Lucene search
K

1967 matches found

CVE
CVE
added 5 days ago13 views

CVE-2026-56667

ZITADEL, an open source identity management platform, contains a Stored XSS flaw prior to version 4.15.3 in the Login V2 OIDC and SAML FailedPrecondition error paths. The bug returns loginSettings.defaultRedirectUri to router.push without applying isSafeRedirectUri, enabling an organization or in...

7.3CVSS6.2AI score0.00225EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 6 days ago4 views

OpenVPN 2.5.0 < 2.5.12 / 2.6.0 < 2.6.21 / 2.7.x < 2.7.5 Memory Leak DoS

According to its self-reported version number, the version of OpenVPN installed on the remote Windows host is affected by a denial of service vulnerability: - A memory leak in tls-crypt-v2 client key handling allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a deni...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References3
Mageia
Mageia
added 2026/07/08 4:36 p.m.4 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References4
Amazon
Amazon
added 2026/07/08 12:0 a.m.6 views

Important: nginx

Issue Overview: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion to 2 or grpcpass directives are used to proxy HTTP/2 traffic, the ignoreinvalidheaders directive is set to off, and...

9.2CVSS6.3AI score0.03552EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/07/07 9:52 p.m.8 views

nginx: NGINX: Arbitrary code execution or Denial of Service via heap-based buffer overflow with crafted HTTP/2 headers

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS7.7AI score0.03552EPSS
Exploits1References5
OSV
OSV
added 2026/07/07 4:52 p.m.9 views

GO-2026-5764 DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream

DoS due to Panic in AWS SDK for Go v2 SDK EventStream Decoder in github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-992 Heap overflow in `QuantizeAndDequantizeV2`

Impact The function MakeGrapplerFunctionItem takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read or a crash is triggered. python import tensorflow as tf @tf.function def test:...

4.8CVSS6AI score0.00401EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.3 views

PYSEC-2026-982 TensorFlow vulnerable to `CHECK` fail in `RandomPoissonV2`

Impact When RandomPoissonV2 receives large input shape and rates, it gives a CHECK fail that can trigger a denial of service attack. python import tensorflow as tf arg0=tf.random.uniformshape=4,, dtype=tf.int32, maxval=65536 arg1=tf.random.uniformshape=4, 4, 4, 4, 4, dtype=tf.float32, maxval=None...

5.9CVSS7AI score0.00396EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/07 9:18 a.m.34 views

CVE-2026-49296 Apache Airflow: Per-DAG read bypass discloses co-located DAGs' source via GET /api/v2/dagSources/{dag_id}

Before apache-airflow 3.3.0, a user authorized to read one Dag could disclose the source of other Dags co-located in the same source file. GET /api/v2/dagSources/dagid — and the equivalent Dag-source view in the UI — returned the entire source file without redacting Dags the caller was not...

0.00601EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 2:13 p.m.6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6AI score0.00549EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/06 2:13 p.m.22 views

CVE-2026-13698

CVE-2026-13698 is a memory-leak issue in OpenVPN related to tls-crypt-v2 client key handling, as noted in Mageia advisory MGASA-2026-0236. The advisory explicitly links this CVE to a memory leak that could contribute to server instability or crashes. Mageia reports the OpenVPN vulnerability along...

7.5CVSS6AI score0.00549EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/07/06 2:13 p.m.35 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS0.00549EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 2:13 p.m.3 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

6CVSS6.1AI score0.00549EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/06 2:13 p.m.6 views

CVE-2026-13698

A memory leak in OpenVPN version 2.5.0 through 2.5.11, 2.6.0 through 2.6.20 and 2.7alpha1 through 2.7.4 allows remote attackers with a valid tls-crypt-v2 client key to potentially cause a denial of service...

7.5CVSS6AI score0.00549EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2801 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:25 a.m.5 views

OESA-2026-2800 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:25 a.m.4 views

OESA-2026-2799 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
OSV
OSV
added 2026/07/06 6:25 a.m.5 views

OESA-2026-2798 nginx security update

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. Security Fixes: NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpproxyv2module and ngxhttpgrpcmodule modules. This vulnerability exists when the proxyhttpversion ...

9.2CVSS6.3AI score0.03552EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2026/07/01 12:0 a.m.10 views

openvpn -- multiple vulnerabilities

The OpenVPN community project team reports: ... OpenVPN 2.7.5 ... is a bugfix release fixing several security issues: Fix use-after-free bug in ackwritebuf, triggerable by a well-timed sequence of control channel + authentication packets CVE-2026-12996 Fix use-after-free bug in tlswrapreneg,...

7.5CVSS6.1AI score0.00549EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.7 views

PT-2026-56044

Name of the Vulnerable Software and Affected Versions OpenVPN affected versions not specified Description A use-after-free issue exists in the check session buf not used function within the tls-crypt-v2 mechanism and the tls wrap reneg function. A remote attacker could exploit this to cause a...

9.4CVSS7.2AI score
Exploits0References17
Rows per page
Query Builder