Lucene search
K

105 matches found

Packet Storm News
Packet Storm News
added 2026/12/29 12:0 a.m.272 views

GNUnet P2P Framework 0.26.2

GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP IPv4 and IPv6, TCP IPv4 and IPv6, HTTP, o...

6.8AI score
Exploits0
OSV
OSV
added 3 days ago4 views

BIT-ACTIVEMQ-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-49434

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entrie...

7.5CVSS6AI score0.00659EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:16 a.m.5 views

DEBIAN-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:16 a.m.7 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS0.00659EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:16 a.m.4 views

UBUNTU-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/30 9:55 a.m.7 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References2Affected Software3
CVE
CVE
added 2026/06/30 9:55 a.m.12 views

CVE-2026-49434

CVE-2026-49434 is an Improper Input Validation vulnerability affecting Apache ActiveMQ Broker, ActiveMQ, and ActiveMQ All. An attacker with permission to publish/modify LDAP entries (matching configured searchBase/searchFilter) can instantiate denied transports inside the broker JVM, enabling ret...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2026/06/30 9:55 a.m.34 views

CVE-2026-49434 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: LdapNetworkConnector instantiates denied transports and a remote-properties broker

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

0.00659EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53839

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions prior to 5.19.8 Apache ActiveMQ Broker versions 6.0.0 through 6.2.6 Apache ActiveMQ versions prior to 5.19.8 Apache ActiveMQ versions 6.0.0 through 6.2.6 Apache ActiveMQ All versions prior to 5.19.8 Apache...

7.5CVSS5.9AI score0.00659EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.7 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.8 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
OSV
OSV
added 2026/06/15 8:46 p.m.6 views

GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.13 views

CVE-2026-50020

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS4.9AI score0.00232EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 2:55 p.m.71 views

CVE-2026-50020

Netty (network framework) contains a flaw in HttpObjectDecoder: prior to reading the first request-line, it ignores all ISO control bytes (0x00–0x1F, 0x7F) plus whitespace, beyond what RFC 9112 allows. This can cause request-boundary confusion in pipelined or multiplexed transports. Affects Netty...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.8 views

org.apache.camel:camel-example-cxf (>=2.14.0 <=2.19.5), org.apache.cxf.osgi.itests:org.apache.cxf.osgi.itests (>=3.0.0 <=3.6.10) +17 more potentially affected by CVE-2025-48913 +1 more via org.apache.cxf:cxf-rt-transports-jms (>=3.0.0-milestone1 <=3.6.10)

org.apache.cxf:cxf-rt-transports-jms MAVEN version =3.0.0-milestone1, =2.14.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.0, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.0.0.Beta1, =5.5.0.Final and more Source cves: CVE-2025-48913, CVE-2026-44417 Source advisory:...

9.8CVSS7.2AI score0.00739EPSS
Exploits0
OSV
OSV
added 2026/05/21 4:46 p.m.7 views

GHSA-VRXG-GM77-7Q5G Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling...

9.3CVSS6.1AI score0.00397EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 4:46 p.m.11 views

Windows-MCP: HTTP transports expose unauthenticated PowerShell control with wildcard CORS

HTTP transports expose unauthenticated PowerShell control with wildcard CORS There is an issue in the SSE and Streamable HTTP transport modes. The default stdio mode is not affected, but the documented HTTP modes expose the MCP control plane without authentication and add wildcard CORS handling...

9.3CVSS6.1AI score0.00397EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/05/18 12:45 a.m.20 views

[SECURITY] Fedora 44 Update: coturn-4.11.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/15 2:2 p.m.11 views

CVE-2026-43964

A flaw was found in Postfix. This issue occurs when processing enhanced status codes, specifically an enhanced status code that lacks text following the third number. Depending on the configuration of the server, this allows a remote attacker to cause a buffer over-read of only 1 byte, leading to...

7.5CVSS6AI score0.00415EPSS
Exploits0References4
Rows per page
Query Builder