Lucene search
+L

5245 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 8:44 p.m.16 views

Netty: QUIC stateless reset token material exposed through header-visible connection IDs

Summary Netty QUIC exposes the stateless reset token on the network path when using the default HMAC-based connection-ID and stateless-reset-token generators. The reset token for the server's current source connection ID can be derived from bytes that appear as the connection ID in QUIC headers...

4.8CVSS5.4AI score0.00204EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2025-55663

A segmentation violation in the TrackSetStreamDescriptor function isomedia/track.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

5.5CVSS0.00188EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 7:59 p.m.10 views

Trust Boundary Violation

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Trust Boundary Violation through the mutation of data.allowedTags or data.allowedAttributes in hooks, which directly alters the global default sets used for...

6.1CVSS5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 7:59 p.m.61 views

DOMPurify: Hook mutation of `data.allowedTags` / `data.allowedAttributes` permanently pollutes `DEFAULT_ALLOWED_TAGS` / `DEFAULT_ALLOWED_ATTR`

Hook mutation of data.allowedTags / data.allowedAttributes permanently pollutes DEFAULTALLOWEDTAGS / DEFAULTALLOWEDATTR CWE: CWE-501 Trust Boundary Violation — hook-scoped mutation leaks to global default sets via CWE-693 Protection Mechanism Failure — the default allow-list is silently widened f...

5.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/11 8:34 p.m.20 views

MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input

Impact A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes Lz4Block and Lz4BlockArray. The decoder implementation is based on a deprecated fast-decompression algorithm that does not take a source-length bound. A remote attacker can send a crafted...

8.2CVSS5.6AI score0.00296EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/11 5:3 a.m.11 views

EUVD-2026-36204

Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...

8.2CVSS5.5AI score0.00229EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.16 views

PT-2026-48814

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description An issue exists in the optional LZ4 decompression path used by compression modes Lz4Block and Lz4BlockArray. The decoder uses a deprecated...

8.2CVSS6AI score0.00296EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/10 9:0 p.m.10 views

CVE-2026-33828

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.0031EPSS
Exploits0References1
Schneier on Security
Schneier on Security
added 2026/06/10 11:8 a.m.12 views

NSO Group Hacking WhatsApp Despite Court Order

WhatsApp has caught the NSO Group phishing its users, in violation of a court order...

5.5AI score
Exploits0
EUVD
EUVD
added 2026/06/09 6:30 p.m.17 views

EUVD-2026-35657

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.0031EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.12 views

CVE-2026-33828

Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...

7.8CVSS0.0031EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:25 p.m.43 views

CVE-2026-46330

The CVE-2026-46330 entry concerns the Linux kernel TCP ULP support for SMC. The vulnerability arises when an active TCP socket is converted into an SMC socket by in-place modifications to core VFS structures (struct file, dentry, inode), violating VFS invariants that expect these structures to be...

7.8CVSS5.4AI score0.00112EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.13 views

CVE-2026-11494

A security vulnerability has been detected in TOTOLINK AC1200 T8 4.1.5cu.8611. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation leads to least privilege violation. The attack may be initiated remotely. The exploit has been disclosed publicly...

5.3CVSS5.1AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 a.m.12 views

CVE-2026-11497

A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipulation leads to least privilege violation. The attack can be executed remotely. The exploit has bee...

8.8CVSS5.4AI score0.00432EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.24 views

PT-2026-47632

A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...

6.9CVSS5.5AI score0.00285EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2026/06/08 7:2 p.m.14 views

Netty has Unbounded Direct Memory Consumption in its RedisDecoder

Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without \r\n. This exhausts the server's direct memory pool OutOfDirectMemoryError, preventing legitimate connections from being processed. Details io.netty.handler.codec.redis.RedisDecoder decodes the...

7.5CVSS5.5AI score0.0038EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/08 5:45 p.m.8 views

CVE-2026-11555 D-Link DGS-1100-08PD Web boa.conf least privilege violation

A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of...

6.3CVSS5AI score0.00405EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/08 5:45 p.m.12 views

EUVD-2026-35178

A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least privilege violation. The attack may be launched remotely. The attack requires a high level of...

6.3CVSS5AI score0.00405EPSS
Exploits0References6
CVE
CVE
added 2026/06/08 5:30 p.m.30 views

CVE-2026-11554

CVE-2026-11554 affects TOTOLINK CP450 4.1.0cu.747. The vulnerability targets unknown code in the vsftpd component, specifically the /etc/vsftpd.conf file, and results in a least privileged access violation. The attack may be initiated remotely, and public exploit details exist. Current documents ...

5.3CVSS5.2AI score0.00206EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/08 5:30 p.m.11 views

CVE-2026-11554 TOTOLINK CP450 vsftpd vsftpd.conf least privilege violation

A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege violation. The attack may be initiated remotely. The exploit has been publicly disclosed and may be...

5.3CVSS5.2AI score0.00206EPSS
Exploits0References6
Rows per page
Query Builder