Lucene search
K

204104 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS7AI score0.02445EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS7AI score0.00228EPSS
Exploits0References7
EUVD
EUVD
added yesterday4 views

EUVD-2025-210433

ownCloud is a file storage, synchronization, and sharing application. In ownCloud 10 prior to version 10.15.3, an attacker with administrative privileges can exploit a path traversal vulnerability in the system to execute arbitrary code. Upgrade ownCloud 10 to version 10.15.3 or later to receive ...

8CVSS6.2AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-55487

A flaw was found in pnpm, a package manager. This vulnerability allows a remote attacker to bypass security checks by manipulating how package source strings are processed. By crafting a specially designed source string, an attacker could trick the system into approving and using a malicious...

8.8CVSS6.2AI score0.00118EPSS
Exploits1References4
CVE
CVE
added yesterday12 views

CVE-2026-13698

CVE-2026-13698 affects OpenVPN across multiple branches (2.5.0–2.5.11, 2.6.0–2.6.20, 2.7_alpha1–2.7.4). The issue is a memory leak that can be triggered by remote attackers possessing a valid tls-crypt-v2 client key, potentially causing denial of service. FreeBSD/Nessus and OSV entries indicate O...

6CVSS6AI score
Exploits0References1
RedHat Linux
RedHat Linux
added yesterday3 views

kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold

A flaw was found in the Linux kernel's Bluetooth SCO Synchronous Connection-Oriented protocol implementation. The scorecvframe function fails to properly hold a reference to a socket after releasing a lock. This oversight allows a concurrent operation to free the socket while it is still being...

8.8CVSS6.2AI score0.003EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday3 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.6AI score0.004EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-50016

A flaw was found in pnpm, a package manager. This vulnerability allows a malicious registry package to include specially crafted dependency aliases that contain path traversal segments. During the installation process, pnpm incorrectly processes these aliases, which can lead to the replacement of...

8.8CVSS6.2AI score0.00326EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-41695

A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by providing specially crafted property path strings to the MappingContext property path resolution. This can lead to resource exhaustion, resulting in a denial of service DoS for affected applications...

7.5CVSS5.9AI score0.00363EPSS
Exploits0References4
CVE
CVE
added yesterday11 views

CVE-2026-4249

The CVE-2026-4249 affects multiple WSO2 products where the throttling event handling accepts unvalidated JSON payloads. The underlying issue is insufficient validation of the structure/content, enabling an unauthenticated remote attacker to inject malicious JSON that can cause a persistent denial...

8.6CVSS6AI score
Exploits0References1
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-14620

A flaw was found in webpack-dev-server. This vulnerability allows a remote attacker to exploit exposed internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, through cross-origin requests. By visiting a malicious website while the development server is...

4.7CVSS6AI score0.00116EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service

A flaw was found in the Linux kernel's bonding driver. A local attacker with low privileges could exploit a use-after-free vulnerability in the bondxmitbroadcast function. This occurs due to a race condition during concurrent slave enslave/release operations, which can lead to the original socket...

7.8CVSS7AI score0.00124EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added yesterday4 views

CVE-2026-14651

A flaw was found in grass, a Sass compiler. This vulnerability allows a local attacker to cause a Denial of Service DoS by manipulating specific functions within the compiler, such as grasscompiler::selector::extend or grasscompiler::evaluate::visitor. This can lead to the compiler becoming...

4.8CVSS5.8AI score0.00115EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added yesterday6 views

nodejs: Node.js WebCrypto: Denial of Service via large input to subtle.encrypt()

A flaw was found in the Node.js WebCrypto implementation. A remote attacker could exploit this vulnerability by providing an input to the subtle.encrypt function that is a multiple of 2 gigabytes GiB. This could lead to a denial of service DoS by crashing the Node.js process...

7.5CVSS5.9AI score0.02445EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday10 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday6 views

python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens

A flaw was found in PyJWT, a Python library for JSON Web Token JWT implementation. When decoding JWTs, the library fails to validate the use of JSON Web Keys JWK in the HMAC algorithm while also supporting asymmetric algorithms. This allows a remote attacker to use the issuer's public key as the...

7.4CVSS5.9AI score0.00394EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added yesterday3 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.2AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday6 views

Node.js: Node.js: Trust-policy bypass due to hostname matching inconsistency

A flaw was found in Node.js. An inconsistency in how Node.js matches hostnames can be exploited by a remote attacker in multi-context mTLS mutual Transport Layer Security setups. This vulnerability allows for a trust-policy bypass, potentially leading to unauthorized access to sensitive informati...

5.4CVSS6.3AI score0.00256EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday4 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
Nuclei
Nuclei
added yesterday109 views

Hongdian H8922 3.0.5 Devices - Local File Inclusion

Hongdian H8922 3.0.5 devices are vulnerable to local file inclusion. The /logdownload.cgi log export handler does not validate user input and allows a remote attacker with minimal privileges to download any file from the device by substituting ../ e.g., ../../etc/passwd This can be carried out wi...

6.5CVSS6.9AI score0.13751EPSS
Exploits1References5
Rows per page
Query Builder