Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.12 views

CVE-2026-37531

AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability CWE-22 combined with a TOCTOU race condition CWE-367 in the widget installation flow. The isvalidfilename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal...

9.8CVSS5.4AI score0.00711EPSS
Exploits0References1
NVD
NVD
added 2026/04/13 8:16 p.m.6 views

CVE-2026-32605

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.numvalidators...

7.5CVSS0.00463EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.4 views

PT-2026-26148

Name of the Vulnerable Software and Affected Versions Sliver versions 1.7.3 and below Description Sliver is a command and control framework that utilizes a custom Wireguard network stack. Versions 1.7.3 and below contain a Remote Out-of-Memory OOM issue in the mTLS and WireGuard C2 transport laye...

7.1CVSS5.8AI score0.00298EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2026/03/13 8:3 p.m.10 views

Centrifugo: SSRF via unverified JWT claims interpolated into dynamic JWKS endpoint URL

Summary Centrifugo is vulnerable to Server-Side Request Forgery SSRF when configured with a dynamic JWKS endpoint URL using template variables e.g. tenant. An unauthenticated attacker can craft a JWT with a malicious iss or aud claim value that gets interpolated into the JWKS fetch URL before the...

9.3CVSS5.9AI score0.00258EPSS
Exploits1References4Affected Software5
Rows per page
Query Builder