Lucene search
K

3118 matches found

CVE
CVE
added yesterday11 views

CVE-2026-40468

Integer overflow vulnerability has been found in "builtin.c" program file of gawk. This issue may lead to memory exhaustion on the hosting operating system and could be used to overwrite gawk heap metadata and objects with attacker-controlled bytes. It affects gawk in versions 5.4.0 and below...

9.1CVSS6AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 4 days ago7 views

CVE-2026-53449

A flaw was found in Coturn, an open-source TURN and STUN server. An authenticated administrator with command-line interface CLI access could exploit a vulnerability in the psd print sessions dump command. This flaw allows the administrator to overwrite arbitrary files on the system that are...

6CVSS6.2AI score0.00176EPSS
Exploits0References6
NVD
NVD
added 5 days ago8 views

CVE-2026-0284

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

9.9CVSS0.00498EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago8 views

EUVD-2026-42677

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score0.00498EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-0284

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS6AI score0.00498EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago39 views

CVE-2026-0284 PAN-OS: XML Injection Vulnerability in Large Scale VPN (LSVPN)

An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS® software enables an unauthenticated attacker with network access to inject malicious XML content, potentially leading to information disclosure or corruption of internal LSVPN satellite data...

7.8CVSS0.00498EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 6 days ago6 views

Palo Alto Networks PAN-OS 10.2.x / 11.1.x / 11.2.x / 12.1.x Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is a vulnerable version of 10.2.x, 11.1.x, 11.2.x, or 12.1.x. It is, therefore, affected by a vulnerability. An XML injection vulnerability in the Large Scale VPN LSVPN functionality of Palo Alto Networks PAN-OS software enables ...

9.9CVSS6.1AI score0.00498EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/06 7:51 p.m.7 views

EUVD-2026-24978

comm: lossy UTF-8 conversion silently corrupts non-UTF-8 output...

3.3CVSS5.9AI score0.00176EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/07/01 4:57 p.m.7 views

CVE-2026-53356

A flaw was found in the Linux kernel's drm/i915/gem component. This vulnerability occurs because the sgpage function incorrectly scales pread/pwrite operations for physical Buffer Objects BO when a non-zero offset is used. This can lead to incorrect memory access, potentially allowing an attacker...

5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 9:55 p.m.9 views

CVE-2026-54905

A flaw was found in concurrent-ruby. The Concurrent::ReentrantReadWriteLock component can incorrectly grant a write lock to a thread while other threads still hold or can acquire read locks. This occurs when a thread acquires a read lock 32,768 times, causing an internal counter to incorrectly...

5.5CVSS5.6AI score0.00106EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.7 views

CVE-2026-53004

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. An unprivileged local user could exploit an out-of-bounds write vulnerability in the sctpgetsockoptpeerauthchunks function. This occurs due to an incorrect size check, allowing the kernel to write pas...

5.5CVSS6AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.10 views

CVE-2026-53049

A flaw was found in the Linux kernel's Global File System 2 GFS2 component. The gfs2logd function, responsible for log flushing, calls several log flushing functions without holding the required lock. This omission allows concurrent transactions to access shared resources without proper exclusion...

9.8CVSS5.8AI score0.00509EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.8 views

CVE-2026-53062

A flaw was found in the Linux kernel's device-mapper dm cache policy, specifically within the smq module. In passthrough mode, the invalidatemapping operation lacks proper locking, allowing for concurrent access. This can lead to data races, resulting in data corruption or use-after-free issues,...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 5:17 p.m.5 views

CVE-2026-54906

A flaw was found in concurrent-ruby, a Ruby library for managing concurrent operations. The Concurrent::ReadWriteLock component contains a synchronization issue where write locks can be released by unauthorized threads. This could allow multiple threads to write concurrently, potentially leading ...

9.8CVSS5.7AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 2:9 a.m.12 views

CVE-2026-23879

A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...

8CVSS6.1AI score0.00404EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 8:16 p.m.3 views

UBUNTU-CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.1AI score0.00404EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: Fixed to avoid mapping the wrong physical block for the swapfile. Xiaolong Guo reported a bug related to f2fs in bugzilla 1. 1 https://bugzilla.kernel.org/showbug.cgi?id=220951 Quoted: “When using the stress-ng swap stress...

7.8CVSS5.5AI score0.0016EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/21 5:9 p.m.5 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper validation in the XMLParseBuffer function. An attacker can cause unexpected behavior, including potential data corruption or application crashes, by providing specially crafted input that...

7.5CVSS5.9AI score0.00102EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:21 p.m.5 views

Symlink Attack

Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Symlink Attack in the extractall method. An attacker can overwrite arbitrary files on the host system by crafting malicious archives containing symbolic link chains that escape the intended extractio...

8.6CVSS6.3AI score0.00404EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/19 5:22 p.m.5 views

Security Bulletin: Vulnerabilities exists in IBM Netezza Software

Summary Vulnerabilities identified in IBM Netezza Software have been addressed in version 11.3.1.1. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when...

8.4CVSS8.3AI score0.02394EPSS
Exploits4Affected Software1
Rows per page
Query Builder