Lucene search
K

1952 matches found

CVE
CVE
added yesterday5 views

CVE-2026-55490

OpenWrt OpenWrt (embedded Linux) mediateces: CVE-2026-55490 affects the Emergency Access Daemon’s handle_send_a() where an integer underflow can lead to a pre-auth DoS by an unauthenticated attacker on the local network via a crafted UDP packet. The underflow causes a bounds-check misstep, then a...

6.5CVSS6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-55490

OpenWrt is a Linux operating system targeting embedded devices. Before v25.12.5, an integer underflow in handlesenda of the Emergency Access Daemon allows any unauthenticated attacker on the local network to crash the daemon by sending a single crafted UDP packet. The message length underflows...

6.5CVSS6AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 5 days ago5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the udpreceive process. An attacker can cause the client to enter a busy-loop and become unresponsive by continuously sending zero-length UDP datagrams from a malicious HTTP/3 server. Remediation Upgrade libcurl to...

8.7CVSS6.2AI score0.0075EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 5 days ago4 views

Linux Distros Unpatched Vulnerability : CVE-2026-54887

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling sour...

6.3CVSS6AI score0.00389EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-55950

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all...

8.7CVSS6AI score0.00406EPSS
Exploits0References3
NVD
NVD
added 6 days ago8 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS0.00389EPSS
Exploits0References5
CVE
CVE
added 6 days ago10 views

CVE-2026-55950

This CVE (CVE-2026-55950) describes a TOCTOU race in Erlang/OTP ssl (dtls_packet_demux.erl) where a DTLS listener’s shared demux process can be crashed by an unauthenticated remote attacker sending rapid ClientHello datagrams from the same source IP/port. The race in the internal gb_trees store l...

8.7CVSS5.8AI score0.00406EPSS
Exploits0References5Affected Software2
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-55950 DTLS listener crash via race condition in dtls_packet_demux causes denial of service for all sessions

Time-of-check Time-of-use TOCTOU race condition vulnerability in Erlang/OTP ssl dtlspacketdemux module allows an unauthenticated remote attacker to crash all active DTLS sessions on a listener. A DTLS server listener uses a single shared dtlspacketdemux genserver process to route incoming UDP...

8.7CVSS0.00406EPSS
Exploits0References5
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00389EPSS
Exploits0
Vulnrichment
Vulnrichment
added 6 days ago10 views

CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00389EPSS
Exploits0References5
OSV
OSV
added 6 days ago3 views

EEF-CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Summary Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtls\server\connection:initial\hello/3 initializes previous\cookie\secret...

6.3CVSS5.8AI score0.00389EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-54887

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS5.8AI score0.00389EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-54887 DTLS server cookie bypass during startup window due to empty initial cookie secret

Use of Default Cryptographic Key vulnerability in Erlang/OTP ssl DTLS server allows predictable DTLS cookie computation during the startup window, enabling source address verification bypass. On DTLS server startup, dtlsserverconnection:initialhello/3 initializes previouscookiesecret to the empty...

6.3CVSS0.00389EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago3 views

kernel: kernel: ipv6 frag escape

A flaw was found in the Linux kernel's ipv6 networking subsystem. An incorrect parameter length calculation allows an attacker with permissions to create UDP sockets to trigger overwrites of kernel memory, potentially leading to privilege escalation, data corruption, or a system crash...

5.9AI score0.00176EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-55282

Name of the Vulnerable Software and Affected Versions Eclipse Wakaama versions prior to snapshot/2026-05-26 Description An unbounded memory allocation issue exists in the CoAP Block1 handler within the coap/block.c file. Unauthenticated remote attackers can cause a denial of service by sending a...

8.7CVSS6.2AI score0.00555EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-53355

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS over InfiniBand IB connection teardown process. When the rdsibsetupqp function fails to set up a connection, it may free a memory allocation isends without properly clearing the associated pointer. This can lead to a stale point...

7CVSS5.7AI score0.00164EPSS
Exploits0References4
CVE
CVE
added last week12 views

CVE-2026-54908

CVE-2026-54908 affects the Pion DTLS Go implementation. Versions prior to 3.1.4 are vulnerable to a remote Denial of Service caused by a panic while parsing a crafted ECDHE_PSK ServerKeyExchange message. The issue has been fixed in 3.1.4. No exploitation details are provided in the documents.

6.3CVSS5.8AI score0.0032EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added last week5 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added last week7 views

Important: Red Hat Security Advisory: gnutls security update

An update for gnutls is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

9.1CVSS6AI score0.01335EPSS
Exploits0References4
EUVD
EUVD
added last week6 views

EUVD-2026-40989

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...

5.8AI score0.00164EPSS
Exploits0References8
Rows per page
Query Builder