Lucene search
+L

1118 matches found

EUVD
EUVD
added 2026/04/10 9:31 a.m.15 views

EUVD-2026-21330

When configuring SSL bundles in Spring Cloud Gateway by using the configuration property spring.ssl.bundle, the configuration was silently ignored and the default SSL configuration was used instead. Note: The 4.2.x branch is no longer under open source support. If you are using Spring Cloud...

7.5CVSS5.8AI score0.00217EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 3:31 p.m.9 views

EUVD-2026-20465

Rejected reason: Not used...

6.4CVSS5.9AI score0.00345EPSS
Exploits0References12
OSV
OSV
added 2026/04/08 3:3 p.m.3 views

GHSA-56P5-8MHR-2FPH LiquidJS: Root restriction bypass for partial and layout loading through symlinked templates

Summary LiquidJS enforces partial and layout root restrictions using the resolved pathname string, but it does not resolve the canonical filesystem path before opening the file. A symlink placed inside an allowed partials or layouts directory can therefore point to a file outside that directory a...

8.2CVSS5.8AI score0.00396EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/03 9:31 p.m.4 views

EUVD-2026-18815

Rejected reason: Not used...

4CVSS5.9AI score0.00085EPSS
Exploits0References10
CVE
CVE
added 2026/03/31 9:59 p.m.20 views

CVE-2026-34536

ICC Dev iccDEV libraries are affected by a stack overflow in SIccCalcOp::ArgsUsed() when processing a crafted ICC profile under iccApplyProfiles. The issue exists before version 2.3.1.6 and is observed under AddressSanitizer; it has been patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00222EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/25 9:30 p.m.8 views

EUVD-2026-15989

Rejected reason: Not used...

9.8CVSS5.8AI score0.85844EPSS
Exploits0References22
CVE
CVE
added 2026/03/25 10:27 a.m.25 views

CVE-2026-23321

CVE-2026-23321 relates to the Linux kernel MPTCP subsystem (mptcp: pm: in-kernel: always mark signal+subflow endp as used). The vulnerability was addressed in the upstream kernel by patching endp handling in the PM code, reducing warning/usage inconsistencies when signaling ADD_ADDRs and subflows...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23321

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...

5.5AI score0.00123EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2026/03/19 12:0 a.m.6 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Improper Neutralization of Special...

2.6CVSS5.8AI score0.00112EPSS
Exploits0References2
OSV
OSV
added 2026/03/18 11:16 a.m.7 views

UBUNTU-CVE-2026-23244

In the Linux kernel, the following vulnerability has been resolved: nvme: fix memory allocation in nvmeprreadkeys nvmeprreadkeys takes numkeys from userspace and uses it to calculate the allocation size for rse via structsize. The upper limit is PRKEYSMAX 64K. A malicious or buggy userspace can...

7.1CVSS5.7AI score0.00121EPSS
Exploits0References7
NVD
NVD
added 2026/03/18 1:16 a.m.6 views

CVE-2026-27980

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

7.5CVSS0.00683EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 12:23 a.m.5 views

CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

6.9CVSS5.8AI score0.00683EPSS
Exploits0References3
CVE
CVE
added 2026/03/18 12:23 a.m.36 views

CVE-2026-27980

Next.js versions 10.0.0 through 16.1.6 expose an unbounded disk cache in the image optimization feature at /_next/image, allowing denial of service via cache growth. The root cause is a lack of an upper bound on the disk cache; the fix in v16.1.7 adds an LRU-backed disk cache and an eviction poli...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 12:23 a.m.7 views

CVE-2026-27980 Next.js: Unbounded next/image disk cache growth can exhaust storage

Next.js is a React framework for building full-stack web applications. Starting in version 10.0.0 and prior to version 16.1.7, the default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many...

6.9CVSS5.9AI score0.00683EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/17 4:17 p.m.10 views

Next.js: Unbounded next/image disk cache growth can exhaust storage

Summary The default Next.js image optimization disk cache /next/image did not have a configurable upper bound, allowing unbounded cache growth. Impact An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service. Note that this does not impa...

7.5CVSS5.8AI score0.00683EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/03/11 12:31 a.m.4 views

EUVD-2026-10954

Rejected reason: Not used...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/11 12:31 a.m.5 views

EUVD-2026-10953

Rejected reason: Not used...

6.4CVSS5.8AI score0.00152EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/06 3:31 p.m.6 views

EUVD-2026-10038

Rejected reason: Not used...

7.5CVSS5.8AI score0.00451EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/06 3:31 p.m.7 views

EUVD-2026-10037

Rejected reason: Not used...

5.3CVSS5.8AI score0.00261EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:34 a.m.4 views

CVE-2026-23767

ESC/POS, a printer control language designed by Seiko Epson Corporation, lacks mechanisms for user authentication and command authorization, does not provide controls to restrict sources or destinations of network communication, and transmits commands without encryption or integrity protection...

6AI score0.00447EPSS
Exploits0References4
Rows per page
Query Builder