Lucene search
K

115 matches found

CVE
CVE
added 2026/06/30 9:51 a.m.17 views

CVE-2026-50750

CVE-2026-50750 describes a pre-authentication Denial of Service in Apache ActiveMQ components where an unauthenticated attacker can flood BrokerInfo messages without a ConnectionInfo, causing an Out of Memory condition and broker crash. Affected ranges include Apache ActiveMQ Broker: 5.19.7 befor...

7.5CVSS5.8AI score0.00707EPSS
Exploits0References1Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-53842

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ Broker versions 5.19.7 through 5.19.7 Apache ActiveMQ Broker versions 6.2.6 through 6.2.6 Apache ActiveMQ versions 5.19.7 through 5.19.7 Apache ActiveMQ versions 6.2.6 through 6.2.6 Apache ActiveMQ All versions 5.19.7 through...

7.5CVSS5.9AI score0.00707EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/16 2:5 p.m.24 views

pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/06/16 2:5 p.m.8 views

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the font retrieving. An attacker can cause the application to enter an infinite loop by crafting a specially...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 1:47 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the text extraction when handling form XObjects with self-references. An...

6.9CVSS5.9AI score0.00123EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/12 6:30 p.m.7 views

Buffer Over-read

Overview tornado is a Python web framework and asynchronous networking library, originally developed at FriendFeed. Affected versions of this package are vulnerable to Buffer Over-read via the websocketmask function in the speedups component. An attacker can trigger a read past the end of the mas...

6.3CVSS5.4AI score0.00027EPSS
Exploits0References2
OSV
OSV
added 2026/06/05 3:48 p.m.6 views

OESA-2026-2558 assimp security update

Assimp is a library to load and process geometric scenes from various data formats. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems of any kind, but is not limited to this purpose. Security Fixes: A vulnerability, which was classifie...

9.8CVSS5.7AI score0.00485EPSS
Exploits4References5
Vulnrichment
Vulnrichment
added 2026/05/29 8:4 a.m.9 views

CVE-2026-10056 CORS misconfiguration in Nx Witness VMS allows session token exfiltration via cross-origin request

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 8:4 a.m.16 views

EUVD-2026-33262

CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Linux and Windows allows an unauthenticated remote attacker to steal the session token of an authenticated user and perform Administrator Account...

7.5CVSS5.8AI score0.00242EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/28 4:48 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parsing process. An attacker can cause excessive memory consumption b...

6.9CVSS5.8AI score0.0013EPSS
Exploits0References2
OSV
OSV
added 2026/05/11 9:16 a.m.8 views

PYSEC-2026-22

The Elasticsearch logging provider, when configured with a host URL that embeds credentials for example https://user:[email protected]:9200, wrote the full host URL — including the embedded credentials — into task logs. Any user with task-log read permission could harvest the backend...

6.5CVSS5.8AI score0.0041EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/10 8:59 p.m.2 views

XML Entity Expansion

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to XML Entity Expansion when parsing XMP metadata. An attacker can cause excessive memory consumption with excessive DOCTYPE entity...

6.9CVSS5.8AI score0.00423EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.7 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 10:0 a.m.2 views

CVE-2026-1879

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS6.2AI score0.00257EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/01 10:0 a.m.32 views

CVE-2026-1879 Harvard University IQSS Dataverse Theme Customization ThemeAndWidgets.xhtml unrestricted upload

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS0.00257EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.10 views

PT-2026-29508

A vulnerability was detected in Harvard University IQSS Dataverse up to 6.8. This affects an unknown function of the file /ThemeAndWidgets.xhtml of the component Theme Customization. Performing a manipulation of the argument uploadLogo results in unrestricted upload. Remote exploitation of the...

6.5CVSS5.5AI score0.00257EPSS
Exploits0References6
Snyk
Snyk
added 2026/03/27 5:8 p.m.2 views

Improper Validation of Integrity Check Value

Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value inadequate validation of the combined fingerprint during image downloads from simplestreams servers. An attacker can cause users to deploy malicious images by providing manipulated image file...

7.7CVSS6.1AI score0.0018EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/20 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33123

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or...

6.5CVSS5.7AI score0.00349EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS Virtualization 2.12.0 : protobuf (EulerOS-SA-2026-1511)

According to the versions of the protobuf packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Any project that uses Protobuf Pure-Python backendto parse untrusted Protocol Buffers data containing an arbitrary number of...

8.2CVSS5.9AI score0.00281EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/13 8:3 p.m.7 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the fetchKey function. An attacker can cause the server to make arbitrary HTTP requests to attacker-controlled destinations by crafting a JWT with malicious claim values that are interpolated into th...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References2
Rows per page
Query Builder