Lucene search
+L
VulnrichmentRecent

163937 matches found

Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•11 views

CVE-2026-41706 Open Redirect When Using CookieRequestCache

Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after a successful login. In affected versions, the full absolute URL is stored in the cookie and is us...

6.1CVSS5.5AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•8 views

CVE-2026-41701 In Spring AMQP sequential correlation IDs enable reply poisoning on fixed reply queues

Correlation IDs for replies in the RabbitTemplate.sendAndReceive with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.0 through 3.2.10; 3.1.0 through 3.1.15; 2.4.0 through 2.4.17...

4.4CVSS5.5AI score0.00173EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•9 views

CVE-2026-46545 nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in MerkleRadixTrie::putchunk allows any state-sync peer to crash any node performing state...

7.5CVSS5.2AI score0.00339EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•10 views

CVE-2026-41697 Spring Data Relational Parameter not Escaped for Query By Example LIKE Pattern

Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher STARTING, ENDING, or CONTAINING in Query By Example QBE. An attacker can supply wildcard characters to perform boolean-based blind data inference. Affected versions: Spring Data...

4.8CVSS5.5AI score0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•11 views

CVE-2026-41696 Spring Data MongoDB Bind Parameter Literal Quoting Breakout

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

5.9CVSS5.5AI score0.00262EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•12 views

CVE-2026-41695 Denial of Service in Spring Data Commons Property Path Resolution

Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolution. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through...

7.5CVSS5.4AI score0.00363EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•9 views

CVE-2026-46543 nimiq-blockchain: Genesis batch set request

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls getepochchunks which iterates...

5.3CVSS5.5AI score0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•8 views

CVE-2026-41694 SAML Payloads Decrypted Without Valid Signature

Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloads and use the Service Provider as a decryption oracle. Affected versions: Spring Security 5.7.0...

3.7CVSS5.5AI score0.00137EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:47 p.m.•9 views

CVE-2026-41008 Spring Security Authorization Server Open Redirect via request_uri

Spring Security Authorization Server's authorization endpoint performs insufficient validation of the requesturi parameter. An attacker can craft a malicious authorization request containing an invalid requesturi and an arbitrary, unvalidated redirecturi, which can lead to an Open Redirect...

6.1CVSS5.3AI score0.00172EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:46 p.m.•8 views

CVE-2026-41003 Unencoded HTML Outputs in Spring Security May Allow Cross-Site Scripting

An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 through 5.7.23; 5.8.0 through 5.8.25; 6.3.0 through 6.3.16; 6.4.0 through 6.4.16; 6.5.0 through 6.5.10;...

7.6CVSS5.8AI score0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:46 p.m.•11 views

CVE-2026-40993 Unfiltered Java Native Deserialization of SAML 2.0 Asserting Party Credentials BLOB Database Entry

An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository saml2assertingpartymetadata may be able to store malicious serialized payloads in the columns containing the collection of verification or encryption credentials verificationcredentials and...

7.3CVSS5.5AI score0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:46 p.m.•12 views

CVE-2026-40991 XML External Entity (XXE) injection when documenting untrusted XML content

When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a malicious API can perform an XXE injection attack when the documentation-generating tests are next execute...

5.9CVSS5.5AI score0.00223EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:46 p.m.•9 views

CVE-2026-46542 nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisig delinearization code path. Ed25519PublicKey::delinearize in keys/src/multisig/mod.rs called...

4.3CVSS5.5AI score0.00231EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:46 p.m.•9 views

CVE-2026-40988 Unbounded DEFLATE Inflation in SAML 2.0 Service Provider

An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates the compressed SAML payload into memory. Affected versions: Spring Security 5.7.0 through 5.7.23;...

7.5CVSS5.4AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:45 p.m.•9 views

CVE-2026-46540 Nimiq light-blockchain: Light blockchain rebranch issue

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:44 p.m.•10 views

CVE-2026-46539 nimiq-primitives: BlockInclusionProof interlink issue when hops are empty

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::isblockproven causes the function to return true without performing any cryptographic verification when getinterlinkhops...

5.9CVSS5.4AI score0.0015EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:44 p.m.•11 views

CVE-2026-53675 BuddyPress 14.4.0 Friends List IDOR via REST API

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers can query the friends endpoint with an arbitrary userid because the getitemspermissionscheck meth...

5.3CVSS5.6AI score0.00193EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:44 p.m.•10 views

CVE-2026-53674 BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

7.1CVSS5.5AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:44 p.m.•9 views

CVE-2026-44505 Nimiq network-libp2p: Untrusted peer can wedge DHT

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handledhtget network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the record...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:44 p.m.•15 views

CVE-2026-53673 BuddyPress 14.4.0 Private Message IDOR via REST API user_id Parameter

BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a userid parameter in the request. Attackers can pass another user's identifier to the...

8.6CVSS5.5AI score0.00294EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:7 p.m.•17 views

CVE-2026-44716 Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Read via `%2F`-Encoded Separator

Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pipecat's development runner src/pipecat/runner/run.py. When the runner is started with the --folder...

