Lucene search
K

552 matches found

Cvelist
Cvelist
added 5 days ago38 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.3CVSS0.00578EPSS
Exploits0References1
CVE
CVE
added last week9 views

CVE-2026-54759

SiYuan’s Lute HTML sanitizer (prior to version 3.7.0) fails to remove elements. When combined with the SiYuan Electron client’s permissive security configuration, a malicious in a Bazaar package README can trigger arbitrary command execution on the victim’s machine when package details are view...

8.7CVSS6.1AI score0.00262EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in rsync

A vulnerability was discovered in rsync prior to version 3.2.5. This vulnerability allows malicious remote servers to write arbitrary files into the directories of connecting peers. The server determines which files/directories are sent to the client. However, the rsync client lacks sufficient...

7.4CVSS7.7AI score0.0165EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in mbedtls

In Mbed TLS versions prior to 2.28.10, and 3.x versions prior to 3.6.3, on the client side, servers with trusted certificates for arbitrary hostnames are accepted, unless the TLS client application calls mbedtlssslsethostname...

5.4CVSS6AI score0.00184EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.11 views

EulerOS Virtualization 2.13.1 : openssl (EulerOS-SA-2026-2383)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Issue summary: During processing of a crafted CMS EnvelopedData message with KeyAgreeRecipientInfo a NULL pointer dereference can...

8.1CVSS6.4AI score0.00885EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35480

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

6AI score0.00245EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 5:6 p.m.28 views

CVE-2026-42985 Remote Desktop Client Remote Code Execution Vulnerability

...

8.8CVSS0.00981EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.31 views

CVE-2026-45608 Windows DHCP Client Information Disclosure Vulnerability

...

6.8CVSS0.00338EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 5:5 p.m.34 views

CVE-2026-47653 Remote Desktop Client Remote Code Execution Vulnerability

...

8.8CVSS0.00602EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.10 views

PT-2026-47931

Name of the Vulnerable Software and Affected Versions Windows DHCP Client affected versions not specified Description A stack-based buffer overflow exists in the Windows DHCP Client, allowing an unauthorized remote attacker to execute arbitrary code over a network and affect the system. The issue...

10CVSS6.7AI score0.011EPSS
Exploits0References19
RedhatCVE
RedhatCVE
added 2026/06/08 8:59 p.m.12 views

CVE-2026-44421

A heap-buffer-overflow vulnerability exists in FreeRDP when handling Remote Desktop Protocol Graphics RDPGFX. A malicious or compromised RDP server can exploit this flaw by sending specially crafted graphics packets to a connected client, potentially crashing the client application Denial of...

8.8CVSS6.1AI score0.0042EPSS
Exploits1References4
Amazon
Amazon
added 2026/06/08 12:0 a.m.9 views

Important: ruby3.4

Issue Overview: zlib is a Ruby interface for the zlib compression/decompression library. Versions 3.0.0 and below, 3.1.0, 3.1.1, 3.2.0 and 3.2.1 contain a buffer overflow vulnerability in the Zlib::GzipReader. The zstreambufferungets function prepends caller-provided bytes ahead of previously...

9.8CVSS7.5AI score0.00685EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.12 views

CVE-2026-25874

LeRobot through 0.5.1 contains an unsafe deserialization vulnerability in the async inference pipeline where pickle.loads is used to deserialize data received over unauthenticated gRPC channels without TLS in the policy server and robot client components. An unauthenticated network-reachable...

9.8CVSS6.6AI score0.15547EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.25 views

Linux Distros Unpatched Vulnerability : CVE-2026-46185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - smb/client: fix out-of-bounds read in symlinkdata Since smb2checkmessage returns success without length validation for the symlink error response, in symlinkdat...

9.1CVSS6.1AI score0.00513EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

pyjwt 代码问题漏洞

PyJWT is a Python library developed by José Padilla of the United States. It allows for the encoding and decoding of JSON Web Tokens JWTs. Prior to version 2.13.0, there were code vulnerabilities in PyJWT. These vulnerabilities stemmed from PyJWKClient directly passing the uri parameter to...

4.2CVSS6AI score0.00181EPSS
Exploits1References1
NVD
NVD
added 2026/05/26 10:16 p.m.16 views

CVE-2026-44900

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. Prior to 1.2.1, in SignedPublicKeysTrustValidatorImpl.isTrusted, the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify. The method performs certificate chain...

8.1CVSS0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43209

Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by submitting an excessively long string in the password field. Attackers can paste a buffer of repeated characters into the password input field to trigger an application...

8.7CVSS6AI score0.00386EPSS
Exploits0References6
Rapid7 Blog
Rapid7 Blog
added 2026/05/13 12:22 a.m.14 views

Patch Tuesday - May 2026

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the...

9.9CVSS6.6AI score0.72253EPSS
Exploits35
CVE
CVE
added 2026/05/12 4:58 p.m.21 views

CVE-2026-35423

Technical details (affected product, root cause, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from NVD/EUVD/CVE listings for additional specifics.

5.4CVSS5.8AI score0.00747EPSS
Exploits0References1Affected Software14
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 p.m.8 views

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder