24h | 7d | 30d

Overview

  • owasp-modsecurity
  • ModSecurity

10 Jul 2026
Published
10 Jul 2026
Updated

CVSS v3.1
HIGH (8.6)
EPSS
0.46%

KEV

Description

ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. Prior to 3.0.16, the multipart/form-data request body parser in libmodsecurity silently removes embedded line breaks from non-file form-field values before exporting them to ARGS and ARGS_POST because src/request_body_processor/multipart.cc overwrites reserved bytes in m_reserve instead of appending the current buffer. This creates a parser differential between ModSecurity and backend applications that preserve line breaks in form fields, allowing rules that inspect ARGS or ARGS_POST to miss payloads whose dangerous syntax depends on a line break. This issue is fixed in version 3.0.16.

Statistics

  • 1 Post

Last activity: 16 hours ago

Fediverse

Profile picture fallback

CVE-2026-52747 - WAF bypass in ModSecurity <3.0.16. Multipart parser silently removes line breaks, creating parser differential vs backend. CVSS 8.6. No patch available. Upgrade to 3.0.16 immediately. #CVE #ModSecurity #infosec

valtersit.com/cve/CVE-2026-527

  • 0
  • 0
  • 0
  • 16h ago

Overview

  • Centreon
  • Infra Monitoring
  • centreon-open-tickets

13 Jul 2026
Published
13 Jul 2026
Updated

CVSS v3.1
CRITICAL (9.6)
EPSS
0.48%

KEV

Description

This vulnerability is a critical Server-Side Template Injection (SSTI) in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The message_confirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to inject and execute arbitrary code on the server. This results in disclosure of environment secrets and could impact platform availability of Centreon Infra Monitoring product.

Statistics

  • 1 Post

Last activity: 6 hours ago

Fediverse

Profile picture fallback

CVE-2026-14453: Centreon Infra Monitoring v24.10.0 & v25.10.0 have a CRITICAL SSTI flaw in centreon-open-tickets. Authenticated users can inject code via unsanitized message_confirm, leading to RCE & secret exposure. Patch ASAP. radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 6h ago

Overview

  • zephyrproject
  • zephyr
  • zephyr

12 Jul 2026
Published
12 Jul 2026
Updated

CVSS v3.1
HIGH (8.1)
EPSS
0.35%

KEV

Description

parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LEN + 1]) using a length of str_len - end - 1, where str_len is the full, unbounded input length and end is only the (<=15-byte) offset of the ':' delimiter. Because the destination size is never consulted, a crafted address string with a long suffix after the colon (e.g. "1.2.3.4:" followed by hundreds of bytes) causes an out-of-bounds stack write whose length and contents are fully attacker-controlled (memcpy of the suffix plus a trailing NUL), enabling memory corruption and at minimum a denial of service, and potentially control-flow hijack. The parser is reached from the standard socket API (zsock_getaddrinfo / literal-address resolution), DNS server-string configuration, and the eswifi Wi-Fi co-processor DNS-response path, so an application that resolves a network-influenced address string is exposed. The bug was introduced when the parser was added (Zephyr v1.9.0) and shipped in all releases through v4.4.0. The fix removes the unbounded copy and validates the port length before copying into a small dedicated buffer. Note: the equivalent IPv6 "[addr]:port" path in parse_ipv6() retains the same unbounded copy at this commit and remains a separate, still-reachable instance of the defect.

Statistics

  • 1 Post

Last activity: 22 hours ago

Fediverse

Profile picture fallback

A new vulnerability with increased severity was disclosed for zephyrproject zephyr (CVE-2026-10666) vuldb.com/vuln/377882

  • 0
  • 0
  • 0
  • 22h ago

Overview

  • Veeam
  • Backup and Replication

09 Jun 2026
Published
10 Jun 2026
Updated

CVSS v4.0
CRITICAL (9.4)
EPSS
2.04%

KEV

Description

A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

A critical Veeam Backup vulnerability (CVE-2026-44963) allows remote code execution. Patch immediately to avoid ransomware targeting CVE-2023-27532.

securityonline.info/cve-2026-4

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Veeam Backup & Replication

10 Mar 2023
Published
21 Oct 2025
Updated

CVSS
Pending
EPSS
77.61%

Description

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may lead to gaining access to the backup infrastructure hosts.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture fallback

A critical Veeam Backup vulnerability (CVE-2026-44963) allows remote code execution. Patch immediately to avoid ransomware targeting CVE-2023-27532.

securityonline.info/cve-2026-4

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • rabbitmq
  • rabbitmq-server

10 Jul 2026
Published
10 Jul 2026
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
Pending

KEV

Description

RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ does not perform authorization checks on passive queue.declare and exchange.declare AMQP 0-9-1 operations, allowing any authenticated user who can connect to a virtual host to enumerate queue and exchange names and read queue message and consumer counts. This issue is fixed in versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6.

Statistics

  • 1 Post

Last activity: Last hour

Bluesky

Profile picture fallback
RabbitMQ flaws CVE-2026-5721 and CVE-2026-57221 can expose OAuth secrets and enable queue and exchange enumeration, raising risks in shared or internet-exposed deployments. #RabbitMQ #OAuth #CVE2026
  • 0
  • 0
  • 0
  • Last hour
Showing 31 to 36 of 36 CVEs