|
1731
|
6.1 |
MEDIUM
Network
|
benoitc
|
hackney
|
Sensitive Data Exposure vulnerability in benoitc hackney allows Retrieve Embedded Sensitive Data. The HTTP/3 redirect handler in src/hackney_h3.erl passes the original request headers unchanged to th…
|
CWE-601
Open Redirect
|
CVE-2026-47070
|
2026-05-27 22:55 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1732
|
7.5 |
HIGH
Network
|
benoitc
|
hackney
|
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackney_altsvc.erl does not guarantee fo…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-47066
|
2026-05-27 22:54 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1733
|
7.5 |
HIGH
Network
|
benoitc
|
hackney
|
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The WebSocket client in src/hackney_ws.erl imposes no upper bound on memory consumption in three…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-47073
|
2026-05-27 22:54 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1734
|
7.5 |
HIGH
Network
|
benoitc
|
hackney
|
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackney_h3:await_response_loop/6 accumulates the HTTP/3 response body in memory without any size…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-47077
|
2026-05-27 22:53 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1735
|
5.3 |
MEDIUM
Network
|
benoitc
|
hackney
|
Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in benoitc hackney allows HTTP Response Splitting. The hackney_cookie:setcookie/3 function in src/hackney_cookie.erl validat…
|
CWE-93
CRLF Injection
|
CVE-2026-47069
|
2026-05-27 22:53 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1736
|
7.5 |
HIGH
Network
|
benoitc
|
hackney
|
Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. The URL parser in src/hackney_url.erl converts every unrecognized URL scheme to a permanent BEAM…
|
CWE-770
Allocation of Resources Without Limits or Throttling
|
CVE-2026-47067
|
2026-05-27 22:52 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1737
|
6.5 |
MEDIUM
Local
|
benoitc
|
hackney
|
Interpretation Conflict vulnerability in benoitc hackney allows Server Side Request Forgery. hackney_url:normalize/2 URL-decodes the host component after the URL has been parsed into a #hackney_url{}…
|
CWE-436
CWE-918
Interpretation Conflict
Server-Side Request Forgery (SSRF)
|
CVE-2026-47076
|
2026-05-27 22:51 |
2026-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1738
|
5.5 |
MEDIUM
Local
|
ibm
|
db2
|
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local …
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2025-13755
|
2026-05-27 22:49 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1739
|
9.8 |
CRITICAL
Network
|
nvidia
|
isaac_launchable
|
NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalatio…
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2026-24212
|
2026-05-27 22:48 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1740
|
6.1 |
MEDIUM
Network
|
joomla
|
joomla\!
|
Lack of output escaping leads to a XSS vector in the feed modules.
|
CWE-79
Cross-site Scripting
|
CVE-2026-25900
|
2026-05-27 22:41 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
