Lucene search
+L

30 matches found

susecve
susecve
added 2026/03/28 12:25 a.m.7 views

SUSE CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3
osv
osv
added 2026/03/27 7:8 a.m.5 views

BIT-NATS-2026-33215 NATS is vulnerable to MQTT hijacking via Client ID

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References3
susecve
susecve
added 2026/03/27 12:25 a.m.4 views

SUSE CVE-2026-29785

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS5.9AI score0.00658EPSS
Exploits0References4
osv
osv
added 2026/03/25 8:16 p.m.2 views

DEBIAN-CVE-2026-29785

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS6AI score0.00658EPSS
Exploits0References1
ubuntucve
ubuntucve
added 2026/03/25 8:16 p.m.5 views

CVE-2026-29785

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS6.3AI score0.00658EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2026/03/25 7:38 p.m.3 views

CVE-2026-29785

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS5.8AI score0.00658EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/03/25 7:38 p.m.3 views

CVE-2026-29785 NATS Server panic via malicious compression on leafnode port

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS5.9AI score0.00658EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/03/25 7:38 p.m.8 views

CVE-2026-29785

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.14 and 2.12.5, if the nats-server has the "leafnode" configuration enabled not default, then anyone who can connect can crash the nats-server by triggering a panic. This happens...

7.5CVSS5.8AI score0.00658EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/03/25 12:0 a.m.7 views

PT-2026-28092

Name of the Vulnerable Software and Affected Versions NATS-Server versions 2.2.0 through 2.11.14 NATS-Server versions 2.12.0 through 2.12.5 Description NATS-Server, a high-performance messaging system, has a flaw where a missing sanity check on WebSocket frames can cause the server to panic. This...

9.8CVSS5.8AI score0.00582EPSS
Exploits12References156
cnnvd
cnnvd
added 2026/03/25 12:0 a.m.8 views

Nats-Server 代码问题漏洞

Nats-Server is a high-performance server developed by Nats Open Source, used in Nats.io, cloud, and edge native messaging systems. There were code-related vulnerabilities in versions prior to Nats-Server 2.11.14 and 2.12.5. These vulnerabilities stemmed from improper compression handling when the...

7.5CVSS6.4AI score0.00658EPSS
Exploits0References4
euvd
euvd
added 2026/03/24 9:39 p.m.9 views

EUVD-2026-15017

NATS is vulnerable to MQTT hijacking via Client ID...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References3
snyk
snyk
added 2026/03/24 9:29 p.m.4 views

NULL Pointer Dereference

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to NULL Pointer Dereference via the compression process on the leafnode port. An attacker can...

8.7CVSS5.9AI score0.00658EPSS
Exploits0References2
osv
osv
added 2026/03/24 9:16 p.m.5 views

UBUNTU-CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References5
debiancve
debiancve
added 2026/03/24 8:55 p.m.7 views

CVE-2026-33215

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The nats-server provides an MQTT client interface. Prior to versions 2.11.15 and 2.12.5, Sessions and Messages can by hijacked via MQTT Client ID malfeasance. Versions 2.11.15 and 2.12.5 patch the issu...

6.5CVSS6AI score0.0024EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/03/24 12:0 a.m.8 views

PT-2026-27519

Name of the Vulnerable Software and Affected Versions NATS-Server versions prior to 2.11.15 NATS-Server versions prior to 2.12.6 Description NATS-Server, a high-performance server for NATS.io, a cloud and edge native messaging system, contains a flaw where sessions and messages can be hijacked vi...

9.8CVSS5.9AI score0.00616EPSS
Exploits21References158
redhatcve
redhatcve
added 2026/02/27 12:41 a.m.10 views

CVE-2026-3206

Improper Resource Shutdown or Release vulnerability in KrakenD, SLU KrakenD-CE CircuitBreaker modules, KrakenD, SLU KrakenD-EE CircuitBreaker modules. This issue affects KrakenD-CE: before 2.13.1; KrakenD-EE: before 2.12.5...

5.3CVSS5.3AI score0.00256EPSS
Exploits0References1
nessus
nessus
added 2025/08/27 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-32743

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In...

8.8CVSS7.1AI score0.01803EPSS
Exploits1References2
redhatcve
redhatcve
added 2025/06/29 2:26 p.m.11 views

CVE-2025-53280

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AntoineH Football Pool football-pool allows Stored XSS.This issue affects Football Pool: from n/a through = 2.12.5...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 6:31 p.m.8 views

CVE-2021-30139

In Alpine Linux apk-tools before 2.12.5, the tarball parser allows a buffer overflow and crash...

7.5CVSS7.4AI score0.01618EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/22 5:33 a.m.8 views

CVE-2013-3653

Multiple cross-site scripting XSS vulnerabilities in the RecommendSearch feature in the management screen in LOCKON EC-CUBE before 2.12.5 allow remote attackers to inject arbitrary web script or HTML via vectors involving the rank parameter, a different vulnerability than CVE-2013-3652...

4.3CVSS5.8AI score0.05932EPSS
Exploits0References1
Rows per page
Query Builder