Lucene search
K

1104 matches found

Microsoft CVE
Microsoft CVE
added 2026/06/13 8:2 a.m.5 views

Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

...

7.5CVSS5.8AI score0.00511EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/13 2:21 a.m.8 views

SUSE CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

6.5CVSS5.4AI score0.00511EPSS
Exploits0References8
Rockylinux
Rockylinux
added 2026/06/13 12:3 a.m.19 views

openssl security update

An update is available for openssl. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transpo...

9.1CVSS5.9AI score0.02719EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.12 views

RockyLinux 9 : openssl (RLSA-2026:25239)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25239 advisory. openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing CVE-2026-7383 openssl: OpenSSL: Denial of Service due to...

9.1CVSS6.2AI score0.02719EPSS
Exploits0References31
NVD
NVD
added 2026/06/11 6:16 p.m.13 views

CVE-2026-47157

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS0.00195EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/11 5:18 p.m.11 views

CVE-2026-47157 aiograpi: Unsafe signup challenge path handling

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/11 5:18 p.m.27 views

CVE-2026-47157 aiograpi: Unsafe signup challenge path handling

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS0.00195EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/11 5:18 p.m.13 views

EUVD-2026-36272

aiograpi is an asynchronous Instagram API for Python. aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were relative Instagram API paths. If an attacker can influence a challenge response, for...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 5:18 p.m.24 views

CVE-2026-47157

aiograpi (Python) before 0.9.10 accepted server-supplied signup challenge paths and built request URLs before validating that the paths were relative Instagram API paths. An attacker who can influence a challenge response (e.g., on a local network, via DNS, or via a proxy) could cause challenge h...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.12 views

openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

7.5CVSS5.5AI score0.00511EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.10 views

openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler

A flaw was found in OpenSSL's QUIC PATHCHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATHCHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates...

7.5CVSS5.5AI score0.00511EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.122 views

RHEL 9 : openssl (RHSA-2026:25239)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25239 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.1CVSS6AI score0.02719EPSS
Exploits0References32
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

aiograpi 代码问题漏洞

aiograpi is an asynchronous Instagram API Python library developed by Mark. Versions of aiograpi prior to 0.9.10 contained code vulnerabilities. These vulnerabilities stemmed from accepting registration challenge paths provided by the server and using them to construct the request URL before...

6.5CVSS5.4AI score0.00195EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : OpenSSL vulnerabilities (USN-8414-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8414-1 advisory. Frank Buss discovered that OpenSSL had a heap buffer over-read in ASN.1 content parsing. An attacker could possibly use...

9.1CVSS6.5AI score0.02719EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.19 views

RHEL 10 : openssl (RHSA-2026:25237)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25237 advisory. OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength...

9.1CVSS6AI score0.02719EPSS
Exploits0References32
CVE
CVE
added 2026/06/10 9:50 p.m.27 views

CVE-2026-47165

ImageMagick CVE-2026-47165 (and CVE-2026-47166) affect versions prior to 6.9.13-48 and 7.1.2-23 where the distributed pixel cache lacked a challenge–response authentication model, enabling local attackers with high privileges to access sensitive pixel data. Additionally, CVE-2026-47166 describes ...

4.1CVSS5.4AI score0.00109EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/10 9:50 p.m.8 views

CVE-2026-47165

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 an...

4.1CVSS5.4AI score0.00109EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.12 views

CVE-2026-49955

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:6 p.m.33 views

CVE-2026-46654 Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss

Plonky3 is a toolkit for polynomial IOPs PIOPs. Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5...

8.9CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 8:6 p.m.25 views

CVE-2026-46654

The CVE-2026-46654 issue affects Plonky3’s MultiField32Challenger in the prover transcript handling, where transcript malleability allows an attacker controlling prover-side observations to craft transcripts that yield identical challenges, breaking Fiat-Shamir binding. Root cause: a mismatch bet...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References1
Rows per page
Query Builder