Lucene search
K

38415 matches found

OSV
OSV
added 2026/03/27 7:55 p.m.3 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/27 7:55 p.m.3 views

EUVD-2026-16790

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:55 p.m.3 views

CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 7:55 p.m.543 views

CVE-2026-33871

CVE-2026-33871 affects Netty, an asynchronous event-driven network framework. The issue occurs when a remote attacker floods an HTTP/2 server with CONTINUATION frames, exploiting an unlimited frame-count and bypassing size-based mitigations with zero-byte frames. This can cause high CPU usage and...

8.7CVSS5.9AI score0.01125EPSS
Exploits0References19Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:46 p.m.2 views

CVE-2026-33765

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...

9.3CVSS6AI score0.01088EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:43 p.m.2 views

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 7:43 p.m.3 views

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 6:31 p.m.2 views

EUVD-2026-16680

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...

9.8CVSS6AI score0.0033EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/03/27 6:18 p.m.7 views

@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +19 more potentially affected by CVE-2026-34043 via serialize-javascript (>=7.0.0 <=7.0.4)

serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =1.23.0-beta.0, =1.23.0-beta.0, =1.23.0-beta.0, =1.23.0-beta.0, =1.23.0-beta.0, =18.33.0, =0.7.5, =0.9.8, =0.15.8, =1.3.0, =1.5.1 - @sigmaott/media-live =0.5.0 and more Source cves: CVE-2026-34043 Source advisory:...

7.5CVSS5.4AI score0.00472EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/03/27 5:22 p.m.7 views

Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits

Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software,...

6AI score
Exploits0
EUVD
EUVD
added 2026/03/27 5:21 p.m.7 views

EUVD-2026-16490

Local Incus UI web server vulnerable to nuthentication bypass...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References4
Snyk
Snyk
added 2026/03/27 5:21 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication due to improper validation of authentication tokens in the incus webui process. An attacker can gain unauthorized access to the user's Incus instances and potentially escalate privileges by interacting with the...

8.8CVSS5.9AI score0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16604

A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...

7.5CVSS5.9AI score0.00417EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/27 3:30 p.m.8 views

EUVD-2026-16629

A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to...

7.5CVSS5.6AI score0.00278EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 3:16 p.m.4 views

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

7.5CVSS0.0043EPSS
Exploits0References10
OSV
OSV
added 2026/03/27 3:16 p.m.1 views

DEBIAN-CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

7.5CVSS5.5AI score0.0043EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 3:16 p.m.3 views

CVE-2026-33205

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...

5.5CVSS0.00173EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 3:16 p.m.3 views

UBUNTU-CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References12
UbuntuCve
UbuntuCve
added 2026/03/27 3:16 p.m.3 views

CVE-2026-33750

The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...

7.5CVSS6AI score0.0043EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/27 2:23 p.m.8 views

CVE-2021-27847

Division-By-Zero vulnerability in Libvips 8.10.5 in the function vipseyepoint, eye.cL83, and function vipsmaskpoint, mask.cL85...

6.5CVSS6.8AI score0.00976EPSS
Exploits1References1
Rows per page
Query Builder