Lucene search
K

1947 matches found

Snyk
Snyk
added 2026/06/10 1:13 a.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the DelegatingDeserializer function. An attacker can exhaust system memory by sending records with unique, random spring.kafka.serialization.selector header values, leading to...

7.1CVSS5.3AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 6:8 a.m.11 views

ECHO-4AD2-F6DA-0B95

Bulletin has no description...

8.3CVSS5.2AI score0.0022EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 3:48 a.m.43 views

CVE-2026-41710

The CVE-2026-41710 issue affects Spring Retry versions 2.0.0–2.0.12 and 1.3.0–1.3.4. An attacker can craft a large number of unique requests that trigger failures, exhausting the application-wide stateful retry cache. Once the cache is full, it permanently rejects further updates, causing all lat...

5.9CVSS5.5AI score0.0028EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-48322

Name of the Vulnerable Software and Affected Versions Spring for Apache Kafka versions 4.0.0 through 4.0.5 Spring for Apache Kafka versions 3.3.0 through 3.3.15 Spring for Apache Kafka versions 3.2.0 through 3.2.13 Spring for Apache Kafka versions 2.9.0 through 2.9.13 Spring for Apache Kafka...

6.5CVSS5.7AI score0.00289EPSS
Exploits0References8
OSV
OSV
added 2026/06/07 7:24 p.m.8 views

MINI-QRHV-5Q9V-C2C7

Bulletin has no description...

6.5CVSS5.2AI score0.00196EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.11 views

CVE-2026-44379

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.6AI score0.00178EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:37 p.m.6 views

MINI-G5FP-W567-XJ3F

Bulletin has no description...

9.1CVSS5.1AI score0.00373EPSS
Exploits0
OSV
OSV
added 2026/06/04 12:17 p.m.5 views

MINI-QV7Q-9XHV-FJVF

Bulletin has no description...

9.1CVSS5.7AI score0.00469EPSS
Exploits0
OSV
OSV
added 2026/06/04 9:35 a.m.7 views

MINI-J82V-C5J3-2C5M

Bulletin has no description...

8.8CVSS6.8AI score0.00647EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 8:45 a.m.11 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988

Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses uuid-7.0.3.tgz which is vulnerable to CVE-2026-41988.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-41988 DESCRIPTION: uuid before 14.0.0 can make unexpected...

3.2CVSS5.8AI score0.00138EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/28 8:13 p.m.10 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:24 p.m.8 views

CVE-2026-44712 pam_usb: Shell injection via device UUID and username in pamusb-conf and pamusb-agent

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $id/tmp/rce in the config causes root RCE when pamusb-conf --reset-pads is run. A USB device with a crafted filesystem UUID some controllers allow this can inject the payload a...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 3:33 p.m.2 views

GHSA-72P9-6VV6-GVQH pretix vulnerable to Authorization Bypass Through User-Controlled Key

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS5.8AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 3:16 p.m.17 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS0.00219EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:13 a.m.7 views

CVE-2026-41704

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

6.8CVSS5.8AI score0.00083EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

Cloud Foundry BOSH Director 安全漏洞

Cloud Foundry BOSH Director is a cloud infrastructure deployment and lifecycle management platform developed by the US Cloud Foundry company. Versions of Cloud Foundry BOSH Director prior to v282.1.12 contained security vulnerabilities. These vulnerabilities stemmed from AgentClient not performin...

6.8CVSS5.8AI score0.00083EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 6:25 a.m.16 views

Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

6AI score
Exploits0References3
OSV
OSV
added 2026/05/26 6:25 a.m.14 views

MAL-2026-4779 Malicious code in ether-bn.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4cc5567869e3d616af151887f680ef13bf23f8a19fe5978343254b921c1c7c73 Package name 'ether-bn.js' resembles the widely-used 'bn.js' big-number library, and the README directs users to install yet another name...

6AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/05/26 6:21 a.m.7 views

ether-bn.js (>=1.4.0 <=1.4.1) potentially affected by unknown CVE via unique-id-64 (=1.0.0)

unique-id-64 NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on unique-id-64 and may be impacted: - ether-bn.js =1.4.0, =1.4.1 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4781...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/26 6:21 a.m.17 views

Malicious code in unique-id-64 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8ab3b19e4bd1602de93ca092a5909f8b69927c01d5a690d3484116024dfc46e2 Package impersonates the well-known sindresorhus/unique-string utility: package.json copies the author block name 'Sindre Sorhus', email...

6AI score
Exploits0References2
Rows per page
Query Builder