| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-14684 | 0.00 | — | 0.00 | Jul 6, 2026 | A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes… | |||
| CVE-2026-14683 | 0.00 | — | 0.00 | Jul 6, 2026 | A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument… | |||
| CVE-2026-14686 | 0.00 | — | 0.00 | Jul 6, 2026 | A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect… | |||
| CVE-2026-14685 | 0.00 | — | 0.00 | Jul 6, 2026 | A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state… | |||
| CVE-2026-14790 | 0.00 | — | 0.00 | Jul 6, 2026 | A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been… | |||
| CVE-2026-9165 | imp | 0.50 | 7.7 | 0.00 | Jul 6, 2026 | stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service | ||
| CVE-2026-43866 | imp | 0.46 | 8.1 | 0.01 | Jul 6, 2026 | camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection | ||
| CVE-2026-56140 | low | 0.00 | — | 0.00 | Jul 6, 2026 | org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation | ||
| CVE-2026-56139 | mod | 0.27 | 5.3 | 0.00 | Jul 6, 2026 | org.apache.camel/camel-undertow: Apache Camel Undertow: Information disclosure via error messages containing sensitive data | ||
| CVE-2026-49365 | imp | 0.27 | 5.3 | 0.00 | Jul 6, 2026 | org.apache.camel/camel-netty-http: Apache Camel Netty HTTP: Information disclosure via error messages containing sensitive data | ||
| CVE-2026-49098 | mod | 0.35 | 6.5 | 0.00 | Jul 6, 2026 | camel-kafka: Apache Camel Kafka Component: Message redirection and injection via header manipulation | ||
| CVE-2026-46726 | imp | 0.46 | 8.2 | 0.01 | Jul 6, 2026 | camel-vertx-websocket: Apache Camel Vertx Websocket: Server-Side Request Forgery and sensitive data exposure | ||
| CVE-2026-46592 | imp | 0.42 | 7.5 | 0.00 | Jul 6, 2026 | org.apache.camel/camel-cxf: Apache Camel CXF SOAP: Remote attacker can execute unintended operations via header manipulation | ||
| CVE-2026-46584 | mod | 0.42 | 7.5 | 0.00 | Jul 6, 2026 | org.apache.camel/camel-mail: Apache Camel Mail Component: Credential exposure and information disclosure via improper input validation of mail headers | ||
| CVE-2026-40859 | imp | 0.46 | 8.1 | 0.01 | Jul 6, 2026 | org.apache.camel/camel-vertx-http: Apache Camel (camel-vertx-http): Remote Code Execution via Deserialization of Untrusted Data | ||
| CVE-2026-40047 | mod | 0.35 | 6.5 | 0.02 | Jul 6, 2026 | camel-docling: Apache Camel Docling: CLI argument injection and path traversal | ||
| CVE-2026-14788 | low | 0.14 | 3.3 | 0.00 | Jul 6, 2026 | radare2: radare2: Denial of Service via use-after-free in r_core_bin_load function | ||
| CVE-2026-14760 | low | 0.14 | 3.3 | 0.00 | Jul 5, 2026 | radare2: radare2: Denial of Service via local use-after-free vulnerability | ||
| CVE-2026-14759 | low | 0.14 | 3.3 | 0.00 | Jul 5, 2026 | radare2: radare2: Denial of Service via heap-based buffer overflow | ||
| CVE-2026-14757 | mod | 0.27 | 5.3 | 0.00 | Jul 5, 2026 | radare2: Radare2: Integer overflow allows local impact | ||
| CVE-2026-14742 | low | 0.20 | 3.1 | 0.00 | Jul 5, 2026 | langgraph: Langgraph: Information Disclosure via Weak Hash in Task Result Cache | ||
| CVE-2026-12481 | 0.00 | — | 0.00 | Jul 5, 2026 | A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set… | |||
| CVE-2026-12252 | 0.00 | — | 0.00 | Jul 5, 2026 | In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable… | |||
| CVE-2026-14570 | 0.00 | — | 0.01 | Jul 5, 2026 | Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search.… | |||
| CVE-2026-14610 | 0.00 | — | 0.00 | Jul 5, 2026 | A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is… | |||
| CVE-2026-53361 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 … | |||
| CVE-2026-53362 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as … | |||
| CVE-2026-53359 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and… | |||
| CVE-2026-53360 | 0.00 | — | 0.00 | Jul 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State… | |||
