Lucene search
K

760 matches found

NVD
NVD
added yesterday7 views

CVE-2026-59874

node-tar is a tar archive manipulation library for Node.js. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to make no progress while repeatedly parsing the same header. This issue is fixed in version 7.5.18...

8.7CVSS
Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-59874

node-tar is a Node.js tar archive library. Prior to 7.5.18, tar.replace accepts a checksum-valid tar header with a negative base-256 encoded entry size, causing the archive scanner to loop on the same header and make no progress; this is fixed in version 7.5.18. Upgrade to 7.5.18 to remediate. Th...

8.7CVSS5.9AI score
Exploits0References3
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-ENVOY-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS5.8AI score0.00219EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 5:23 p.m.34 views

CVE-2026-47775 Envoy OAuth2 Filter: Padding Oracle via AES-256-CBC Cookie Decryption

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, the OAuth2 HTTP filter's encrypt/decrypt functions use AES-256-CBC without an authentication tag no HMAC, no AEAD. The /callback endpoint returns HTTP 302 on...

6.8CVSS0.00219EPSS
Exploits1References1
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53138

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

5.1CVSS5.7AI score0.00126EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38906

In the Linux kernel, the following vulnerability has been resolved: imafs: Correctly create securityfs files for unsupported hash algos imatpmchip-allocatedbanksi.cryptoid is initialized to HASHALGOLAST if the TPM algorithm is not supported. However there are places relying on the algorithm to be...

5.7AI score0.00168EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 12:16 a.m.8 views

CVE-2026-6458

Missing cryptographic step in Caliptra Core Firmware aes256gcmupdate module results in an incorrect GCM authentication tag. When the streaming AES-256-GCM API is used with empty AAD, the hardware GHASH accumulator state is not saved after the first update call, causing the final tag to exclude th...

5.1CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 11:49 p.m.10 views

CVE-2026-6458

CVE-2026-6458 involves the Caliptra Core Firmware (aes_256_gcm_update module) where a missing cryptographic step in the streaming AES-256-GCM API with empty AAD leads to the hardware GHASH accumulator state not being saved after the first update. As a result, the final GCM authentication tag does...

5.1CVSS5.8AI score0.00128EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: mt76: fixed the crash in monitor mode with the sdio driver. The mt7921s driver may receive frames with fragment buffers. If a CTS packet is received in monitor mode, the payload is only 10 bytes, and 6 bytes of header padding ...

5.5CVSS6.6AI score0.00231EPSS
Exploits0References2
Fedora
Fedora
added 2026/06/16 1:3 a.m.17 views

[SECURITY] Fedora 44 Update: 7zip-26.01-1.fc44

7-Zip is a file archiver with a high compression ratio. The main features of 7-Zip are: High compression ratio in 7z format with LZMA and LZMA2 compression Supported formats: Packing / unpacking: 7z, XZ, BZIP2, GZIP, TAR, ZIP and WIM Unpacking only: AR, ARJ, CAB, CHM, CPIO, CramFS, DMG, EXT, FAT,...

8.8CVSS5.3AI score0.00938EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.8 views

Alibaba Cloud Linux 3 : 0155: postgresql-jdbc (ALINUX3-SA-2026:0155)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0155 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-42198: pgjdbc is an open source postgresql...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.15 views

PT-2026-49582

Name of the Vulnerable Software and Affected Versions Angular versions prior to 22.0.1 Angular versions prior to 21.2.17 Angular versions prior to 20.3.25 Description Angular's HttpTransferCache caches HTTP requests during Server-Side Rendering SSR to be reused during client-side hydration,...

8.8CVSS5.8AI score0.0009EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.10 views

MiracleLinux 8 : postgresql-jdbc-42.2.14-4.el8_10 (AXSA:2026-782:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2026-782:01 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding...

7.5CVSS7.3AI score0.0077EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/11 12:5 p.m.13 views

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management...

7.5CVSS7.2AI score0.0077EPSS
Exploits0
OSV
OSV
added 2026/06/11 6:0 a.m.6 views

RLSA-2026:25030 Important: postgresql-jdbc security update

PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database. Security Fixes: jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authenticati...

7.5CVSS5.5AI score0.0077EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/11 6:0 a.m.13 views

postgresql-jdbc security update

An update is available for postgresql-jdbc. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PostgreSQL is an advanced object-relational database management syste...

7.5CVSS5.5AI score0.0077EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.5 views

AlmaLinux 8 : postgresql-jdbc (ALSA-2026:25030)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2026:25030 advisory. jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication CVE-2026-42198 Tenable has extracted the preceding descripti...

7.5CVSS5.6AI score0.0077EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 9:58 a.m.9 views

jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication

A flaw was found in pgjdbc, an open-source PostgreSQL JDBC Driver. A malicious server can exploit this vulnerability by instructing the driver to perform SCRAM-SHA-256 Salted Challenge Response Authentication Mechanism Secure Hash Algorithm 256 authentication with an excessively large iteration...

7.5CVSS7.1AI score0.0077EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.5 views

openSUSE 16 Security Update : postgresql-jdbc (openSUSE-SU-2026:20847-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20847-1 advisory. This update for postgresql-jdbc fixes the following issue - CVE-2026-42198: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication...

7.5CVSS7.2AI score0.0077EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 1:54 p.m.11 views

JLSEC-2026-605

Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed...

8.2CVSS5.5AI score0.00558EPSS
Exploits0References1
Rows per page
Query Builder