Lucene search
K

52 matches found

EUVD
EUVD
added 6 hours ago4 views

EUVD-2026-42839

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

6.1AI score
Exploits0References1
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-24013 Apache IoTDB: Authentication Bypass via Forged SessionID in Thrift RPC

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSession authentication, receive valid query results. This...

0.00471EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 2:16 p.m.12 views

CVE-2026-5079

Impact: multer versions 1.0.0 through 2.1.1 and 3.0.0-alpha.1 are vulnerable to a Denial of Service via deeply nested field names in multipart form data. The append-field dependency parses bracket notation in field names with no limit on nesting depth, allowing an attacker to force allocation of...

7.5CVSS0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 12:16 a.m.15 views

CVE-2026-12193

A vulnerability was identified in VS Revo RevoUninstaller 2.5.x/2.6.x. The affected element is the function IOCtlHandler in the library RevoDetector.sys of the component IOCTL Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit is...

8.5CVSS0.00142EPSS
Exploits0References10
OSV
OSV
added 2026/06/10 8:39 a.m.8 views

BIT-APACHE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.00682EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.19 views

PT-2026-47716

Name of the Vulnerable Software and Affected Versions Apache Answer versions prior to 2.0.1 Description The server fails to sufficiently validate user-supplied image URLs. This allows arbitrary external content to be embedded as profile images, potentially exposing users to unintended external...

6.5CVSS5.5AI score0.00403EPSS
Exploits0References6
NVD
NVD
added 2026/06/08 4:16 p.m.12 views

CVE-2026-29170

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

6.1CVSS0.00504EPSS
Exploits0References2
NVD
NVD
added 2026/06/08 4:16 p.m.15 views

CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS0.00805EPSS
Exploits0References6
NVD
NVD
added 2026/05/28 10:16 a.m.11 views

CVE-2025-48977

Relative Path Traversal vulnerability in Apache Ignite REST API. Authenticated REST API users can read any file on the server with "cmd=log" command and a log path crafted in a certain way. This issue affects Apache Ignite: from 2.0.0 through 2.17.0. Users are recommended to upgrade to version...

8.5CVSS0.00526EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 3:31 a.m.8 views

GHSA-6H8R-H22R-JJ64 AMF Vulnerable to Improper Resource Shutdown or Release

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

5.3CVSS5.3AI score0.00303EPSS
Exploits0References8
NVD
NVD
added 2026/05/18 2:16 a.m.16 views

CVE-2026-8782

A weakness has been identified in omec-project amf up to 2.1.3-dev. This affects an unknown function of the file ngap/handler.go of the component NGAP Message Handler. This manipulation causes null pointer dereference. Remote exploitation of the attack is possible. The exploit has been made...

5.3CVSS0.00303EPSS
Exploits0References7
NVD
NVD
added 2026/05/18 2:16 a.m.19 views

CVE-2026-8780

A vulnerability was identified in omec-project amf up to 2.1.3-dev. The affected element is an unknown function of the file ngap/dispatcher.go of the component NGAP Message Handler. The manipulation leads to memory corruption. The attack may be initiated remotely. The exploit is publicly availabl...

5.3CVSS0.00303EPSS
Exploits0References7
CVE
CVE
added 2026/05/18 2:15 a.m.23 views

CVE-2026-8783

CVE-2026-8783 affects omec-project AMF up to version 2.1.3-dev. The vulnerability targets the UERadioCapabilityCheckResponse function in ngap/dispatcher.go and causes a null pointer dereference, with remote execution potential. Public exploit details exist. The issue is addressed by upgrading to ...

5.3CVSS5.4AI score0.00398EPSS
Exploits0References7
CVE
CVE
added 2026/05/18 1:30 a.m.19 views

CVE-2026-8780

The CVE-2026-8780 affects omec-project amf up to 2.1.3-dev, in the NGAP Message Handler’s ngap/dispatcher.go. The issue involves a memory corruption vulnerability in an unknown function, potentially exploitable remotely. An exploit exists publicly, and upgrading to 2.2.0 is reported to fix this i...

5.3CVSS5.5AI score0.00303EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/04/27 1:12 p.m.35 views

CVE-2026-40557 Apache Storm Prometheus Reporter: Disabling TLS verification for Prometheus Reporter also disables it for all other connections

Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skiptlsvalidation by default it is...

0.00193EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 4:16 p.m.8 views

DEBIAN-CVE-2026-34480

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

7.5CVSS5.3AI score0.0086EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31565

Name of the Vulnerable Software and Affected Versions Agions taskflow-ai versions through 2.1.8 Description A security flaw exists in Agions taskflow-ai up to version 2.1.8. The issue impacts an unknown function within the src/mcp/server/handlers.ts file of the terminal execute component, leading...

6.5CVSS6.5AI score0.0111EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.6 views

PT-2026-28790

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has be...

8.7CVSS5.9AI score0.00477EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-32945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a Heap-based Buffer Overflowvulnerability in the DNS...

9.8CVSS5.5AI score0.00308EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/28 12:0 a.m.15 views

PT-2026-28791

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0...

7.4CVSS5.8AI score0.00341EPSS
Exploits1References5
Rows per page
Query Builder