| CVE-2025-71385 | 0.00 | — | 0.00 | Jul 5, 2026 | Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document (into a text element) without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An… | |||
| CVE-2026-14647 | 0.00 | — | 0.00 | Jul 5, 2026 | A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely.… | |||
| CVE-2026-14781 | mod | 0.31 | 4.8 | 0.00 | Jul 5, 2026 | keycloak-services: keycloak-services: OIDC email_verified claim incorrectly applied to userinfo email | ||
| CVE-2026-14651 | — | low | 0.21 | 3.3 | 0.00 | Jul 4, 2026 | grass: Grass: Denial of Service vulnerability via local manipulation of compiler functions | |
| CVE-2026-14650 | — | low | 0.21 | 3.3 | 0.00 | Jul 4, 2026 | grass: Grass: Denial of Service in UTF-8 Character Handler | |
| CVE-2026-14535 | imp | 0.50 | 8.8 | 0.00 | Jul 4, 2026 | fickling: Fickling: Arbitrary code execution via pickle deserialization bypass | ||
| CVE-2026-14534 | imp | 0.50 | 8.8 | 0.00 | Jul 4, 2026 | fickling: python: fickling: Arbitrary code execution due to incomplete denylist in deserialization | ||
| CVE-2026-58379 | 0.00 | — | 0.00 | Jul 4, 2026 | A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The… | |||
| CVE-2026-44941 | 0.00 | — | 0.01 | Jul 4, 2026 | A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root. | |||
| CVE-2026-14604 | 0.00 | — | 0.00 | Jul 4, 2026 | A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be… | |||
| CVE-2026-8804 | 0.00 | — | 0.00 | Jul 4, 2026 | Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache.… | |||
| CVE-2026-52868 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation. | |||
| CVE-2026-50003 | 0.00 | — | 0.00 | Jul 4, 2026 | A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths. | |||
| CVE-2026-44628 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record. | |||
| CVE-2026-35505 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart. | |||
| CVE-2026-50254 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator… | |||
| CVE-2026-14355 | 0.00 | — | 0.00 | Jul 4, 2026 | In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the… | |||
| CVE-2026-33592 | 0.00 | — | 0.00 | Jul 4, 2026 | An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered… | |||
| CVE-2026-14631 | mod | 0.21 | 4.3 | 0.00 | Jul 3, 2026 | webpack-dev-server: webpack-dev-server: Denial of Service via malformed headers | ||
| CVE-2026-14620 | mod | 0.24 | 4.7 | 0.00 | Jul 3, 2026 | webpack-dev-server: webpack-dev-server: Arbitrary file opening and denial of service via exposed developer endpoints | ||
| CVE-2026-14615 | mod | 0.28 | 4.3 | 0.00 | Jul 3, 2026 | keycloak-services: keycloak: FGAP v2 parent group children endpoint bypasses per-child view permission filter |
- CVE-2026-14684Jul 6, 2026risk 0.00cvss —epss 0.00
A flaw has been found in HdrHistogram up to 2.2.2. This affects the function org.HdrHistogram.AbstractHistogram.decodeFromByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. This manipulation of the argument numberOfSignificantValueDigits causes…
- CVE-2026-14683Jul 6, 2026risk 0.00cvss —epss 0.00
A vulnerability was detected in HdrHistogram up to 2.2.2. Affected by this issue is the function org.HdrHistogram.AbstractHistogram.decodeFromCompressedByteBuffer of the file src/main/java/org/HdrHistogram/AbstractHistogram.java. The manipulation of the argument…
- CVE-2026-14686Jul 6, 2026risk 0.00cvss —epss 0.00
A vulnerability was found in HdrHistogram up to 2.2.2. This issue affects the function org.HdrHistogram.DoubleHistogram.recordValue of the file src/main/java/org/HdrHistogram/DoubleHistogram.java of the component Range Check. Performing a manipulation results in incorrect…
- CVE-2026-14685Jul 6, 2026risk 0.00cvss —epss 0.00
A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file src/main/java/org/HdrHistogram/AbstractHistogram.java of the component AbstractHistogram. Such manipulation of the argument Count leads to state…
- CVE-2026-14790Jul 6, 2026risk 0.00cvss —epss 0.00
