Lucene search
+L

13366 matches found

nvd
nvd
added 2026/06/22 6:16 p.m.11 views

CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS0.00293EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 4:19 p.m.4 views

CVE-2026-54270

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/06/22 4:19 p.m.36 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS0.00293EPSS
Exploits0References1
osv
osv
added 2026/06/22 4:19 p.m.4 views

CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload containing many unknown...

5.3CVSS6AI score0.00293EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/22 1:3 p.m.8 views

CVE-2026-48772

A flaw was found in ProxySQL, a proxy for MySQL and its forks, as well as PostgreSQL. A remote attacker can exploit this vulnerability by sending a specially crafted PROXY protocol version 1 PP1 header with an 'UNKNOWN' protocol token. Despite the specification requiring these address fields to b...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
osv
osv
added 2026/06/22 12:0 a.m.7 views

UBUNTU-CVE-2026-53489

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a bug where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. This issue h...

8.2CVSS6.1AI score0.00208EPSS
Exploits0References5
osv
osv
added 2026/06/22 12:0 a.m.8 views

UBUNTU-CVE-2026-50195

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

9.9CVSS6.3AI score0.00354EPSS
Exploits0References5
nvd
nvd
added 2026/06/21 9:16 a.m.13 views

CVE-2026-12788

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
nvd
nvd
added 2026/06/21 8:16 a.m.15 views

CVE-2026-12782

A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...

8.5CVSS0.00109EPSS
Exploits0References6
euvd
euvd
added 2026/06/21 7:30 a.m.11 views

EUVD-2026-38151

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS6AI score0.00242EPSS
Exploits0References5
susecve
susecve
added 2026/06/20 2:29 a.m.15 views

SUSE CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.4CVSS7.1AI score0.02486EPSS
Exploits0References7
susecve
susecve
added 2026/06/20 2:29 a.m.12 views

SUSE CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.2AI score0.00371EPSS
Exploits1References7
susecve
susecve
added 2026/06/20 2:29 a.m.14 views

SUSE CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.02806EPSS
Exploits0References11
susecve
susecve
added 2026/06/20 2:29 a.m.11 views

SUSE CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6AI score0.00154EPSS
Exploits0References3
susecve
susecve
added 2026/06/20 2:29 a.m.13 views

SUSE CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
susecve
susecve
added 2026/06/20 2:29 a.m.13 views

SUSE CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References3
susecve
susecve
added 2026/06/20 2:28 a.m.10 views

SUSE CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References3
susecve
susecve
added 2026/06/20 2:28 a.m.14 views

SUSE CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
susecve
susecve
added 2026/06/20 2:28 a.m.12 views

SUSE CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/19 7:28 p.m.24 views

CVE-2026-48772 ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
Rows per page
Query Builder