Lucene search
K

665 matches found

Nuclei
Nuclei
added 2026/07/07 4:50 p.m.196 views

VMware VRealize Network Insight - Remote Code Execution

VMWare Aria Operations for Networks vRealize Network Insight is vulnerable to command injection when accepting user input through the Apache Thrift RPC interface. This vulnerability allows a remote unauthenticated attacker to execute arbitrary commands on the underlying operating system as the ro...

9.8CVSS8.1AI score0.98281EPSS
Exploits7References5
CVE
CVE
added 2026/07/06 8:38 a.m.19 views

CVE-2026-24013

CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...

9.1CVSS6AI score0.00471EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:38 a.m.36 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

0.00471EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.15 views

PT-2026-55879

Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.3.3 through 2.0.7 Description An authentication bypass issue exists due to insufficient validation of the sessionId parameter within certain Thrift RPC query handlers. An attacker can forge the sessionId to bypass the...

9.1CVSS6AI score0.00471EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/22 5:15 p.m.16 views

Important: Red Hat Security Advisory: Red Hat build of Cryostat security update

An update is now available for the Red Hat build of Cryostat 4 on RHEL 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

9.8CVSS7.6AI score0.01079EPSS
Exploits7References11
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.11 views

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References17
OSV
OSV
added 2026/06/18 1:58 p.m.13 views

ROOT-APP-GOBINARY-CVE-2026-41602 CVE-2026-41602 in rootio-github.com/apache/thrift - Patched by Root

Root has patched CVE-2026-41602 in the rootio-github.com/apache/thrift package for Root:Go. Multiple fixed versions available...

7.5CVSS5.8AI score0.01163EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.9 views

Apache Thrift: Apache Thrift: Denial of Service via excessive memory allocation

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

7.5CVSS5.4AI score0.00665EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/17 11:5 p.m.20 views

Apache Thrift: Apache Thrift: Security bypass due to improper certificate validation

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

7.3CVSS5.3AI score0.00632EPSS
Exploits0References5
OSV
OSV
added 2026/06/17 2:45 p.m.5 views

SUSE-SU-2026:2438-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References13
OSV
OSV
added 2026/06/17 2:9 p.m.9 views

ROOT-APP-MAVEN-CVE-2026-43869 CVE-2026-43869 in io.root.org.apache.thrift:libthrift - Patched by Root

Root has patched CVE-2026-43869 in the io.root.org.apache.thrift:libthrift package for Root:Maven. Multiple fixed versions available...

7.3CVSS5.8AI score0.00632EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

7.5CVSS5.4AI score0.01079EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.7 views

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

7.3CVSS5.4AI score0.00394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 9:58 p.m.14 views

CVE-2026-43868

A flaw was found in Apache Thrift. This vulnerability involves a Memory Allocation with Excessive Size Value, which could allow an attacker to trigger resource exhaustion. By providing an overly large size value during memory allocation, an attacker can cause the affected system to become...

7.5CVSS5.7AI score0.00665EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

SUSE SLES16 Security Update : alloy (SUSE-SU-2026:21852-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21852-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing...

7.5CVSS6.9AI score0.01163EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

openSUSE 16 Security Update : alloy (openSUSE-SU-2026:20816-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20816-1 advisory. This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key...

7.5CVSS5.9AI score0.01163EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/28 7:54 a.m.15 views

CVE-2026-43869

A flaw was found in Apache Thrift. This vulnerability involves improper validation of a certificate with a host mismatch, which could allow a remote attacker to bypass security checks. By presenting a specially crafted certificate, an attacker may impersonate a legitimate server or client. This...

7.3CVSS5.7AI score0.00632EPSS
Exploits0References4
OSV
OSV
added 2026/05/27 9:8 a.m.9 views

OPENSUSE-SU-2026:20816-1 Security update for alloy

This update for alloy fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262955. - CVE-2026-41602: github.com/apache/thrift: TFramedTransport frame size headers can lead to a uint32 integer...

7.5CVSS6.8AI score0.01163EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift versions 0.9.3 to 0.13.0, malicious RPC clients could send short messages, resulting in a large memory allocation and potentially causing a denial of service...

7.5CVSS6.6AI score0.06779EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Thrift

In Apache Thrift versions 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when receiving invalid input data...

7.5CVSS6.8AI score0.06793EPSS
Exploits0References1
Rows per page
Query Builder