19025 matches found
PT-2026-35235
A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...
CVE-2026-6993
A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...
[SECURITY] Fedora 44 Update: libmicrohttpd-1.0.5-1.fc44
GNU libmicrohttpd is a small C library that is supposed to make it easy to run an HTTP server as part of another application. Key features that distinguish libmicrohttpd from other projects are: C library: fast and small API is simple, expressive and fully reentrant Implementation is http 1.1...
[SECURITY] Fedora 44 Update: nginx-1.28.3-1.fc44
Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...
[SECURITY] Fedora 44 Update: nginx-mod-brotli-1.0.0~rc-7.fc44
NGINX module for Brotli compression...
CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...
EUVD-2026-25281
elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...
EUVD-2026-25215
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...
CVE-2026-6903
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...
CVE-2026-6903
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...
CVE-2026-6903
The CVE-2026-6903 involves the LabOne Web Server (frontend for the LabOne UI). The issue stems from insufficient input validation in the file access functionality, enabling an unauthenticated attacker to read arbitrary host files accessible to the LabOne software user. Additionally, weak cross-or...
CVE-2026-6903 Path Traversal Vulnerability in LabOne User Interface
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...
CVE-2026-6903 Path Traversal Vulnerability in LabOne User Interface
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...
SUSE CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
SUSE CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
SUSE CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
Oracle Access Manager (April 2026 CPU)
The version of Access Manager installed on the remote host are affected by a vulnerability as referenced in the April 2026 CPU advisory. - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Web Server Plugin curl. Easily exploitable vulnerability allows...
Zurich Instruments LabOne Web Server 路径遍历漏洞
Zurich Instruments LabOne Web Server is a web service component provided by the Swiss company Zurich Instruments. It serves for instrument control, data acquisition, and visualization interface operations. The Zurich Instruments LabOne Web Server has a path traversal vulnerability, which stems fr...
📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb
This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...
Linux Distros Unpatched Vulnerability : CVE-2026-33256
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server i...