18984 matches found
Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...
GHSA-Q537-8FR5-CW35 Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()
Summary The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw,...
RHEL 8 : mysql:8.0 (RHSA-2026:5580)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:5580 advisory. MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and...
Directory Traversal
Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Directory Traversal via the Script View...
Unspecified Vulnerability in HCL AION (CNVD-2026-15151)
HCL AION is an AI lifecycle management platform from HCL India. HCL AION has a security vulnerability that can be exploited by attackers to affect the traceability of user activities...
Google Android suffers from unspecified vulnerability (CNVD-2026-13151)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...
Google Android suffers from unspecified vulnerability (CNVD-2026-18789)
Google Android is a Linux-based open source operating system from Google. Google Android has a security vulnerability that can be exploited by attackers to cause local elevation of privilege...
CVE-2026-2852
A vulnerability was identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This issue affects the function addSales/updateSales/deleteSales of the file dataset\repos\warehouse\src\main\java\com\yeqifu\bus\controller\SalesController.java of the component Sales Endpoint. The...
CVE-2026-2574
OOB Read in OpenSSL backend...
PT-2026-20271
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description A malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of...
PT-2026-7399
Name of the Vulnerable Software and Affected Versions Microsoft Windows 10 1607 versions prior to 10.0.14393.8868 Microsoft Windows 10 1809 versions prior to 10.0.17763.8389 Microsoft Windows 10 21H2 versions prior to 10.0.19044.6937 Microsoft Windows 10 22H2 versions prior to 10.0.19045.6937...
PT-2026-7464
Name of the Vulnerable Software and Affected Versions AMD Secure Processor ASP Boot Loader affected versions not specified Description A flaw exists in the AMD Secure Processor ASP Boot Loader where insufficient parameter sanitization could allow an attacker with access to SPIROM upgrade to...
PT-2026-7421
Name of the Vulnerable Software and Affected Versions Connections affected versions not specified Description The system may not accurately count connections received through the proxy port, specifically when a proxy protocol header is present. This can lead to the server exceeding its connection...
CVE-2026-24678
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.22.0, A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite. This vulnerability is fixed in 3.22.0...
PT-2026-7191
Name of the Vulnerable Software and Affected Versions Tanium Endpoint Configuration Toolset Solution affected versions not specified Tanium End-User Notifications Endpoint Tools affected versions not specified Description Tanium addressed a flaw that allows for arbitrary file deletion...
PT-2026-6700
Name of the Vulnerable Software and Affected Versions HDC module affected versions not specified Description A permission control issue exists in the HDC module. Successful exploitation could compromise service confidentiality. Recommendations At the moment, there is no information about a newer...
PT-2026-6708
Name of the Vulnerable Software and Affected Versions DFX module affected versions not specified Description An out-of-bounds write issue exists in the DFX module. Successful exploitation of this issue may impact system availability. Recommendations At the moment, there is no information about a...
PT-2026-6617
Name of the Vulnerable Software and Affected Versions Tanium Threat Response affected versions not specified Description Tanium Threat Response contains an information disclosure issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
PT-2026-6611
Name of the Vulnerable Software and Affected Versions Tanium Patch affected versions not specified Description Tanium Patch suffers from an improper access controls issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2026-6626
Name of the Vulnerable Software and Affected Versions Tanium Enforce affected versions not specified Description Tanium Enforce has an issue with incorrect default permissions. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...