Lucene search
K

43 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : libnetapi, libnetapi-devel, libsmbclient (ALAS2023-2026-1895)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1895 advisory. unauthenticated udp packet crashes AD DC nbt server CVE-2026-3238 Samba file servers and classic non-AD domain controllers offer theSamValidatePasswordChange and SamValidatePasswordReset RPC...

9.8CVSS6.6AI score0.12797EPSS
Exploits7References8
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.12 views

PT-2026-48533

🚨 CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are...

7.5CVSS5.3AI score0.00539EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/06/09 1:2 p.m.7 views

CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS5.5AI score0.00346EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/04 2:5 p.m.10 views

CVE-2026-28318 SolarWinds Serv-U Unauthenticated Denial of Service Vulnerability

SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure customer environments in the SolarWinds Trust Center if you are unable to deploy the update...

7.5CVSS5.8AI score0.10659EPSS
Exploits2References2
EUVD
EUVD
added 2026/05/22 10:22 a.m.10 views

EUVD-2026-31426

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to properly validate msgpack-encoded WebSocket frames before memory allocation which allows an unauthenticated remote attacker to crash the server process and cause a full service outage for all users v...

7.5CVSS5.8AI score0.00327EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.8 views

Amazon Linux 2023 : krb5-devel, krb5-libs, krb5-pkinit (ALAS2023-2026-1680)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1680 advisory. In MIT Kerberos 5 aka krb5 before 1.22.3, there is a NULL pointer dereference if an application calls gssacceptseccontext on a system with a NegoEx mechanism registered in /etc/gss/mech. An...

5.9CVSS5.9AI score0.00461EPSS
Exploits0References6
OSV
OSV
added 2026/05/12 8:52 a.m.11 views

BIT-PGBOUNCER-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1References2
NVD
NVD
added 2026/05/09 1:16 a.m.25 views

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS0.00698EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/09 1:16 a.m.8 views

CVE-2026-6664

An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malformed SCRAM authentication packet...

7.5CVSS6AI score0.00698EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/04 2:41 p.m.6 views

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

5.3CVSS5.8AI score0.00514EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/20 11:27 p.m.5 views

SUSE CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:38 p.m.3 views

CVE-2026-28224

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/04/17 6:38 p.m.7 views

EUVD-2026-23468

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback packet without prior authentication, the portservercryptcallback handler is not initialized, resulting in a null pointer dereference and...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/17 6:14 p.m.6 views

CVE-2026-27890

Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCTspecificdata segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow...

8.2CVSS5.7AI score0.00465EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-28224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when the server receives an opcryptkeycallback...

8.2CVSS5.8AI score0.00465EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 6:39 p.m.3 views

GO-2026-4760 CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2

CBC Padding Panic — Unauthenticated Process Crash in github.com/russellhaering/gosaml2...

5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 9:50 p.m.2 views

CVE-2026-32944

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/18 8:19 p.m.11 views

gosaml2 CBC Padding Panic — Unauthenticated Process Crash

Summary The AES-CBC decryption path in DecryptBytes panics on crafted ciphertext whose plaintext is all zero bytes. After decryption, bytes.TrimRightdata, "\x00" empties the slice, then datalendata-1 panics with index out of range -1. There is no recover in the library. The panic propagates throu...

5.9AI score
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/03/18 12:30 a.m.6 views

EUVD-2025-208811

IBM Sterling B2B Integrator and and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 could allow an unauthenticated attacker to send a specially crafted request that causes the application to crash...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.4 views

PT-2026-26165

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.21 and 8.6.45, an unauthenticated attacker can crash the Parse Server process by sending a single request with deeply nested query condition operators. This terminates the...

8.7CVSS5.7AI score0.00483EPSS
Exploits0References9
Rows per page
Query Builder