Lucene search
K

23226 matches found

Github Security Blog
Github Security Blog
added 2026/06/25 10:18 p.m.8 views

golang.org/x/crypto: Invoking pathological RSA/DSA parameters may cause DoS

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS6.4AI score0.00415EPSS
Exploits0References29Affected Software1
Cvelist
Cvelist
added 2026/06/25 6:1 p.m.29 views

CVE-2026-56766 Hydra - Stack Buffer Overflow in NTLM Authentication Handler

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS0.01325EPSS
Exploits2References2
Debian CVE
Debian CVE
added 2026/06/25 3:34 p.m.6 views

CVE-2026-55693

Vim is an open source, command line text editor. Prior to 9.2.0653, the treecountwords function in src/spellfile.c fills in the word-count fields of a spell-file word trie by walking it iteratively with a depth counter. The counter is bounded only by the trie structure itself; it is never checked...

8.4CVSS5.8AI score0.00126EPSS
Exploits0
CBLMariner
CBLMariner
added 2026/06/24 1:46 a.m.6 views

CVE-2026-39821 affecting package golang for versions less than 1.25.11-2

CVE-2026-39821 affecting package golang for versions less than 1.25.11-2. A patched version of the package is available...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

6.1CVSS5.9AI score0.00228EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:49 p.m.5 views

CVE-2026-50171

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, a Denial of Service DoS vulnerability exists in the @angular/common package of Angular. The formatNumber functio...

8.2CVSS5.9AI score0.00161EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/22 3:38 p.m.7 views

EUVD-2026-38291

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.9AI score0.00228EPSS
Exploits0References3
Amazon
Amazon
added 2026/06/22 12:0 a.m.7 views

Important: containerd

Issue Overview: Memory exhaustion DoS causing OOM kill of containerd process NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-jpcc-p29g-p8mq CVE-2026-47262 Image cache poisoning via unvalidated checkpoint image references, enabling cross-pod code execution NOTE:...

6AI score0.00412EPSS
Exploits0
Amazon
Amazon
added 2026/06/22 12:0 a.m.6 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions CVE-2026-46243 Affected Packages: kernel Note: This advisory is applicable to Amazon Linux 2 - Kernel-5.10 Extra. Visit this page to learn more about Amazon...

7.8CVSS5.7AI score0.00353EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

TencentOS Server 2: compat-libtiff3 (TSSA-2026:0537)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0537 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : containerd, --advisory ALAS2DOCKER-2026-133 (ALASDOCKER-2026-133)

The version of containerd installed on the remote host is prior to 2.1.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2DOCKER-2026-133 advisory. Memory exhaustion DoS causing OOM kill of containerd process NOTE:...

9.9CVSS6.3AI score0.00412EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-122 (ALASKERNEL-5.10-2026-122)

The version of kernel installed on the remote host is prior to 5.10.255-253.1013. It is, therefore, affected by a vulnerability as referenced in the ALAS2KERNEL-5.10-2026-122 advisory. In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego...

7.8CVSS6.4AI score0.00353EPSS
Exploits4References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : openssl, --advisory ALAS2-2026-3365 (ALAS-2026-3365)

The version of openssl installed on the remote host is prior to 1.0.2k-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3365 advisory. Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitiveelement whose content exceeds 2 gigabytes i...

8.8CVSS6.8AI score0.02719EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2 : perl-IO-Compress, --advisory ALAS2-2026-3355 (ALAS-2026-3355)

The version of perl-IO-Compress installed on the remote host is prior to 2.061-2. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3355 advisory. IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward...

7.8CVSS6.3AI score0.00373EPSS
Exploits3References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2 : httpd, --advisory ALAS2-2026-3379 (ALAS-2026-3379)

The version of httpd installed on the remote host is prior to 2.4.68-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3379 advisory. Use After Free vulnerability in Apache HTTP Server with modldap in per-directory configuration This issue affects Apache HT...

9.8CVSS6AI score0.00805EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Amazon Linux 2 : python-pip, --advisory ALAS2-2026-3358 (ALAS-2026-3358)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3358 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

8CVSS6.2AI score0.0032EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2 : poppler, --advisory ALAS2-2026-3362 (ALAS-2026-3362)

The version of poppler installed on the remote host is prior to 0.26.5-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3362 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.4 views

Amazon Linux 2 : freerdp, --advisory ALAS2-2026-3356 (ALAS-2026-3356)

The version of freerdp installed on the remote host is prior to 2.11.7-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3356 advisory. FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdiCacheToSurface that allows remote attackers to...

9.8CVSS6.5AI score0.03453EPSS
Exploits4References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Jetty9

In the Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that may result in the active connections and associated resources not being properly cleaned up. This can lead to a Denial of Service scenario, where there are not enough...

7.5CVSS6.7AI score0.0227EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: mlxsw: spectrumaclerp: Fixed object nesting warnings ACLs in Spectrum-2 and newer ASICs can reside in the algorithmic TCAM A-TCAM or in the ordinary circuit TCAM C-TCAM. The former can contain more ACLs i.e., tc filters, but t...

5.5CVSS6.3AI score0.00218EPSS
Exploits0References2
Rows per page
Query Builder