Lucene search
K

86 matches found

Atlassian
Atlassian
added 2026/06/11 5:31 p.m.6 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Crowd Data Center

This is a vulnerability in a non-Atlassian dependency. Atlassian's application of this dependency presents a lower, non-critical assessed risk. This Critical severity HTTP Request Smuggling vulnerability was introduced in versions 6.2.0, 6.3.0, 7.0.0, 7.1.0, 7.2.0 of Crowd Data Center. This HTTP...

9.1CVSS5.4AI score0.00633EPSS
Exploits1
OSV
OSV
added 2026/06/11 5:10 p.m.6 views

GHSA-RCVQ-M9J9-6F4G @hapi/inert has a static-file confinement bypass via sibling-prefix path

Impact @hapi/inert serves static files from a directory configured with path in the directory / file handlers or relativeTo for h.file, with confinement enforced by the confine option default true. Before the patch, the confinement check compared the resolved absolute path against the confine...

5.3CVSS5.6AI score0.00062EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/05 5:13 p.m.10 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the SquashFS archive handler due to uninitialized memory in the blockToNode array. An attacker can cause denial of service or potentially disclose heap information by providing a crafted SquashFS image...

4.2CVSS5.5AI score0.00179EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/05 5:13 p.m.18 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ParseDepedencyExpression function of the UEFI firmware image parser when an attacker provides a specially crafted opcode value. An attacker can cause a denial of service or potentially disclose minor informatio...

7.1CVSS5.5AI score0.00225EPSS
Exploits1References3
OSV
OSV
added 2026/06/04 3:23 p.m.8 views

GHSA-RXV8-25V2-QMQ8 React Router vulnerable to Denial of Service via reflected user input in single-fetch

A DoS vulnerability exists in the React Router v7 Framework Mode, as well as Remix v2.9.0+ with Single Fetch enabled. In some scenarios the underlying serialization algorithm can become a bottleneck when encoding specific types of data into server responses. Please upgrade to React Router v7.14.0...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-5245

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler...

8.1CVSS5.8AI score0.00716EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-5246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was determined in Cesanta Mongoose up to 7.20. Affected is the function mgtlsverifycertsignature of the file mongoose.c of the component P-384...

8.1CVSS5.4AI score0.00622EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/04 7:45 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 7:45 p.m.7 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the restore process when handling a crafted backup archive containing a valid backup/index.yaml and a malformed legacy backup.yaml file that omits the container section. An attacker can cause the daemon to...

7.1CVSS5.8AI score0.00408EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 5:45 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateCustomVolumeFromBackup process. An attacker can cause the daemon to crash by importing a crafted backup archive containing a null entry in the volumesnapshots array, which leads to a nil-pointer...

7.1CVSS5.8AI score0.00299EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 5:40 p.m.6 views

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the CreateBucketFromBackup process when handling backup metadata during storage bucket import. An attacker can cause the daemon to crash and disrupt service availability by supplying a crafted archive with a...

7.1CVSS5.8AI score0.00398EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/04 4:53 p.m.6 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the imgPostURLInfo function. An attacker can cause the server to initiate outbound HTTP HEAD requests to arbitrary endpoints by supplying a crafted URL during the image import preflight stage. This c...

5.3CVSS5.9AI score0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 7:30 p.m.6 views

JLSEC-2026-373

A security vulnerability has been detected in Cesanta Mongoose up to 7.20. This issue affects the function mgaesgcmdecrypt of the file /src/tlsaes128.c of the component GCM Authentication Tag Handler. Such manipulation leads to improper verification of cryptographic signature. The attack may be...

6.3CVSS4.6AI score0.00217EPSS
Exploits1References5
OSV
OSV
added 2026/04/30 7:30 p.m.9 views

JLSEC-2026-369 A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function...

A vulnerability has been found in Cesanta Mongoose up to 7.20. This affects the function mgtlsrecvcert of the file mongoose.c of the component TLS 1.3 Handler. Such manipulation of the argument pubkey leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been...

6.9CVSS5.8AI score0.00727EPSS
Exploits1References9
OSV
OSV
added 2026/04/30 7:30 p.m.5 views

JLSEC-2026-370 A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function...

A vulnerability was found in Cesanta Mongoose up to 7.20. This impacts the function handlemdnsrecord of the file mongoose.c of the component mDNS Record Handler. Performing a manipulation of the argument buf results in stack-based buffer overflow. Remote exploitation of the attack is possible. A...

6.3CVSS5.2AI score0.00716EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/27 1:22 p.m.4 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS5.4AI score0.00565EPSS
Exploits1References1
NVD
NVD
added 2026/04/25 5:16 p.m.3 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS0.00565EPSS
Exploits1References5
OSV
OSV
added 2026/04/25 5:16 p.m.4 views

DEBIAN-CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS5.7AI score0.00565EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/25 4:15 p.m.3 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

6.9CVSS5.4AI score0.00565EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/04/25 4:15 p.m.5 views

CVE-2026-6985

A weakness has been identified in Cesanta Mongoose up to 7.20. This vulnerability affects the function handleopt of the file /src/netbuiltin.c of the component TCP Option Handler. This manipulation of the argument optlen causes infinite loop. The attack is possible to be carried out remotely. The...

7.5CVSS5.4AI score0.00565EPSS
Exploits1
Rows per page
Query Builder