A flaw has been found in GPAC 26.02.0. This affects the function nhmldump_send_frame of the file src/filters/write_nhml.c of the component Media File Handler. Executing a manipulation can lead to null pointer dereference. The attack requires local access. The exploit has been…
- risk 0.50cvss 7.7epss 0.00
stackrox: stackrox: Unbounded GraphQL query depth allows authenticated denial of service
- risk 0.46cvss 8.1epss 0.01
camel-jms: Apache Camel JMS components: Arbitrary Exchange state injection
- risk 0.00cvss —epss 0.00
org.apache.camel/camel-aws2-sns: Apache Camel AWS SNS Component: Defense-in-depth hardening due to improper input validation
- risk 0.27cvss 5.3epss 0.00
org.apache.camel/camel-undertow: Apache Camel Undertow: Information disclosure via error messages containing sensitive data
- risk 0.27cvss 5.3epss 0.00
org.apache.camel/camel-netty-http: Apache Camel Netty HTTP: Information disclosure via error messages containing sensitive data
- risk 0.35cvss 6.5epss 0.00
camel-kafka: Apache Camel Kafka Component: Message redirection and injection via header manipulation
- risk 0.46cvss 8.2epss 0.01
camel-vertx-websocket: Apache Camel Vertx Websocket: Server-Side Request Forgery and sensitive data exposure
- risk 0.42cvss 7.5epss 0.00
org.apache.camel/camel-cxf: Apache Camel CXF SOAP: Remote attacker can execute unintended operations via header manipulation
- risk 0.42cvss 7.5epss 0.00
org.apache.camel/camel-mail: Apache Camel Mail Component: Credential exposure and information disclosure via improper input validation of mail headers
- risk 0.46cvss 8.1epss 0.01
org.apache.camel/camel-vertx-http: Apache Camel (camel-vertx-http): Remote Code Execution via Deserialization of Untrusted Data
- risk 0.35cvss 6.5epss 0.02
camel-docling: Apache Camel Docling: CLI argument injection and path traversal
- risk 0.14cvss 3.3epss 0.00
radare2: radare2: Denial of Service via use-after-free in r_core_bin_load function
- risk 0.14cvss 3.3epss 0.00
radare2: radare2: Denial of Service via local use-after-free vulnerability
- risk 0.14cvss 3.3epss 0.00
radare2: radare2: Denial of Service via heap-based buffer overflow
- risk 0.27cvss 5.3epss 0.00
radare2: Radare2: Integer overflow allows local impact
- risk 0.20cvss 3.1epss 0.00
langgraph: Langgraph: Information Disclosure via Weak Hash in Task Result Cache
- CVE-2026-12481Jul 5, 2026risk 0.00cvss —epss 0.00
A vulnerability in keras-team/keras version 3.14.0 allows for arbitrary code execution due to improper handling of deserialization in the `Lambda` layer. Specifically, the `_raise_for_lambda_deserialization()` function fails to enforce the safe-mode guard when `safe_mode` is set…
- CVE-2026-12252Jul 5, 2026risk 0.00cvss —epss 0.00
In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable…
- CVE-2026-14570Jul 5, 2026risk 0.00cvss —epss 0.01
Crypt::DSA versions before 1.22 for Perl draw the DSA signing nonce and private key from a biased random generator, leading to private-key recovery. "Crypt::DSA::Util::makerandom forces the high bit of every value it returns to obtain an exactly N-bit integer for prime search.…
- CVE-2026-14610Jul 5, 2026risk 0.00cvss —epss 0.00
A flaw has been found in Open Asset Import Library Assimp up to 6.0.5. Impacted is the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. This manipulation causes heap-based buffer overflow. The attack is…
- CVE-2026-53361Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: af_unix: Set gc_in_progress to true in unix_gc(). Igor Ushakov reported that unix_gc() could run with gc_in_progress being false if the work is scheduled while running: Thread 1 Thread 2 …
- CVE-2026-53362Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: ipv6: account for fraggap on the paged allocation path In __ip6_append_data(), when the paged-allocation branch is taken (MSG_MORE / NETIF_F_SG / large fraglen), alloclen and pagedlen are computed as …
- CVE-2026-53359Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad ("KVM: x86: Fix shadow paging use-after-free due to unexpected GFN") fixed a shadow paging mismatch between stored and…
