Lucene search
K

40 matches found

CVE
CVE
added 2026/07/06 8:13 a.m.17 views

CVE-2026-55993

CVE-2026-55993 : Apache Camel Atmosphere Websocket Component contains an SSRF/Information Disclosure issue via improper input validation. The camel-atmosphere-websocket consumer maps inbound WebSocket query parameters into the Camel Exchange header map without a HeaderFilterStrategy, allowing ext...

7.5CVSS6AI score0.00536EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.13 views

CVE-2026-11448

A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument kube. set causes command injection. The attack is possible to be carried out remotely. Upgrading to...

5.8CVSS5.1AI score0.01582EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/08 2:58 a.m.12 views

CVE-2026-11450

A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation of the argument devname results in command injection. It is possible to initiate the attack...

7.5CVSS7.1AI score0.01572EPSS
Exploits1References1
NVD
NVD
added 2026/06/07 2:16 a.m.15 views

CVE-2026-11447

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS0.01073EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/07 1:15 a.m.8 views

CVE-2026-11447

A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfobackend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument device results in command injection. The attack can be executed remotely. The exploit has been released...

6.5CVSS5.1AI score0.01073EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/05 8:17 p.m.13 views

CVE-2026-11400

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.9 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS5.4AI score0.0043EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/05/26 1:54 a.m.29 views

SUSE CVE-2026-7736

A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. It is possible to launch the attack remotely. Upgrading to version 4.4.0 addresses this...

7.5CVSS6.8AI score0.00454EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42431

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An incorrect calculation in the hextoint macro occurs due to improper handling of uppercase characters. This allows a remote authenticated attacker to cause limited data modification by providi...

3.1CVSS5.8AI score0.00257EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/18 5:40 p.m.13 views

EUVD-2026-29439

multiparty vulnerable to ReDoS via filename parsing...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.12 views

PT-2026-39996

Name of the Vulnerable Software and Affected Versions multiparty versions prior to 4.3.0 Description A denial of service issue exists due to regular expression backtracking in the Content-Disposition filename parameter parser. A crafted multipart upload containing a long header value can cause...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-39998

Name of the Vulnerable Software and Affected Versions multiparty versions 4.2.3 and earlier Description A denial of service occurs due to an uncaught exception during the parsing of multipart/form-data requests. When a request contains a Content-Disposition header with a filename parameter...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/04 5:28 p.m.7 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the ParseIP6Extended function. An attacker can cause the application to crash or become unresponsive by supplying a specially crafted BGP UPDATE message. Remediation Upgrade github.com/osrg/gobgp/pkg/packet/bgp to...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.11 views

PT-2026-34805

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API routes inside the CMS responsible for Filtering DataSets. This allows an authenticated user to to...

7.6CVSS5.9AI score0.00246EPSS
Exploits0References7
OSV
OSV
added 2026/04/21 3:21 p.m.6 views

GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup

Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...

5.4CVSS5.8AI score0.00214EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.14 views

PT-2026-33035

Name of the Vulnerable Software and Affected Versions @fastify/express versions prior to 4.0.5 Description An issue exists where the software fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows an unauthenticated...

10CVSS5.2AI score0.00483EPSS
Exploits1References11
Snyk
Snyk
added 2026/04/08 8:13 p.m.4 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the rotateFileVaultKey function in orbit/pkg/useraction/useractiondarwin.go. An attacker can execute arbitrary commands on macOS by supplying a crafted FileVault username or password that is interpolated into the...

8.5CVSS6.3AI score0.00111EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/23 8:45 a.m.19 views

CVE-2026-25747

Deserialization of Untrusted Data vulnerability in Apache Camel LevelDB component. The Camel-LevelDB DefaultLevelDBSerializer class deserializes data read from the LevelDB aggregation repository using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. ...

8.8CVSS6.3AI score0.00903EPSS
Exploits2References2Affected Software1
Snyk
Snyk
added 2026/01/05 5:35 p.m.4 views

External Control of File Name or Path

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated...

9.2CVSS6.8AI score0.02058EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/12/28 12:2 p.m.38 views

CVE-2025-15135 joey-zhou xiaozhi-esp32-server-java Cookie AuthenticationInterceptor.java tryAuthenticateWithCookies improper authentication

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

6.5CVSS0.00289EPSS
Exploits0References7
Rows per page
Query Builder