Vulnerabilities
Vulnerable Software
Security Vulnerabilities
By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper bound on memory allocation for unacknowledged frames, a malicious server can exhaust all available memory by flooding curl with rapid, sequential PING messages.
CVSS Score
7.5
EPSS Score
0.006
Published
2026-07-03
Successfully using libcurl to do a transfer to a specific HTTP origin (`hostA`) with **Digest** authentication and then changing the origin to a different one (`hostB`) for a second transfer, reusing the same handle, makes libcurl wrongly pass on the `Authorization:` header field meant for `hostA`, to `hostB`.
CVSS Score
9.8
EPSS Score
0.008
Published
2026-07-03
Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.006
Published
2026-07-02
Incorrect authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.8
EPSS Score
0.006
Published
2026-07-02
Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.006
Published
2026-07-02
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.3
EPSS Score
0.005
Published
2026-07-02
Improper access control in Azure Synapse allows an authorized attacker to elevate privileges over a network.
CVSS Score
4.8
EPSS Score
0.003
Published
2026-07-02
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart. Continued exploitation would cause a denial of service. The function reassemble_v2_incoming_fragments() would ignore unknown outer payloads but still store these in a fixed size array msg_digest.digest[PAYLIMIT]. An off-by-one error in the assertion PASSERT(logger, md->digest_roof < elemsof(md->digest)) causes the daemon to abort. No remote code execution is possible. Any configuration that allows IKEv2 connections that do not set fragmentation=no are vulnerable. IKEv1 is not affected.
CVSS Score
7.5
EPSS Score
0.006
Published
2026-07-02
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCS_MAVLink/GCS_serial_control.cpp in GCS_MAVLINK::handle_serial_control().
CVSS Score
9.1
EPSS Score
0.004
Published
2026-07-02
ntopng through 6.6 is vulnerable to Predictable Session Identifier which can lead to Session Hijacking. HTTP session identifiers in src/HTTPserver.cpp use weak time-seeded pseudo-randomness during session creation. As a result, fresh authenticated logins can receive deterministic or colliding session cookies under attacker-controlled timing.
CVSS Score
9.8
EPSS Score
0.004
Published
2026-07-02


Contact Us

Shodan ® - All rights reserved