- CVE-2026-53360Jul 5, 2026risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use As per the GHCB spec, when using GHCB v2+ require the software scratch area to reside in the GHCB's shared buffer. Note, things like Page State…
- CVE-2025-71385Jul 5, 2026risk 0.00cvss —epss 0.00
Netdata before 2.3.1 reflects the user-supplied love query parameter of the api/v2/ilove.svg and api/v3/ilove.svg endpoints verbatim into the generated SVG document (into a text element) without HTML or XML escaping, and serves the response with Content-Type image/svg+xml. An…
- CVE-2026-14647Jul 5, 2026risk 0.00cvss —epss 0.00
A weakness has been identified in onnx up to 1.21.x. This vulnerability affects the function convPoolShapeInference_opset19 of the file onnx/defs/nn/old.cc of the component onnxruntime. This manipulation causes out-of-bounds read. It is possible to initiate the attack remotely.…
- risk 0.31cvss 4.8epss 0.00
keycloak-services: keycloak-services: OIDC email_verified claim incorrectly applied to userinfo email
- risk 0.21cvss 3.3epss 0.00
grass: Grass: Denial of Service vulnerability via local manipulation of compiler functions
- risk 0.21cvss 3.3epss 0.00
grass: Grass: Denial of Service in UTF-8 Character Handler
- risk 0.50cvss 8.8epss 0.00
fickling: Fickling: Arbitrary code execution via pickle deserialization bypass
- risk 0.50cvss 8.8epss 0.00
fickling: python: fickling: Arbitrary code execution due to incomplete denylist in deserialization
- CVE-2026-58379Jul 4, 2026risk 0.00cvss —epss 0.00
A flaw was found in GIMP's Paint Shop Pro (PSP) file format parser. This heap buffer overflow vulnerability allows a remote attacker to cause arbitrary code execution or a denial of service (DoS) by tricking a user into opening a specially crafted PSP image file. The…
- CVE-2026-44941Jul 4, 2026risk 0.00cvss —epss 0.01
A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root.
- CVE-2026-14604Jul 4, 2026risk 0.00cvss —epss 0.00
A vulnerability was determined in Open Asset Import Library Assimp up to 6.0.4. Affected is the function Assimp::Exporter::ExportToBlob of the file code/AssetLib/Ply/PlyLoader.cpp of the component PLY Model Handler. This manipulation causes double free. The attack can be…
- CVE-2026-8804Jul 4, 2026risk 0.00cvss —epss 0.00
Puppet resource_api (shipped in Puppet Core 8.x and Puppet Enterprise 2023.8.x and 2025.x) does not preserve the sensitive flag on parameters defined via the resource-api, causing values such as passwords to be stored in cleartext in the agent's local transaction state cache.…
- CVE-2026-52868Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation.
- CVE-2026-50003Jul 4, 2026risk 0.00cvss —epss 0.00
A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths.
- CVE-2026-44628Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record.
- CVE-2026-35505Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart.
- CVE-2026-50254Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator…
- CVE-2026-14355Jul 4, 2026risk 0.00cvss —epss 0.00
In PHP versions 8.2.* before 8.2.32, 8.3.* before 8.3.32, 8.4.* before 8.4.23, 8.5.* before 8.5.8, the AES-WRAP-PAD algorithm implementation in OpenSSL extension contains a buffer allocation flaw. The output buffer for the AES key-wrap-with-padding operation is sized from the…
- CVE-2026-33592Jul 4, 2026risk 0.00cvss —epss 0.00
An unauthenticated remote attacker can exhaust server memory via the FindServers Discovery Service in open62541. The serverUris field of FindServersRequest is not validated for length or array size. An attacker can declare an arbitrarily large string (up to ~3.9 GB) delivered…
- risk 0.21cvss 4.3epss 0.00
webpack-dev-server: webpack-dev-server: Denial of Service via malformed headers
- risk 0.24cvss 4.7epss 0.00
webpack-dev-server: webpack-dev-server: Arbitrary file opening and denial of service via exposed developer endpoints
- risk 0.28cvss 4.3epss 0.00
keycloak-services: keycloak: FGAP v2 parent group children endpoint bypasses per-child view permission filter