Lucene search
K

19025 matches found

Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.6 views

PT-2026-35235

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...

9CVSS5.8AI score0.00632EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/04/25 6:30 p.m.4 views

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

6.9CVSS5.3AI score0.00315EPSS
Exploits0References7Affected Software1
Fedora
Fedora
added 2026/04/25 1:58 a.m.7 views

[SECURITY] Fedora 44 Update: libmicrohttpd-1.0.5-1.fc44

GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...

8.7CVSS7.3AI score0.00382EPSS
Exploits0
Fedora
Fedora
added 2026/04/25 1:52 a.m.10 views

[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

8.8CVSS8.6AI score0.21621EPSS
Exploits0
Fedora
Fedora
added 2026/04/25 1:52 a.m.14 views

[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44

NGINX module for Brotli compression...

8.8CVSS8.7AI score0.21621EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/23 6:47 p.m.2 views

CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.3CVSS5.9AI score0.01567EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 6:47 p.m.7 views

EUVD-2026-25281

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.3CVSS6.1AI score0.01567EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/23 12:31 p.m.11 views

EUVD-2026-25215

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...

8.7CVSS5.9AI score0.00335EPSS
Exploits0References3
NVD
NVD
added 2026/04/23 10:16 a.m.9 views

CVE-2026-6903

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...

8.7CVSS0.00335EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:45 a.m.4 views

CVE-2026-6903

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...

8.7CVSS5.9AI score0.00335EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:45 a.m.19 views

CVE-2026-6903

The CVE-2026-6903 involves the LabOne Web Server (frontend for the LabOne UI). The issue stems from insufficient input validation in the file access functionality, enabling an unauthenticated attacker to read arbitrary host files accessible to the LabOne software user. Additionally, weak cross-or...

8.7CVSS5.9AI score0.00335EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 9:45 a.m.29 views

CVE-2026-6903 Path Traversal Vulnerability in LabOne User Interface

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...

8.7CVSS0.00335EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 9:45 a.m.4 views

CVE-2026-6903 Path Traversal Vulnerability in LabOne User Interface

The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...

8.7CVSS5.9AI score0.00335EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.7 views

SUSE CVE-2026-33256

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.4 views

SUSE CVE-2026-33257

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.7AI score0.00514EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.5 views

SUSE CVE-2026-33260

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...

5.3CVSS5.7AI score0.00524EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.14 views

Oracle Access Manager (April 2026 CPU)

The version of Access Manager installed on the remote host are affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin curl. Easily exploitable vulnerability allows...

7.3CVSS7.5AI score0.01168EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.7 views

Zurich Instruments LabOne Web Server 路径遍历漏洞

Zurich Instruments LabOne Web Server is a web service component provided by the Swiss company Zurich Instruments. It serves for instrument control, data acquisition, and visualization interface operations. The Zurich Instruments LabOne Web Server has a path traversal vulnerability, which stems fr...

8.7CVSS5.8AI score0.00335EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/23 12:0 a.m.103 views

📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb

This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...

7.5CVSS6.5AI score0.00299EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-33256

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server i...

7.5CVSS5.8AI score0.00606EPSS
Exploits0References3
Rows per page
Query Builder