Lucene search
K

19066 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 12:50 p.m.6 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using the Web Server Plug-ins (CVE-2026-9072, CVE-2026-8858, CVE-2026-10852)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and a denial of service when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability Details...

9.8CVSS6.3AI score0.00409EPSS
Exploits0Affected Software1
Nuclei
Nuclei
added 2026/06/16 7:13 a.m.212 views

Zyxel NAS Firmware 5.21- Remote Code Execution

Multiple Zyxel network-attached storage NAS devices running firmware version 5.21 contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable device. Zyxel NAS devices achieve authentication by using th...

10CVSS9.9AI score0.99988EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.16 views

PT-2026-49885

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Acces...

7.3CVSS5.1AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.12 views

EUVD-2026-36794

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS6.3AI score0.00525EPSS
Exploits2References4
EUVD
EUVD
added 2026/06/15 12:31 a.m.11 views

EUVD-2026-36671

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS8.3AI score0.00316EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 12:16 a.m.14 views

CVE-2026-12192

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS0.00316EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49572

Name of the Vulnerable Software and Affected Versions Python-Multipart versions prior to 0.0.31 Description The parse form function fails to validate the Content-Length header before using it to limit the chunked read of the request body. Because the header value is parsed as an integer without a...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2026/06/14 11:15 p.m.8 views

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS8.3AI score0.00316EPSS
Exploits0References4
CVE
CVE
added 2026/06/14 11:15 p.m.25 views

CVE-2026-12192

GALAYOU Y4 Web Server 1.0.0 is affected by a buffer overflow in an unspecified Web Server function. The flaw enables local-network exploitation with no authentication required and affects confidentiality, integrity, and availability. Public exploit details are indicated in the CVE context, and th...

8.8CVSS8.3AI score0.00316EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/14 11:15 p.m.37 views

CVE-2026-12192 GALAYOU Y4 Web Server buffer overflow

A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted...

8.8CVSS0.00316EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

Fedora 44 : dnsdist (2026-51cdd1292b)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-51cdd1292b advisory. Bug Fixes: CVE-2026-33254: An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdi...

9.1CVSS6AI score0.01073EPSS
Exploits0References12
OSV
OSV
added 2026/06/13 12:3 a.m.13 views

RLSA-2026:25057 Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.3AI score0.11471EPSS
Exploits8References2
CVE
CVE
added 2026/06/12 2:15 p.m.24 views

CVE-2026-47139

vm2 NodeVM burlon bypass vulnerability exists where public network modules are blocked but internal underscored HTTP builtins (_http_client, _http_server) remain reachable. The issue allows sandboxed code to perform outbound HTTP requests and open listening sockets despite network exclusions, ena...

8.6CVSS5.3AI score0.00282EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.12 views

OESA-2026-2639 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or...

7.5CVSS5.2AI score0.11471EPSS
Exploits8References2
GithubExploit
GithubExploit
added 2026/06/11 3:5 p.m.72 views

network-intrusion-detector

network-intrusion-detector A Python tool that analyses web se...

5.6AI score
Exploits0
EUVD
EUVD
added 2026/06/11 2:30 p.m.11 views

EUVD-2026-36249

Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web Shell to a Web Server. This issue affects Rotaban: from V2026.06.002 before V2026.06.003...

9.9CVSS5.4AI score0.00335EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/11 10:46 a.m.14 views

Important: Red Hat Security Advisory: mod_http2 security update

An update for modhttp2 is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References2
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-45541

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS5.4AI score0.00439EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.18 views

RHEL 8 : httpd:2.4 (RHSA-2026:25090)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:25090 advisory. The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: HTTP/2: Remote Denial of...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
Cvelist
Cvelist
added 2026/06/10 10:11 p.m.33 views

CVE-2026-44693 Pi-hole FTL: Unauthenticated Session Hijacking via Race Condition on Global Session Buffer

Pi-hole FTL is the core engine of the Pi-hole network-level advertisement and tracker blocker. Prior to version 6.6.1, Pi-hole FTL contains a race condition vulnerability in the HTTP session management subsystem, introduced with the v6.0 rewrite of the embedded CivetWeb-based web server. This iss...

8.8CVSS0.0023EPSS
Exploits0References2
Rows per page
Query Builder