Lucene search
K

9469 matches found

NVD
NVD
added yesterday4 views

CVE-2026-45305

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...

8.7CVSS0.00076EPSS
Exploits0References6
Cvelist
Cvelist
added yesterday22 views

CVE-2026-45305 Symfony: YAML Parser ReDoS via Catastrophic Backtracking in Parser::cleanup() Regex

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, Symfony\Component\Yaml\Parser::cleanup used regular expressions with overlapping quantifiers for YAML directive, comment, and document marker cleanup,...

8.7CVSS0.00076EPSS
Exploits0References6
CVE
CVE
added yesterday26 views

CVE-2026-45305

Summary of CVE-2026-45305 (Symfony YAML Parser ReDoS) Symfony’s YAML handling (Symfony\Component\Yaml\Parser::cleanup) can hang parsing crafted input due to the use of overlapping quantifiers in regular expressions for YAML directive, comment, and document marker cleanup. This is a client-side pa...

8.7CVSS6.1AI score0.00076EPSS
Exploits0References6Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in @akshajrawat/plugin-repo-cli (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 596ef9a9a6888c00110ee80e3633052ed89887a8465e9a5eaa824a81e5211e46 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in abuden216 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 136d8dabbba25b7fb10fa921d1eafe01d4f6710465dfc33ad213f02043973b49 The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2 days ago5 views

Malicious code in ishowfeet13 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 20bca534c9132e075eb12129f9986f32127805ef4e81a801de877aaf3a9bda6e The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
NVD
NVD
added 5 days ago6 views

CVE-2026-7639

Software installed and run as a non-privileged user may conduct a sequence of improper GPU system calls causing use after free, which helps in facilitating unprivileged memory access from a shader code. Triggering failure path in the MMU mapping logic by a malicious code could lead to incomplete...

7.8CVSS0.00122EPSS
Exploits0References1
CVE
CVE
added 5 days ago10 views

CVE-2026-41154

CVE-2026-41154 : The issue affects the GPU DDK in the CMA Cleanup Path of AllocOSPages_Sparse. When indexing pages larger than 4kB in the sparse memory page-freeing logic, an incorrect buffer indexing leads to out-of-bounds (OOB) reads/writes in kernel memory, exposed to software running as a non...

7.8CVSS6.1AI score0.00131EPSS
Exploits0References1
Rockylinux
Rockylinux
added 5 days ago8 views

podman security, bug fix, and enhancement update

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The podman tool manages pods, container images, and containers. It is part of...

9.1CVSS6.4AI score0.00533EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

MiracleLinux 8 : container-tools:rhel8 (AXSA:2026-1242:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-1242:01 advisory. net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25679 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE:...

7.5CVSS6.8AI score0.00728EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 5 days ago9 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
OSV
OSV
added 6 days ago3 views

ALPINE-CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS6.1AI score0.00137EPSS
Exploits0References1
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-23556

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked. When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota...

9.4CVSS5.9AI score0.00137EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in mchain-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a5249b7e6ec4cba8f4a3b2d332ec69069c1ca39eabec04a1372500ea25952280 package.json declares a postinstall hook node./src/core/index.js. That module immediately runs a top-level async IIFE that base64-decodes a URL store...

6AI score
Exploits0References2
AstraLinux
AstraLinux
added 6 days ago6 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net/tls: The use-after-free issue in the -EBUSY error handling path of tlsdoencryption has been fixed. The -EBUSY handling in tlsdoencryption, introduced with commit 859054147318 “net: tls: handle backlogging of crypto requests”,...

9.8CVSS5.7AI score0.00263EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 6 days ago8 views

Malicious code in clavue-agent-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 399c0d2f1fabfa46b35810b70797862a0fd469076fa9496549237ab413ccada2 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-10536

A flaw was found in libcurl. This use-after-free vulnerability occurs when an application configures an HTTP/2 stream-dependency tree and then performs a sequence of operations involving curleasyreset and curleasycleanup. During the final cleanup, libcurl attempts to access memory that has alread...

9.8CVSS5.8AI score0.00891EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/07/08 3:22 p.m.4 views

kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntrackhelper. When a connection tracking helper is unregistered, its associated expectations are not properly cleaned up. This oversight can lead to a use-after-free vulnerability, where the system attempts t...

7.8CVSS5.9AI score0.00126EPSS
Exploits0References5
CVE
CVE
added 2026/07/07 1:32 p.m.12 views

CVE-2026-6101

The CVE-2026-6101 entry affects the AMP for WP – Accelerated Mobile Pages WordPress plugin (versions up to and including 1.1.12). The vulnerability arises from unsafe ZIP extraction in ampforwp_save_local_font() plus inadequate cleanup that omits removal of nested directories/files, enabling auth...

7.5CVSS6.7AI score0.00646EPSS
Exploits0References10
OSV
OSV
added 2026/07/07 12:0 a.m.8 views

MAL-2026-6949 Malicious code in vps-adapter-core (npm)

The package 'vps-adapter-core' is a purpose-built malware package published by the npm account 'srm0rgan' [email protected] as part of a coordinated campaign of fake 'Paperclip' VPS-maintenance adapters siblings: paperclip2, vps-maintenance, vps-maintenance-paperclip-adapter, paperclip-host-util...

6.1AI score
Exploits0References5
Rows per page
Query Builder