Lucene search
K

41 matches found

NVD
NVD
added 6 days ago10 views

CVE-2026-51602

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS0.00402EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 12:16 p.m.1 views

CVE-2026-11946

An unauthenticated remote attacker can exhaust server memory via the GetEndpoints Discovery Service in open62541. The endpointUrl field of GetEndpointsRequest is not validated for length. An attacker can declare an arbitrarily large string up to 4.09 GB via the UInt32 length field delivered acros...

7.5CVSS6AI score
Exploits0References3
NVD
NVD
added 2026/03/26 5:16 p.m.20 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS0.00496EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/26 5:16 p.m.4 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References5
OSV
OSV
added 2026/03/26 5:16 p.m.6 views

UBUNTU-CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.8AI score0.00496EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/26 4:16 p.m.2 views

CVE-2026-4867

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS5.9AI score0.00496EPSS
Exploits0References4
OSV
OSV
added 2026/03/26 4:16 p.m.2 views

CVE-2026-4867 path-to-regexp vulnerable to Regular Expression Denial of Service via multiple route parameters

Impact: A bad regular expression is generated any time you have three or more parameters within a single segment, separated by something that is not a period .. For example, /:a-:b-:c or /:a-:b-:c-:d. The backtrack protection added in [email protected] only prevents ambiguity for two...

7.5CVSS6.7AI score0.00932EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.19 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

9.8CVSS6.6AI score0.00694EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 12:0 a.m.3 views

CVE-2025-67186

TOTOLINK A950RG V4.1.2cu.5204B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cstemodules/firewall.so. The vulnerability occurs because the url parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow,...

6.6AI score0.00694EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.10 views

PT-2026-5954

Name of the Vulnerable Software and Affected Versions TOTOLINK A950RG version 4.1.2cu.5204 B20210112 Description The software contains a buffer overflow issue in the setUrlFilterRules interface of /lib/cste modules/firewall.so. The issue is due to insufficient validation of the length of the url...

9.8CVSS6.8AI score0.00694EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-28656

Name of the Vulnerable Software and Affected Versions path-to-regexp versions prior to 0.1.13 Description A flawed regular expression is generated when three or more parameters are present within a single segment, separated by characters other than a period .. For example, /:a-:b-:c or...

7.5CVSS5.9AI score0.00496EPSS
Exploits1References34
RedhatCVE
RedhatCVE
added 2025/10/16 2:51 p.m.7 views

CVE-2025-61938

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

8.7CVSS6.7AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/15 3:30 p.m.8 views

EUVD-2025-34643

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

8.7CVSS6.2AI score0.00324EPSS
Exploits0References2
NVD
NVD
added 2025/10/15 2:15 p.m.19 views

CVE-2025-61938

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

8.7CVSS0.00324EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 2:15 p.m.6 views

CVE-2025-61938

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

8.7CVSS5.8AI score0.00324EPSS
Exploits0References1
CVE
CVE
added 2025/10/15 1:55 p.m.23 views

CVE-2025-61938

CVE-2025-61938 affects BIG-IP Advanced WAF/ASM when a Data Guard Protection Enforcement URL exceeds 1024 characters, causing the bd process to terminate repeatedly and prompting a DoS risk. Exploitation details are not described beyond this configuration-based trigger in the provided sources. Mit...

8.7CVSS6.3AI score0.00324EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2025/10/15 1:55 p.m.11 views

CVE-2025-61938 BIG-IP Advanced WAF and ASM bd process vulnerability

When a BIG-IP Advanced WAF or ASM security policy is configured with a URL greater than 1024 characters in length for the Data Guard Protection Enforcement setting, either manually or through the automatic Policy Builder, the bd process can terminate repeatedly. Note: Software versions which have...

8.7CVSS0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2000-0994

Malware in sbrugna...

5CVSS6.4AI score0.01137EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-0281

Malware in sbrugna...

5CVSS6.4AI score0.12592EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3808

Malware in sbrugna...

7.5CVSS7.6AI score0.01336EPSS
Exploits0References2
Rows per page
Query Builder