatesession2 is called by the application. They might be...

7.5CVSS0.00775EPSS
Exploits0References2
Rows per page
Query Builder