Lucene search
K

41 matches found

NVD
NVD
added 2026/06/22 11:16 p.m.11 views

CVE-2026-48746

vLLM is an inference and serving engine for large language models LLMs. From 0.3.0 until 0.22.0, a vulnerability in ASGI web servers and starlette's trust on those web servers enables an authentication bypass of the OpenAI API AuthenticationMiddleware. It allows to use the API without providing t...

9.1CVSS0.01014EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/09 9:58 p.m.3 views

Interpretation Conflict

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sending specially crafte...

8.3CVSS5.8AI score0.00095EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sendin...

8.3CVSS5.8AI score0.00095EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS7.8AI score0.00286EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 10:16 a.m.20 views

CVE-2025-40948

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.17.1, RUGGEDCOM ROX MX5000RE All versions V2.17.1, RUGGEDCOM ROX RX1400 All versions V2.17.1, RUGGEDCOM ROX RX1500 All versions V2.17.1, RUGGEDCOM ROX RX1501 All versions V2.17.1, RUGGEDCOM ROX RX1510 All versions V2.17.1...

6.8CVSS0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 1:50 p.m.47 views

CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

4.6CVSS0.00234EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.10 views

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the use of a vulnerable WSGI server. Deploying outdated or...

8.8CVSS5.8AI score0.00234EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:19 p.m.3 views

CVE-2026-40115

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the WSGI-based recipe registry server server.py reads the entire HTTP request body into memory based on the client-supplied Content-Length header with no upper bound. Combined with authentication being disabled by default no token...

6.2CVSS6AI score0.00334EPSS
Exploits1References2Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/02 6:16 p.m.6 views

CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.8AI score0.00179EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 6:16 p.m.4 views

CVE-2026-26962

Rack is a modular Ruby web server interface. From version 3.2.0 to before version 3.2.6, Rack::Multipart::Parser unfolds folded multipart part headers incorrectly. When a multipart header contains an obs-fold sequence, Rack preserves the embedded CRLF in parsed parameter values such as filename o...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.6 views

CVE-2026-34826

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Utils.getbyteranges parses the HTTP Range header without limiting the number of individual byte ranges. Although the existing fix for CVE-2024-26141 rejects ranges whose total byte coverage exceeds the...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.3 views

CVE-2026-26961

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Multipart::Parser extracts the boundary parameter from multipart/form-data using a greedy regular expression. When a Content-Type header contains multiple boundary parameters, Rack selects the last one...

5.3CVSS5.8AI score0.00253EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/04/02 5:16 p.m.10 views

CVE-2026-34830

Rack is a modular Ruby web server interface. Prior to versions 2.2.23, 3.1.21, and 3.2.6, Rack::Sendfilemapaccelpath interpolates the value of the X-Accel-Mapping request header directly into a regular expression when rewriting file paths for X-Accel-Redirect. Because the header value is not...

7.5CVSS5.8AI score0.00209EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/04/02 5:7 p.m.4 views

CVE-2026-34827

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

7.5CVSS5.3AI score0.00475EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/02 5:6 p.m.4 views

CVE-2026-32762

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21 and 3.2.0 to before 3.2.6, Rack::Utils.forwardedvalues parses the RFC 7239 Forwarded header by splitting on semicolons before handling quoted-string values. Because quoted values may legally contain semicolons...

6.5CVSS5.3AI score0.00179EPSS
Exploits0
Snyk
Snyk
added 2026/03/16 8:47 p.m.4 views

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal via the sanitizeArchivePath function. An attacker can write arbitrary files outside the intended extraction directory by crafting archive entries with path traversal sequences, potentially leading to overwriting...

8.7CVSS5.9AI score0.00434EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 8:53 a.m.7 views

CVE-2021-27422

GE UR firmware versions prior to version 8.1x web server interface is supported on UR over HTTP protocol. It allows sensitive information exposure without authentication...

7.5CVSS6.6AI score0.00641EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/11/07 12:0 a.m.1 views

The vulnerability of the Rack::Multipart::Parser class in the module interface between web servers and Rack web applications allows a attacker to cause a service failure.

The vulnerability of the Rack::Multipart::Parser class in module interfaces between web servers and Rack web applications involves an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.5AI score0.00868EPSS
Exploits0References14Affected Software10
BDU FSTEC
BDU FSTEC
added 2025/11/07 12:0 a.m.5 views

The vulnerability in the Rack::Request#POST class of the modular interface between web servers and Rack web applications allows a attacker to cause a service failure.

The vulnerability in the Rack::RequestPOST class of the modular interface between web servers and Rack web applications involves an uncontrolled resource consumption. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS6.6AI score0.00605EPSS
Exploits0References15Affected Software11
EUVD
EUVD
added 2025/10/22 6:52 a.m.6 views

EUVD-2025-35333

A low privileged remote attacker can upload arbitrary data masked as a png file to the affected device using the webserver API because only the file extension is verified...

4.3CVSS6.7AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder