38415 matches found
CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...
EUVD-2026-16790
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...
CVE-2026-33871 Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, a remote user can trigger a Denial of Service DoS against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on the number of...
CVE-2026-33871
CVE-2026-33871 affects Netty, an asynchronous event-driven network framework. The issue occurs when a remote attacker floods an HTTP/2 server with CONTINUATION frames, exploiting an unlimited frame-count and bypassing size-based mitigations with zero-byte frames. This can cause high CPU usage and...
CVE-2026-33765
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. Versions prior to 6.0 have a critical OS Command Injection vulnerability in the savesettings.php file. The application takes the user-controlled $POST'webtheme' parameter...
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
EUVD-2026-16680
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/viewproduct.php file via the "id" parameter...
@internxt/cli (>=1.0.5 <=1.2.2), @latitude-data/cli (>=0.0.29 <=1.11.0-canary.8) +19 more potentially affected by CVE-2026-34043 via serialize-javascript (>=7.0.0 <=7.0.4)
serialize-javascript NPM version =7.0.0, =1.0.5, =0.0.29, =1.23.0-beta.0, =1.23.0-beta.0, =1.23.0-beta.0, =1.23.0-beta.0, =1.23.0-beta.0, =18.33.0, =0.7.5, =0.9.8, =0.15.8, =1.3.0, =1.5.1 - @sigmaott/media-live =0.5.0 and more Source cves: CVE-2026-34043 Source advisory:...
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is now sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS to alert users of web-based attacks and urge them to install the update. The development was first reported by MacRumors. "Apple is aware of attacks targeting out-of-date iOS software,...
EUVD-2026-16490
Local Incus UI web server vulnerable to nuthentication bypass...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication due to improper validation of authentication tokens in the incus webui process. An attacker can gain unauthorized access to the user's Incus instances and potentially escalate privileges by interacting with the...
EUVD-2026-16604
A blog.admin v.8.0 and before system's getinfobytoken API interface contains an improper access control which leads to sensitive data exposure. Unauthorized parties can obtain sensitive administrator account information via a valid token, threatening system security...
EUVD-2026-16629
A weakness has been identified in mingSoft MCMS 迄 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible to...
CVE-2026-33750
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...
DEBIAN-CVE-2026-33750
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...
CVE-2026-33205
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Prior to version 9.6.0, a Server-Side Request Forgery vulnerability in the background-image endpoint of calibre e-book reader's web view allows an attacker to perform blind GET requests to arbitra...
UBUNTU-CVE-2026-33750
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...
CVE-2026-33750
The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value e.g., 1..2..0 causes the sequence generation loop to run indefinitely, making the process hang for seconds and...
CVE-2021-27847
Division-By-Zero vulnerability in Libvips 8.10.5 in the function vipseyepoint, eye.cL83, and function vipsmaskpoint, mask.cL85...