Lucene search
+L

557 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/05/13 12:22 a.m.19 views

Patch Tuesday - May 2026

Microsoft is publishing 137 vulnerabilities on May 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the...

9.9CVSS6.6AI score0.72253EPSS
Exploits36
CVE
CVE
added 2026/05/12 4:58 p.m.29 views

CVE-2026-35423

Technical details (affected product, root cause, impact, or fixes) are not publicly available in the provided documents. Monitor for updates from NVD/EUVD/CVE listings for additional specifics.

5.4CVSS5.8AI score0.00747EPSS
Exploits0References1Affected Software14
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:21 p.m.10 views

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

7.8CVSS5.8AI score0.00284EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.18 views

PT-2026-44982

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description A heap-buffer-overflow write can be triggered in the client when connecting to a malicious RDP server that sends crafted RDPGFX PDUs Protocol Data Units. The issue occurs in the gdi CacheToSurface...

9CVSS6.1AI score0.0042EPSS
Exploits1References44
AlmaLinux
AlmaLinux
added 2026/05/04 12:0 a.m.33 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state CVE-2026-23136 kernel: Linux kernel: Use-after-free in traffic control actct may lead to denial of...

9.8CVSS5.9AI score0.96267EPSS
Exploits230References10
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-31609

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in smbdfreesendio after smbdsendbatchflush smbdsendbatchflush...

9.8CVSS6.9AI score0.00457EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/18 12:0 a.m.11 views

securedrop-client 安全漏洞

Securedrop-client is an open-source application developed by the Freedom of the Press Foundation. Versions of Securedrop-client prior to 0.17.4 contain security vulnerabilities. These vulnerabilities stem from improper filename validation during the gzip archive extraction process. Allowing...

7.5CVSS5.9AI score0.00439EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33475

Name of the Vulnerable Software and Affected Versions Firebird client library version FB3 Description The FB3 client library places incorrect data length values into XSQLDA fields when communicating with Firebird servers version FB4 or higher, which leads to an information leak. Recommendations...

7.9CVSS5.7AI score0.00185EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.8 views

PT-2026-33810

Summary [email protected] is vulnerable to denial of service through unbounded memory growth while processing directory listings from a remote FTP server. A malicious or compromised server can send an extremely large or never-ending listing response to Client.list, causing the client process to...

7.5CVSS6.2AI score
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/13 12:31 p.m.10 views

com.digitalpebble.stormcrawler:storm-crawler-aws (>=2.0 <=2.11), com.digitalpebble.stormcrawler:storm-crawler-core (>=2.0 <=2.11) +77 more potentially affected by CVE-2026-35337 via org.apache.storm:storm-client (>=2.0.0 <=2.8.5)

org.apache.storm:storm-client MAVEN version =2.0.0, =2.0, =2.0, =2.0, =2.0, =2.0, =2.7, =2.0, =2.0, =2.0, =2.1, =2.6.3.1, =2.4.0, =2.4.0, =2.4.0, =2.0.0, =2.8.5 and more Source cves: CVE-2026-35337 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16067036...

8.8CVSS5.8AI score0.01011EPSS
Exploits0
EUVD
EUVD
added 2026/04/08 12:30 a.m.11 views

EUVD-2026-19961

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.3AI score0.00755EPSS
Exploits0References7
NVD
NVD
added 2026/04/07 10:16 p.m.6 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS0.00755EPSS
Exploits0References8
OSV
OSV
added 2026/04/07 10:16 p.m.3 views

DEBIAN-CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00755EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 10:16 p.m.6 views

ALPINE-CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.2AI score0.00755EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/07 10:0 p.m.4 views

CVE-2026-28387 Potential Use-after-free in DANE Client Code

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

6.2AI score0.00755EPSS
Exploits0References6
CVE
CVE
added 2026/04/07 10:0 p.m.165 views

CVE-2026-28387

CVE-2026-28387 is a vulnerability in the DANE client code of OpenSSL related to an uncommon TLSA record configuration that may cause a use-after-free or double-free on the client. Public advisories across multiple vendors confirm the issue and reference OpenSSL versions affected and available fix...

8.1CVSS6.3AI score0.00755EPSS
Exploits0References8Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/07 10:0 p.m.14 views

CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

8.1CVSS6.3AI score0.00755EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/01 4:24 p.m.6 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.6AI score0.00537EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/04/01 9:8 a.m.7 views

freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...

7.5CVSS5.9AI score0.00481EPSS
Exploits1References10
RedHat Linux
RedHat Linux
added 2026/03/30 11:2 a.m.6 views

freerdp: FreeRDP: Arbitrary code execution via heap buffer overflow in GDI surface pipeline

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A malicious RDP server can exploit a heap buffer overflow vulnerability by sending a specially crafted graphics command to a FreeRDP client. This allows the server to write data outside of its intended memory...

8.8CVSS6.6AI score0.00537EPSS
Exploits1References6
Rows per page
Query Builder