369302 matches found
CVE-2026-54399
The CVE concerns Apache HttpComponents Core and a vulnerability in the HTTP/1.1 message parser causing memory exhaustion via an excessive number of headers or header length. Affected versions cited in public CVE records include 5.4.2 and earlier and 5.5-beta1 and earlier; a separate vendor-facing...
CVE-2026-49088
Kibana security advisory CVE-2026-49088 describes that when optional APM instrumentation is enabled, sensitive request header values may be logged in application logs, risking information disclosure (CWE-532). Affected versions include Kibana 8.x up to 8.18.8, 8.19.0–8.19.5, and 9.x 9.0.0–9.0.7, ...
CVE-2026-57721
The CVE-2026-57721 entry concerns the WordPress WP Reloaded ApplyOnline plugin, affected versions include up to 2.6.7.6. The issue is described as a Missing Authorization vulnerability caused by Incorrectly Configured Access Control security levels, which implies a broken access control condition...
CVE-2026-57720
The CVE-2026-57720 entry concerns the WordPress ThumbPress plugin (
CVE-2026-12480
CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...
CVE-2026-57516
Ray prior to 2.56.0 is affected via the WebDataset reader flaw in which _default_decoder() deserializes tar entries using pickle.loads for .pkl/.pickle and torch.load for .pt/.pth, enabling remote code execution inside Ray remote workers when processing a malicious tar archive. Affected component...
CVE-2026-49087
The CVE-2026-49087 issue concerns Kibana: Allocation of Resources Without Limits or Throttling (CWE-770) leading to a denial of service (CAPEC-130). An authenticated user can submit a crafted bulk deletion request that inflates resource use and can render Kibana unavailable. Connected sources spe...
CVE-2026-56152
Summary: CVE-2026-56152 concerns Elastic Defend. Affected component is the Elastic Defend response actions where an authorization check failure allowed a low-privileged authenticated user to access response action data they should not view (CWE-863, CAPEC-1). Impact details (as described): The vu...
CVE-2026-20243
CVE-2026-20243 describes a DoS-style vulnerability in ClamAV caused by memory corruption during ALZ archive parsing. The issue stems from improper boundary checks for content in ALZ files, leading to an out-of-bounds buffer write when a crafted ALZ file is scanned by vulnerable ClamAV instances. ...
CVE-2026-56151
This CVE affects Kibana with Fleet: Improper Input Validation (CWE-20) enabling Denial of Service via crafted Fleet policy input. Affected versions include 8.x (8.0.0–8.19.16), 9.x (9.0.0–9.3.5 and 9.4.0–9.4.2). The root cause is input validation failure for Fleet policy inputs, allowing an authe...
CVE-2026-20244
CVE-2026-20244 affects the DMG file format parser in ClamAV. The root cause is improper boundary checks for DMG content during scanning, which may trigger an integer overflow on 32-bit platforms. An unauthenticated, remote attacker could submit a crafted DMG file for scanning, potentially causing...
CVE-2026-20215
CVE-2026-20215 affects ClamAV’s 7z file format parser. The issue stems from improper boundary checks on 7z content during scanning, causing an out-of-bounds memory write that can crash the ClamAV scanning process. This allows an unauthenticated, remote attacker to trigger a DoS (and possibly expa...
CVE-2026-20217
The CVE-2026-20217 entry concerns ClamAV’s PESpin file format parser. The vulnerability arises from improper boundary checks for PESpin content during scanning, causing memory corruption that can lead to an out-of-bounds buffer write. An attacker could submit a crafted PESpin file to be scanned, ...
CVE-2026-20216
CVE-2026-20216 concerns ClamAV’s InstallShield file format parser. The vulnerability arises from improper handling of temporary resources during scanning, enabling an unauthenticated, remote attacker to submit a crafted InstallShield file that can terminate the ClamAV scanning process and tempora...
CVE-2026-20213
This CVE (CVE-2026-20213) affects the ClamAV PE file format parser. A crafted PE content file submitted to the scanner can trigger memory corruption due to improper boundary checks, leading to an out-of-bounds write. An unauthenticated, remote attacker could cause the ClamAV scanning process to t...
CVE-2026-20214
CVE-2026-20214 affects ClamAV’s FSG file format parser. The issue arises from improper boundary checks for content in FSG files during scanning, leading to an out-of-bounds buffer write and memory corruption. An unauthenticated, remote attacker could submit a crafted file containing portable exec...
CVE-2026-20191
Cisco Catalyst Center is affected by CVE-2026-20191. The issue arises from insufficient validation of user-supplied input, enabling an unauthenticated remote attacker to read arbitrary files from a restricted container by sending a crafted HTTP request. CVSSv3.1 base score 7.5 (HIGH), with networ...
CVE-2026-56150
MODE C: CVE-2026-56150 affects Elastic Fleet Server via Allocation of Resources Without Limits or Throttling (upload endpoint memory exhaustion). Multiple connected sources describe the vulnerability in Fleet Server's internal API packages and uploader, enabling an attacker to exhaust RAM and pot...
CVE-2026-34117
Guardian Language-System is affected by CVE-2026-34117 due to a vulnerability in text_to_subtitles.php where the id GET parameter is passed directly into PHP exec() without sanitization. This allows an unauthenticated, remote attacker to append shell metacharacters and execute arbitrary OS comman...
CVE-2026-34116
The CVE-2026-34116 entry concerns the Guardian language-system. The flaw occurs in transcribe.php where the GET parameter id is concatenated into a PHP exec() call without sanitization, enabling an unauthenticated remote attacker to inject shell commands. Affected component: Guardian language-sys...