Lucene search
K

20358 matches found

NVD
NVD
added 2 hours ago5 views

CVE-2026-59762

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS
Exploits0References1
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-44679

When an HTTP/2 profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Impact: System performance can degrade until the TMM process is either forced to restart or is manually restarted. This vulnerability allows a remote,...

8.7CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 13 hours ago110 views

Monstra CMS 3.0.4 - HTTP Header Injection

Monstra CMS 3.0.4 is susceptible to HTTP header injection in the plugins/captcha/crypt/cryptographp.php cfg parameter. An attacker can potentially supply invalid input and cause the server to allow redirects to attacker-controlled domains, perform cache poisoning, and/or allow improper access to...

6.1CVSS6.7AI score0.0302EPSS
Exploits1References3
CVE
CVE
added yesterday8 views

CVE-2026-50432

CVE-2026-50432 describes a Use-after-free vulnerability in the Windows Virtual Filtering Platform (VFP) . An authenticated attacker could trigger a denial-of-service condition over the network by exploiting this flaw in the VFP code path, as indicated by the CVE entry: AV:N/AC:H/PR:L/UI:N/S:U/C:N...

5.3CVSS6.1AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-53365

A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs during zerocopy completion for large messages fragmented into multiple socket kernel buffers skbs. An issue in how user arguments uargs are handled for these buffers can lead to pinned user pages not being...

5.5CVSS6.1AI score0.00155EPSS
Exploits0References4
CVE
CVE
added yesterday8 views

CVE-2026-6790

In Eclipse Jetty, HTTP/1 requests to HTTP/1.3 (HTTP/2/3 included) do not enforce that the request authority (host and port) matches the Host header when present. This mismatch can affect URI redirects, virtual host selection, reverse proxying, and logs. The issue is described across CVE sources (...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added yesterday5 views

EUVD-2026-43646

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS6.1AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday19 views

CVE-2026-6790

In Eclipse Jetty, for HTTP/1, HTTP/2 and HTTP/3 requests, there is no strict check that the request authority host and port matches what provided in the Host header if present. This was not enforced in earlier HTTP RFC for example, in RFC 2616, but it is in the latest RFC 9110 and 9112. This...

5.3CVSS0.00196EPSS
Exploits0References1
The Hacker News
The Hacker News
added yesterday10 views

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

The U.S. Treasury Department's Office of Foreign Assets Control OFAC has designated two individuals and a VPN service provider for enabling ransomware actors' and other cybercriminals' malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service 1VPNS, ha...

10CVSS7AI score0.9951EPSS
Exploits2
CVE
CVE
added yesterday12 views

CVE-2025-8412

The CVE-2025-8412 entry concerns the SUSE Virtual Machine Driver Pack. A BUFFER overflow can occur in the RtlQueryRegistryValues function when an attacker able to modify the registry interacts with the driver, affecting integrity. Affected scope is the Virtual Machine Driver Pack up to the build ...

2CVSS6.1AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
added yesterday5 views

EUVD-2025-210459

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score0.0009EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday6 views

CVE-2025-8412

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score0.0009EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added yesterday7 views

kernel: iommu: disable SVA when CONFIG_X86 is set

A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...

7.8CVSS6.7AI score0.00145EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday5 views

PT-2026-58073

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 5.0.0 through 5.0.2 FortiSandbox versions 4.4.3 through 4.4.8 Description An exposure of resource to wrong sphere issue allows an unauthenticated attacker to access the VNC server of virtual machines performing scanning v...

8.6CVSS6.1AI score
Exploits0References6
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-60103

Name of the Vulnerable Software and Affected Versions Anyquery affected versions not specified Description When operated in server mode, the software lacks input sanitization and access control for its built-in SQLite virtual table modules, such as csv reader and log reader. Unauthenticated...

7.5CVSS6.1AI score
Exploits0References5
Positive Technologies
Positive Technologies
added yesterday3 views

PT-2026-60102

Name of the Vulnerable Software and Affected Versions Anyquery affected versions not specified Description When operating in server mode, the software does not restrict outbound HTTP requests initiated by built-in SQLite virtual table modules, such as json reader and log reader. Unauthenticated...

8.6CVSS6.1AI score
Exploits0References5
NVD
NVD
added 5 days ago5 views

CVE-2026-45203

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

7.8CVSS0.00092EPSS
Exploits0References1
NVD
NVD
added 5 days ago8 views

CVE-2026-34196

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...

7.8CVSS0.00118EPSS
Exploits0References1
NVD
NVD
added 5 days ago10 views

CVE-2026-45196

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...

7.8CVSS0.00106EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-57157

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. FreeRDP server implementations with the MS-RDPECAM camera device enumerator channel enabled are vulnerable to an out-of-bounds heap read. A malicious RDP client can exploit this by manipulating the DeviceName a...

6.5CVSS6AI score0.00539EPSS
Exploits1References9
Rows per page
Query Builder