Lucene search
K

7 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 7:45 a.m.6 views

CVE-2026-43870

Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal', Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting', Uncontrolled Resource Consumption vulnerability in Apache Thrift. This issue affects Apache Thrift:...

5.8AI score0.00394EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.9 views

PT-2026-36985

Name of the Vulnerable Software and Affected Versions Apache Thrift versions prior to 0.23.0 Description Improper validation of certificates with host mismatch occurs in Apache Thrift. Recommendations Upgrade to version 0.23.0...

7.3CVSS5.8AI score0.00632EPSS
Exploits0References37
CVE
CVE
added 2026/04/28 9:21 a.m.18 views

CVE-2026-41607

CVE-2026-41607 : The connected documents confirm an out-of-bounds read vulnerability in Apache Thrift, affecting Thrift versions before 0.23.0. The mitigation is to upgrade to 0.23.0 or later, as specified in multiple sources. The vulnerability affects the Thrift implementation and is described c...

9.1CVSS5.2AI score0.00967EPSS
Exploits0References12Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/28 9:19 a.m.3 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

5.2AI score0.00593EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/28 9:19 a.m.3 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS5.3AI score0.00593EPSS
Exploits0
NVD
NVD
added 2025/12/31 10:15 p.m.6 views

CVE-2025-68700

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions prior to 0.23.0, a low-privileged authenticated user normal login account can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox...

9.4CVSS0.00473EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.3 views

cpp-httplib 安全漏洞

cpp-httplib is an HTTP/HTTPS server and client library written in C++ by the individual developer yhirose. A security vulnerability exists in cpp-httplib versions prior to 0.23.0, which stems from a Transfer-Encoding: chunked header that could cause the server to run out of memory...

7.5CVSS6.4AI score0.00505EPSS
Exploits1References3
Rows per page
Query Builder