Lucene search
K

15 matches found

Github Security Blog
Github Security Blog
added 2026/05/08 8:44 p.m.12 views

Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body size

Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may send an arbitrarily large request body, potentially causing the webhook server to be killed by OOM. All Volcano deployments with the webhook...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.25 views

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References4
OSV
OSV
added 2026/05/06 11:23 p.m.6 views

GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

5.5CVSS5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 11:16 p.m.7 views

axonflow-sdk-typescript: Webhook signing-key (HMAC-SHA256) not exposed by SDK type, preventing signature verification

Summary The AxonFlow SDK's WebhookSubscription or equivalent type did not expose the HMAC-SHA256 signing key returned by the platform's CreateWebhook endpoint. Without access to the secret through the typed SDK API, callers had no path to verify the X-AxonFlow-Signature header on incoming webhook...

5.8AI score
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.3 views

PT-2026-30322

Name of the Vulnerable Software and Affected Versions @hapi/content versions through 6.0.0 Description @hapi/content is susceptible to Regular Expression Denial of Service ReDoS through crafted HTTP header values. Three regular expressions used to parse Content-Type and Content-Disposition header...

8.7CVSS5.3AI score0.00413EPSS
Exploits0References208
NVD
NVD
added 2026/02/26 12:16 a.m.10 views

CVE-2026-27812

Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning Host Header / Forwarded Header trust issue, which allows attackers to manipulate the password reset link...

9.3CVSS0.00245EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: nodejs (CVE-2024-24758)

The version of nodejs installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-24758 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers...

4.5CVSS7.8AI score0.00765EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 12:53 a.m.27 views

CVE-2025-68113 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

ALTCHA is privacy-first software for captcha and bot protection. A cryptographic semantic binding flaw in ALTCHA libraries allows challenge payload splicing, which may enable replay attacks. The HMAC signature does not unambiguously bind challenge parameters to the nonce, allowing an attacker to...

6.5CVSS0.00262EPSS
Exploits0References10
OSV
OSV
added 2025/07/30 7:55 p.m.7 views

CVE-2025-54575 ImageSharp Triggers an Infinite Loop in its GIF Decoder When Skipping Malformed Comment Extension Blocks

ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block with a missing block terminator can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. Th...

5.3CVSS6.3AI score0.00378EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/10/17 12:0 a.m.3 views

PT-2024-7207 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions prior to 129.0.2792.52 Description: The issue is related to a use-after-free vulnerability in Microsoft Edge, which is based on Chromium. This vulnerability can be exploited by a remote attacker to execu...

6.1CVSS7.7AI score0.00518EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2024/05/01 10:42 a.m.16 views

CVE-2024-32973 Remote for TLS session may be trusted despite constraints in Pluto lang

Pluto is a superset of Lua 5.4 with a focus on general-purpose programming. In affected versions an attacker with the ability to actively intercept network traffic would be able to use a specifically-crafted certificate to fool Pluto into trusting it to be the intended remote for the TLS session...

4.8CVSS6.8AI score0.00129EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.6 views

PT-2024-3316 · Aruba · Arubaos

Name of the Vulnerable Software and Affected Versions: ArubaOS versions 8.10 through 10.5 Description: The issue is related to a buffer overflow vulnerability in the Utility daemon, which could lead to unauthenticated remote code execution by sending specially crafted packets to the PAPI UDP port...

9.8CVSS9.1AI score0.43998EPSS
Exploits0References17
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.12 views

PT-2023-6133 · Microsoft +1 · Quic +4

Name of the Vulnerable Software and Affected Versions: Microsoft QUIC affected versions not specified Windows affected versions not specified .NET affected versions not specified Visual Studio affected versions not specified Description: The vulnerability is related to insufficient input validati...

9.8CVSS6.5AI score0.99999EPSS
Exploits19References141
Cvelist
Cvelist
added 2020/11/11 3:45 p.m.33 views

CVE-2020-15275 malicious SVG attachment causing stored XSS vulnerability in MoinMoin

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

8.7CVSS9.1AI score0.01725EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2020/09/24 12:0 a.m.3 views

PT-2021-1501 · Flatpak +9 · Flatpak +9

Name of the Vulnerable Software and Affected Versions: Flatpak versions prior to 1.10.4 and 1.12.0 Description: The issue is related to the lack of blocking in the seccomp filter for mount-related system calls, which can be exploited to gain access to confidential data, disrupt its integrity, and...

8.8CVSS7AI score0.01346EPSS
Exploits1References85
Rows per page
Query Builder