Lucene search
K

8969 matches found

OSV
OSV
added 2026/06/17 2:45 p.m.5 views

SUSE-SU-2026:2438-1 Security update for alloy

This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. - CVE-2026-25934: github.com/go-git/go-git/v5:...

9.1CVSS6.5AI score0.01557EPSS
Exploits1References13
NVD
NVD
added 2026/06/17 1:20 p.m.10 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS0.00239EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 10:7 a.m.20 views

CVE-2026-12491

CVE-2026-12491 affects the vLLM library used for LLM inference. The issue stems from improper handling of image metadata during image processing, specifically EXIF orientation and PNG transparency (tRNS). When converting images to RGB, transparency information may be discarded or remapped, causin...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 10:7 a.m.11 views

CVE-2026-12491

A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from improper handling of image metadata, specifically EXIF orientation and PNG transparency tRNS data, during image processing. When images are converted to RGB, transparency informatio...

4.8CVSS5.3AI score0.00239EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.11 views

CVE-2026-48096

A flaw was found in OpenFGA, an authorization/permission engine. When iterator caching is enabled, distinct authorization check requests can generate identical cache keys. This can cause OpenFGA to reuse an outdated or incorrect cached result for subsequent requests. Such a flaw may lead to...

5.3CVSS5.2AI score0.00101EPSS
Exploits0References5
Redos
Redos
added 2026/06/15 12:0 a.m.7 views

ROS-20260615-73-0022

The vulnerability of the xfAppUpdateWindowFromSurface function in the RDP client FreeRDP relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

9.8CVSS8.3AI score0.00587EPSS
Exploits1
Redos
Redos
added 2026/06/15 12:0 a.m.10 views

ROS-20260615-73-0040

The vulnerability of the resizevbarentry function in the RDP client FreeRDP is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.5CVSS5.2AI score0.00398EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/13 2:34 a.m.14 views

CVE-2026-54057

A flaw was found in Kitty, a cross-platform GPU-based terminal. An input sanitization vulnerability in Kitty's OSC 21 color-control query reply allows an attacker to inject controlled bytes, including newlines, directly into the shell's input. This could enable an attacker to execute arbitrary co...

7.8CVSS5.5AI score0.00166EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2024-55617

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 11:16 p.m.8 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS0.00222EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 9:54 p.m.20 views

CVE-2024-21944

CVE-2024-21944 maps to an AMD SEV-SNP/ASP issue where SPD metadata can be improperly validated. Research show BadRAM-style exploits that can cause a memory module to misreport size, enabling a local attacker with ring0 or physical access to overwrite guest memory and compromise guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 9:54 p.m.9 views

CVE-2024-21944

Improper input validation for DIMM serial presence detect SPD metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integri...

5.3CVSS6.9AI score0.00222EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 1:55 p.m.13 views

CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 1:55 p.m.22 views

CVE-2026-53469

Migration-planner is affected. An authenticated user can issue a DELETE to /api/v1/sources that is not properly authorized/filtered, permitting destruction of all tenant data (sources, agents, assessments) and causing critical loss of availability and integrity across the SaaS platform. Affected ...

9.1CVSS5.5AI score0.00288EPSS
Exploits0References3Affected Software1
Redos
Redos
added 2026/06/10 12:0 a.m.8 views

ROS-20260610-73-0020

The vulnerability of the Layout component: Texts and fonts in Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to the use of memory after it is released. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility o...

9.8CVSS5.5AI score0.00483EPSS
Exploits0
EUVD
EUVD
added 2026/06/09 12:21 a.m.13 views

EUVD-2026-35286

The Remote Function Call RFC modules of the Operational Data Provisioning Data Replication API ODP-RFC are missing caller identification of permitted SAP-internal applications and are being used by customer or third-party applications in ways that are not aligned with its intended usage. Which...

6.6CVSS5.5AI score0.00219EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 12:21 a.m.39 views

CVE-2026-44751 Missing Authorization check in Application Server ABAP of SAP NetWeaver and ABAP Platform

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS0.00207EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 4:24 a.m.13 views

CVE-2026-10803

A flaw was found in MLflow. This vulnerability stems from the use of a weak hash algorithm within the Dataset Digest Computation component. A local attacker could potentially exploit this weakness, which may impact the integrity or authenticity of data. Exploitation is considered difficult due to...

3.6CVSS5.4AI score0.00103EPSS
Exploits1References10
RedhatCVE
RedhatCVE
added 2026/06/05 7:38 p.m.12 views

CVE-2026-34298

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...

4.7CVSS7.3AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

5.3CVSS5.4AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder