Lucene search
K

162718 matches found

Cvelist
Cvelist
added 2 days ago32 views

CVE-2026-48277 ColdFusion | Improper Input Validation (CWE-20)

ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00855EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-48277

CVE-2026-48277 affects ColdFusion versions 2025.9, 2023.20 and earlier. The issue is an Improper Input Validation that could allow arbitrary code execution in the context of the current user. Exploitation does not require user interaction (network access implied by CVSS). No remediation or patch ...

10CVSS6.4AI score0.00855EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2 days ago3 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00694EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-27881 Coolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, GET /api/v1/deployments/uuid in DeployController.php retrieves deployment details without validating that the deployment belongs to the authenticated user's team. Any...

5CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-27882 Coolify: Timing Attack in GitLab Webhook Token Validation

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.461, the GitLab webhook endpoint uses a non-constant-time string comparison operator !== to validate the webhook secret token. This implementation is vulnerable to timing attack...

4.8CVSS0.00146EPSS
Exploits0References1
CVE
CVE
added 2 days ago13 views

CVE-2026-27882

Coolify prior to 4.0.0-beta.461 uses a non-constant-time string comparison (!=) to validate the GitLab webhook secret token, enabling timing-based disclosure of the secret. The issue is fixed in 4.0.0-beta.461. Remediation: upgrade to 4.0.0-beta.461.

4.8CVSS5.8AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago5 views

CVE-2026-12243

A flaw was found in NLTK. An attacker can exploit a path traversal vulnerability by providing specially crafted input to nltk.data.load or nltk.data.find. This allows the attacker to read arbitrary files accessible to the Python process, leading to information disclosure. The vulnerability arises...

7.5CVSS7.2AI score0.0051EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2 days ago7 views

giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension

A flaw was found in giflib. A remote attacker can exploit a buffer overflow vulnerability in the EGifGCBToExtension function by providing a specially crafted Graphics Control Extension GCE block. This allows overwriting an existing GCE block without proper size validation, leading to a denial of...

8.2CVSS7.6AI score0.00488EPSS
Exploits1References5
NVD
NVD
added 2 days ago11 views

CVE-2026-8451

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS0.00528EPSS
Exploits0References1
NVD
NVD
added 2 days ago8 views

CVE-2026-10817

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

6.9CVSS0.00403EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40317

Insufficient input validation leading to memory overread in NetScaler ADC and NetScaler Gateway if the TCP TimeStamp is enabled in TCP Profile and is associated with the virtual server of type LB, CS, VPN or the service configured on NetScaler...

6.9CVSS5.8AI score0.00403EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-8451 Insufficient input validation leading to memory overread

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS0.00528EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40305

Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP...

8.8CVSS5.8AI score0.00528EPSS
Exploits0References1
CVE
CVE
added 2 days ago11 views

CVE-2026-8451

CVE-2026-8451 describes insufficient input validation in NetScaler ADC and NetScaler Gateway, causing a memory overread when configured as a SAML IDP. Affected products are NetScaler ADC and NetScaler Gateway; root cause is input validation weaknesses leading to memory overread. The CVSS metrics ...

8.8CVSS5.8AI score0.00528EPSS
Exploits0References1Affected Software2
NCSC
NCSC
added 2 days ago6 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2 days ago4 views

mariadb: Arbitrary code execution via improper parameter validation during SST

A flaw was found in MariaDB server. During the State Snapshot Transfer SST process, a malicious joiner node could exploit improper parameter validation on the donor node. This vulnerability, specifically within the rsync SST method, allows the malicious joiner to execute arbitrary shell commands ...

9.1CVSS6.1AI score0.00694EPSS
Exploits0References6
OSV
OSV
added 2 days ago2 views

DEBIAN-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00398EPSS
Exploits0References1
NVD
NVD
added 2 days ago9 views

CVE-2026-49432

Improper Input Validation vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ Stomp. A remote unauthenticated peer that can reach an exposed STOMP connector can trigger denial-of-service behavior by sending a negative content-length. For the NIO STOMP transport, an attacker can...

7.5CVSS0.00524EPSS
Exploits0References2
NVD
NVD
added 2 days ago6 views

CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS0.00398EPSS
Exploits0References2
OSV
OSV
added 2 days ago2 views

UBUNTU-CVE-2026-49434

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00398EPSS
Exploits0References3
Rows per page
Query Builder