7.5CVSS5.4AI score0.00423EPSS
Exploits1References4
Vulnrichment
Vulnrichment
•added 2026/06/09 11:5 p.m.•10 views

CVE-2026-46517 LMDeploy: Hardcoded trust_remote_code=True is an implicit unsafe remote-code load path with no user opt-out

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trustremotecode=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches...

7.8CVSS5.4AI score0.00148EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:5 p.m.•8 views

CVE-2026-46432 LMDeploy: Arbitrary code execution via hardcoded trust_remote_code=True in lmdeploy model initialization

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 11:1 p.m.•7 views

CVE-2026-46411 FlashMQ: Client can trigger uncaught exception on FlashMQ 1.26.1 and older

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 11:0 p.m.•10 views

CVE-2026-46491 SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticket-directory read/unserialize and conditional deletion

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS5.5AI score0.00422EPSS
Exploits0References3
Vulnrichment
Vulnrichment
•added 2026/06/09 10:53 p.m.•37 views

CVE-2026-45782 Cloud Hypervisor: Use-after-free in virtio-block Async I/O Completion

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS5.6AI score0.00138EPSS
Exploits0References5
Vulnrichment
Vulnrichment
•added 2026/06/09 10:50 p.m.•8 views

CVE-2026-46518 OpenEMR: Stored XSS in prescription CSS/HTML print view via patient demographics

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

7.7CVSS5.5AI score0.00208EPSS
Exploits1References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:49 p.m.•9 views

CVE-2026-46433 lldpd: Heap OOB Read in VLAN Decapsulation memmove

lldpd is an implementation of IEEE 802.1ab LLDP. Prior to version 1.0.22, lldpddecode in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove to shift the frame payload 4 bytes left. The third argument byte count is s - 2 ETHERADDRLEN but should be s - 2...

6.5CVSS5.5AI score0.00225EPSS
Exploits0References4
Vulnrichment
Vulnrichment
•added 2026/06/09 10:40 p.m.•8 views

CVE-2026-46374 SQLFluff: Uncontrolled Resource Consumption in Parser

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:38 p.m.•8 views

CVE-2026-46373 SQLFluff: Recursive Stack Overflow in Parser

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:30 p.m.•9 views

CVE-2026-9753 Server crash via malformed binary diff passed to $_internalApplyOplogUpdate.

The $internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $internalApplyOplogUpdate can be executed by any authenticated user with access to the aggregate command...

8.1CVSS5.6AI score0.00298EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:27 p.m.•7 views

CVE-2026-9752 GeometryCollection with strict-winding polygon causes server crash during 2dsphere index key generation

An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-winding polygons are intentionally unsupported for indexing, but the guard that rejects them does not...

7.1CVSS5.2AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:27 p.m.•9 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS8.7AI score0.02042EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:24 p.m.•8 views

CVE-2026-9751 Sensitive data could be written to mongod.log

The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text...

6.8CVSS5.5AI score0.00109EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:17 p.m.•9 views

CVE-2026-9750 Metadata name collision on $-prefixed fields causes post-auth server crash

An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from insufficient separation between user-controlled document fields and internal metadata in certain...

7.1CVSS5.7AI score0.00368EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:10 p.m.•10 views

CVE-2026-9749 Using MaxKey() may crash the server

This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces enough documents to fill its exchange buffer that is, many results are routed to the same consumer,...

7.1CVSS5.8AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:8 p.m.•8 views

CVE-2026-9748 $_internalConvertBucketIndexStats may crash the mongod server when working on no timeseries input

The $internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechanism, but rather a TeeBuffer-internal signal used solely by $facet to coordinate its sub-pipelines...

7.1CVSS5.4AI score0.00323EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:5 p.m.•9 views

CVE-2026-9747 Crafted cross-shard merge aggregation crashes MongoDB Server

Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 10:2 p.m.•10 views

CVE-2026-9746 Server crashes in case of the use of exchange

When using $changestreams and $requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user must be logged in to issue the statement...

7.1CVSS5.4AI score0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:59 p.m.•9 views

CVE-2026-9743 Aggregation sub-pipeline null dereference may allow DoS via crafted getMore

In MongoDB Server 8.0, an aggregation stage can leave its subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may dereference this null sub-pipeline when reattaching to the operation context, accessing an invalid addres...

7.1CVSS5.5AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:57 p.m.•8 views

CVE-2026-9742 Authenticate command with specific mechanism parameter can trigger server crash

When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product...

8.2CVSS5.5AI score0.00347EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:56 p.m.•8 views

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•9 views

CVE-2026-34711 CAI Content Credentials | Integer Overflow or Wraparound (CWE-190)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

7.5CVSS5.5AI score0.0043EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•8 views

CVE-2026-34712 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•11 views

CVE-2026-47904 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•9 views

CVE-2026-47902 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•11 views

CVE-2026-47903 CAI Content Credentials | Improper Input Validation (CWE-20)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•9 views

CVE-2026-47905 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

6.2CVSS5.5AI score0.00153EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•9 views

CVE-2026-34657 CAI Content Credentials | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS5.6AI score0.00178EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/06/09 9:21 p.m.•26 views

CVE-2026-34713 CAI Content Credentials | Uncontrolled Resource Consumption (CWE-400)

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Uncontrolled Resource Consumption vulnerability. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this iss...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1
Total number of security vulnerabilities163937