Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/17 6:12 p.m.48 views

EUVD-2026-36726

Multer vulnerable to Denial of Service via deeply nested field names...

7.5CVSS5.2AI score0.00278EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/17 3:29 p.m.21 views

CVE-2026-32652

Dell AIOps Collector versions prior to 1.18.3 contain a "Use of Default Credentials" vulnerability. A low privileged attacker with console access could potentially exploit this vulnerability to gain Filesystem access. This vulnerability only affects fresh installations of Collector versions earli...

7.8CVSS0.00098EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/24 12:32 a.m.6 views

Allocation of Resources Without Limits or Throttling

Overview activesupport is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in NumberConverter. An attacker can cause excessive memory allocation by...

8.7CVSS5.8AI score0.0061EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/04 6:15 p.m.11 views

n8n's Improper CSP Enforcement in Webhook Responses May Allow Stored XSS

Impact A Cross-site Scripting XSS vulnerability has been identified in the handling of webhook responses and related HTTP endpoints. Under certain conditions, the Content Security Policy CSP sandbox protection intended to isolate HTML responses may not be applied correctly. An authenticated user...

8.5CVSS5.5AI score0.00224EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/06/19 10:15 a.m.1 views

DEBIAN-CVE-2025-49763

ESI plugin does not have the limit for maximum inclusion depth, and that allows excessive memory consumption if malicious instructions are inserted. Users can use a new setting for the plugin --max-inclusion-depth to limit it. This issue affects Apache Traffic Server: from 10.0.0 through 10.0.5,...

7.5CVSS5.3AI score0.00632EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2024/06/07 6:1 a.m.40 views

Security Bulletin: Security fixes available for The IBM® Engineering System Design Rhapsody products on IBM Jazz Technology

Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix versio...

5.8CVSS7.9AI score0.7848EPSS
Exploits4Affected Software1
Prion
Prion
added 2024/02/09 11:15 p.m.29 views

Authentication flaw

Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to extauthz, circumventing extauthz checks when failuremodeallow is set to true. This issue has been addressed in...

5CVSS7.2AI score0.006EPSS
Exploits0References2Affected Software1
Amazon
Amazon
added 2023/09/25 12:0 a.m.4 views

Medium: redis

Issue Overview: Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SETRANGE and SORTRO commands can trigger an integer overflow, resulting with Redis attempting to allocate impossible amounts of memory and abort with an out-of-memory OOM panic. The...

6.5CVSS7.1AI score0.69355EPSS
Exploits0
Debian CVE
Debian CVE
added 2020/01/28 9:20 p.m.3 views

CVE-2020-5215

In TensorFlow before 1.15.2 and 2.0.1, converting a string from Python to a tf.float16 value results in a segmentation fault in eager mode as the format checks for this use case are only in the graph mode. This issue can lead to denial of service in inference/training where a malicious attacker c...

7.5CVSS6.9AI score0.00581EPSS
Exploits1
Rows per page
Query Builder