Lucene search
K

1706 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.10 views

AlmaLinux 10 : jq (ALSA-2026:16692)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:16692 advisory. jq: out-of-bounds read in jvparsesized on error formatting for non-NUL-terminated buffers CVE-2026-39979 jq: jq: Denial of Service via crafted JSON obje...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References4
OSV
OSV
added 2026/05/14 9:16 p.m.5 views

DEBIAN-CVE-2026-44673

libyang is a YANG data modeling language library. Prior to SO 5.2.15, lybreadstring in src/parserlyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciously crafted LYB binary blob. An attacker who can supply LYB data to any libyang consumer NETCONF server...

7.5CVSS6AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 12:4 p.m.10 views

RLSA-2026:16693 Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References3
CVE
CVE
added 2026/05/13 2:37 p.m.24 views

CVE-2026-44288

CVE-2026-44288 affects protobufjs: prior to versions 7.5.6 and 8.0.2, its minimal UTF-8 decoder accepted overlong UTF-8 byte sequences and decoded them to canonical characters instead of replacing them. If an attacker supplies protobuf binary data decoded through that path, downstream checks that...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/13 6:58 a.m.9 views

freerdp: FreeRDP: Denial of Service via crafted audio data in RDP

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker can exploit a sizet underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a...

9.8CVSS5.8AI score0.00317EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/13 6:48 a.m.10 views

freerdp: FreeRDP: Denial of Service via crafted audio data in RDP

A flaw was found in FreeRDP, a free implementation of the Remote Desktop Protocol RDP. A remote attacker can exploit a sizet underflow vulnerability in the IMA-ADPCM and MS-ADPCM audio decoders by sending specially crafted audio data over the RDPSND audio channel. This underflow leads to a...

9.8CVSS5.8AI score0.00317EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/12 4:7 p.m.8 views

jq: jq: Denial of Service via crafted JSON object causing hash collisions

A flaw was found in jq, a command-line JSON processor. A remote attacker could exploit this vulnerability by providing a specially crafted JSON object. This object leverages a weakness in jq's hashing algorithm, which uses a hardcoded, publicly known seed. By crafting the JSON object to cause has...

7.5CVSS5.8AI score0.00366EPSS
Exploits0References6
AlmaLinux
AlmaLinux
added 2026/05/12 12:0 a.m.9 views

Important: jq security update

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fixes: jq: out-of-bounds read in...

8.2CVSS5.8AI score0.00559EPSS
Exploits1References6
Snyk
Snyk
added 2026/05/07 12:20 a.m.13 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Lz4FrameDecoder component. An attacker can cause excessive memory allocation by sending specially crafted compressed data with manipulated header fields, leading to resource...

8.7CVSS5.8AI score0.00429EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/07 12:20 a.m.18 views

Allocation of Resources Without Limits or Throttling

Overview io.netty:netty-codec is an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Lz4FrameDecoder component. An attacker can cause excessive memory allocation by sending...

8.7CVSS5.8AI score0.00429EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/05 11:27 a.m.8 views

CVE-2026-40048

A flaw was found in Apache Camel. The FileBasedKeyLifecycleManager class deserializes key files without proper validation, allowing an attacker who can write to the key directory to place a specially crafted serialized Java object. When this object is deserialized during normal key operations, it...

7.8CVSS6.3AI score0.00342EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/01 5:14 p.m.8 views

CVE-2026-41409

A flaw was found in Apache MINA. An incomplete fix for a deserialization vulnerability in the AbstractIoBuffer.getObject method allowed a static initializer in a class to be executed before the classname allowlist was applied. This could enable a remote attacker to execute arbitrary code by sendi...

9.8CVSS6.2AI score0.00451EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.7 views

PT-2026-36352

Name of the Vulnerable Software and Affected Versions hashcat version 7.1.2 Description A heap-based buffer overflow exists in the Kerberos hash parser. The issue occurs within the module hash decode function across several Kerberos-related modules. It is caused by the account info len variable...

9.8CVSS6.3AI score0.00304EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.30 views

CVE-2026-42474

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php...

0.00201EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 5:41 p.m.14 views

CVE-2026-6807

GRASSMARLIN v3.2.1 exposes an XML External Entity (XXE) vulnerability. A crafted session data input can trigger improper XML parsing, potentially leaking sensitive information. A public exploit PoC indicates OOB file exfiltration via an external DTD reference, with the attacker able to base64-enc...

5.5CVSS5.2AI score0.00197EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 12:1 p.m.14 views

RLSA-2026:8945 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution v...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References3
OSV
OSV
added 2026/04/22 7:18 p.m.7 views

GHSA-VC34-39Q2-M6Q3 nimiq-account: Vesting insufficient funds error can panic

Impact VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is attacker-reachable because the vesting contract creation data 32-byte format allows encoding totalamount...

5.3CVSS5.8AI score0.00275EPSS
Exploits0References6
NVD
NVD
added 2026/04/20 4:16 a.m.23 views

CVE-2026-32964

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS0.00277EPSS
Exploits0References3
AlmaLinux
AlmaLinux
added 2026/04/20 12:0 a.m.8 views

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution v...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.7 views

PT-2026-33702

SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences 'CRLF Injection' vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration...

6.9CVSS5.9AI score0.00277EPSS
Exploits0References4
Rows per page
Query Builder