Lucene search
K

19024 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.10 views

PT-2026-39154

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILE UPLOAD MAX MEMORY SIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit...

6.3CVSS5.8AI score0.00423EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/07 7:8 p.m.9 views

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS7.7AI score0.21621EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/07 7:8 p.m.8 views

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

8.7CVSS5.8AI score0.00921EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.10 views

Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr

...

8.8CVSS5.8AI score0.00654EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.13 views

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

...

7.5CVSS5.8AI score0.00394EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.10 views

Apache HTTP Server: http2: double free and possible RCE on early reset

...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
Microsoft CVE
Microsoft CVE
added 2026/05/07 8:11 a.m.10 views

Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line

...

6.5CVSS5.8AI score0.00436EPSS
Exploits0
EUVD
EUVD
added 2026/05/07 2:55 a.m.12 views

EUVD-2026-28263

Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...

6.5CVSS5.9AI score0.00307EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/06 7:55 p.m.16 views

USN-8239-1: Apache HTTP Server vulnerabilities

Bartlomiej Dmitruk and Stanislaw Strzalkowski discovered that Apache HTTP Server incorrectly handled certain memory operations when using the HTTP/2 protocol. A remote attacker could use this issue to cause Apache HTTP Server to crash, resulting in a denial of service, or possibly execute arbitra...

9.8CVSS6.3AI score0.4581EPSS
Exploits18
ATTACKERKB
ATTACKERKB
added 2026/05/06 6:42 p.m.7 views

CVE-2026-41938

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS6.6AI score0.00541EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/06 6:42 p.m.28 views

CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler

Vvveb before version 1.0.8.2 contains an unrestricted file upload vulnerability in the media upload handler that allows authenticated users with media-upload permissions to bypass extension restrictions by uploading a .htaccess file to map .phtml extensions to the PHP handler. Attackers can uploa...

8.8CVSS0.00541EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/06 6:38 p.m.80 views

Exploit for Double Free in Apache Http_Server

Watch for the double-free in real-ti...

8.8CVSS5.8AI score0.4581EPSS
Exploits16
EUVD
EUVD
added 2026/05/06 3:32 p.m.8 views

EUVD-2025-209702

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

4.6CVSS5.8AI score0.00234EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 3:16 p.m.10 views

CVE-2025-52613

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

8.8CVSS0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/06 1:50 p.m.33 views

CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component

HCL BigFix Service Management SM is affected by use of a vulnerable WSGI Server was identified. Deploying an outdated or insecure WSGI server may expose the application to known security weaknesses, potentially increasing the risk of exploitation and unauthorized access...

4.6CVSS0.00234EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 1:50 p.m.16 views

CVE-2025-52613

Technical details about CVE-2025-52613 are not publicly available in the provided documents. No explicit affected product versions, root cause, or fixes are disclosed here. Monitor for future updates from vendors and security advisories.

8.8CVSS5.8AI score0.00234EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/06 1:45 a.m.11 views

SUSE CVE-2026-5766

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. ASGI requests with a missing or understated Content-Length header can bypass the FILEUPLOADMAXMEMORYSIZE limit, potentially loading large files into memory and causing service degradation. As a reminder, Django expects a limit to ...

5.3CVSS5.8AI score0.00423EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37751

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Lightweight HTTP Server. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1, 17.0.4.1, 19; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0...

5.3CVSS5.9AI score0.02038EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/05/06 12:0 a.m.9 views

HCL BigFix Service Management 信息泄露漏洞

HCL BigFix Service Management is an IT service management and asset management platform developed by the Indian company HCL. HCL BigFix Service Management has a vulnerability related to information leakage. This vulnerability stems from the use of a vulnerable WSGI server. Deploying outdated or...

8.8CVSS5.8AI score0.00234EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Debian dsa-6248 : apache2 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6248 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6248-1 [email protected]...

9.8CVSS6.2AI score0.4581EPSS
Exploits18References25
Rows per page
Query Builder