19026 matches found
Zurich Instruments LabOne Web Server 路径遍历漏洞
Zurich Instruments LabOne Web Server is a web service component provided by the Swiss company Zurich Instruments. It serves for instrument control, data acquisition, and visualization interface operations. The Zurich Instruments LabOne Web Server has a path traversal vulnerability, which stems fr...
PT-2026-34653
The LabOne Web Server, backing the LabOne User Interface, contains insufficient input validation in its file access functionality. An unauthenticated attacker could exploit this vulnerability to read arbitrary files on the host system that are accessible to the operating system user running the...
GHSA-2R2P-4CGF-HV7H engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection
Summary The local HTTP server started by engram server binding 127.0.0.1:7337 by default was exposed to any browser origin with no authentication unless ENGRAMAPITOKEN was explicitly set. Combined with Access-Control-Allow-Origin: on every response and a body parser that did not require...
EUVD-2026-24719
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
EUVD-2026-24720
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
EUVD-2026-24725
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
DEBIAN-CVE-2026-33256
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260
CVE-2026-33260 describes an input-validation flaw in the internal web server that can cause unlimited memory allocation when processing a web request, resulting in denial of service. The issue is documented across multiple feeds (NVD, ENISA EUVD, Debian OSV, CIRCL, etc.), all noting that the inte...
CVE-2026-33260 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33260
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33257 Insufficient input validation of internal webserver
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33257
The CVE-2026-33257 issue enables an attacker to send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. In the provided documents, no concrete product/vendor/version, root cause details ...
CVE-2026-33257
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256 Unbounded memory allocation by internal web server
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default...
CVE-2026-33256
CVE-2026-33256 affects PowerDNS Recursor: an attacker can send a network web request that triggers unbounded memory allocation in the internal web server, causing a denial of service. The internal web server is disabled by default, mitigating some exposure. Public sources (NVD, Red Hat, Debian, E...