Lucene search
K

19024 matches found

EUVD
EUVD
added 2026/05/29 1:5 p.m.12 views

EUVD-2026-33306

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00469EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:5 p.m.8 views

CVE-2026-45731

WWBN AVideo is an open source video platform. In 29.0 and earlier, view/update.php reads $POST'updateFile' as a relative path under updatedb/ and passes it to PHP's file for line-by-line execution as part of a database migration. An authenticated administrator can abuse this to read arbitrary tex...

6.9CVSS6AI score0.00469EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/29 5:12 a.m.12 views

MGASA-2026-0159 Updated nginx package fixes a security vulnerability

The updated package fixes a security vulnerability: NGINX ngxhttprewritemodule vulnerability. CVE-2026-9256...

9.2CVSS5.8AI score0.02596EPSS
Exploits3References3
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.18 views

nginx:1.26 security update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

9.2CVSS6.2AI score0.61469EPSS
Exploits39
SUSE Linux
SUSE Linux
added 2026/05/28 12:34 p.m.19 views

Security update for apache2

This update for apache2 fixes the following issues CVE-2026-23918: http2: double free and possible RCE on early reset bsc1263957. CVE-2026-24072: modrewrite elevation of privileges via apexpr bsc1263935. CVE-2026-28780: heap buffer overflow in modproxyajp via ajpmsgcheckheader bsc1264163...

9.2CVSS6.2AI score0.42802EPSS
Exploits18References44
Fedora
Fedora
added 2026/05/28 1:13 a.m.16 views

[SECURITY] Fedora 44 Update: nginx-1.30.2-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS5.8AI score0.02596EPSS
Exploits3
RedHat Linux
RedHat Linux
added 2026/05/27 9:42 p.m.20 views

httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue...

5.3CVSS5.8AI score0.00485EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/27 9:13 p.m.26 views

httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions

A flaw was found in the modproxyajp module of httpd. When processing AJP Apache JServ Protocol messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of...

5.3CVSS5.8AI score0.00393EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:49 p.m.9 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/27 6:9 p.m.17 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using Web Server Plug-ins (CVE-2026-8633, CVE-2026-8620)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by remote code execution and HTTP request smuggling when using the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Vulnerability Details...

9.8CVSS6.5AI score0.00847EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 1:21 p.m.13 views

CVE-2026-9035

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/05/27 10:7 a.m.13 views

RHSA-2026:20405 Red Hat Security Advisory: Red Hat JBoss Web Server 6.2.3 release and security update

Bulletin has no description...

7.5CVSS5.9AI score0.03645EPSS
Exploits2References39
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:18 a.m.16 views

Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy

...

8.2CVSS5.8AI score0.00382EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/27 5:16 a.m.16 views

CVE-2026-8450

HTTP::Daemon versions before 6.17 for Perl allow OS command injection via sendfile. sendfile opens its string argument with Perl's 2-arg open. The 2-arg form interprets magic prefixes: '| cmd' and 'cmd |' open a pipe to a subprocess, ' path' and ' path' open the path for write or append. Untruste...

9.1CVSS5.8AI score0.01021EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.15 views

RHEL 10 / 8 / 9 : Red Hat JBoss Web Server 6.2.3 (RHSA-2026:20405)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20405 advisory. Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised ...

9.1CVSS5.8AI score0.03645EPSS
Exploits2References17
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 6:38 p.m.19 views

Security Bulletin: IBM HTTP Server is affected by multiple vulnerabilities

Summary There are multiple vulnerabilities in the IBM HTTP Server used by IBM WebSphere Application Server CVE-2026-8834, CVE-2026-8852, CVE-2026-8856, CVE-2026-8850, CVE-2026-8854, CVE-2026-8855, CVE-2026-8835, CVE-2026-45186, CVE-2026-9170. Vulnerability Details CVEID:CVE-2026-8850 DESCRIPTION:...

9.8CVSS6.7AI score0.00488EPSS
Exploits1Affected Software1
NVD
NVD
added 2026/05/26 6:16 p.m.14 views

CVE-2026-8633

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

9.8CVSS0.00847EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 5:31 p.m.37 views

CVE-2026-9170

IBM HTTP Server (powered by Apache) is affected by CVE-2026-9170, affecting IBM HTTP Server 8.5 and 9.0. The vulnerability is described as a denial of service with potential remote code execution due to improper input validation (CWE-94). The IBM Security Bulletin lists this CVE alongside several...

9.8CVSS6.1AI score0.00488EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/26 5:19 p.m.13 views

EUVD-2026-31927

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

9.8CVSS6.5AI score0.00847EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 5:19 p.m.8 views

CVE-2026-8633 IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities when using when using Web Server Plug-ins

IBM Web Server Plug-ins for WebSphere Application Server and WebSphere Liberty 8.5, 9.0 IBM WebSphere Application Server and WebSphere Application Server Liberty are vulnerable to remote code execution in the Web Server Plug-ins, through a specially crafted request...

9.8CVSS6.5AI score0.00847EPSS
Exploits0References1
Rows per page
Query Builder