Lucene search
K

4239 matches found

Vulnrichment
Vulnrichment
added 2026/04/24 7:39 p.m.3 views

CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows unauthenticated remote attackers to read past allocated buffer boundaries by sending a truncated W...

8.7CVSS5.7AI score0.00482EPSS
Exploits1References1
OSV
OSV
added 2026/04/23 9:15 p.m.5 views

GHSA-C2JG-5CP7-6WC7 Pipecat: Remote Code Execution by Pickle Deserialization Through LivekitFrameSerializer

Remote Code Execution via Unsafe Deserialization in Pipecat's LivekitFrameSerializer Summary A critical vulnerability exists in Pipecat's LivekitFrameSerializer – an optional, non-default, undocumented frame serializer class now deprecated intended for LiveKit integration. The class's deserialize...

9.8CVSS7.1AI score0.00701EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:5 p.m.4 views

CVE-2026-41078

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS5.7AI score0.00222EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/04/23 6:5 p.m.9 views

CVE-2026-41078 OpenTelemetry dotnet: Potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set and that enlarged size is reused for subsequent allocations. Under...

5.9CVSS5.7AI score0.00222EPSS
Exploits0References1
RustSec
RustSec
added 2026/04/23 12:0 p.m.14 views

bare-metal is deprecated

The bare-metal crate has been deprecated and archived. For Mutex and CriticalSection, see the critical-section crate instead...

5.2AI score
Exploits0
Snyk
Snyk
added 2026/04/22 8:37 p.m.6 views

Insecure Default Initialization of Resource

Overview Affected versions of this package are vulnerable to Insecure Default Initialization of Resource due to insecure default SSH server configuration, which advertises weak or deprecated key exchange, MAC, and host key algorithms. An attacker can compromise the confidentiality and integrity o...

6.3CVSS5.6AI score
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/21 11:50 p.m.149 views

Exploit for Injection in Ghost

This is a rework of the Repo by rootxran for this same CVE - htt...

9.8CVSS5.8AI score0.00372EPSS
Exploits3
OSV
OSV
added 2026/04/21 9:0 a.m.3 views

DEBIAN-CVE-2026-5358

The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application...

5.9AI score0.0004EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-5358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to...

5.9AI score0.0004EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/20 9:31 p.m.4 views

EUVD-2026-23977

The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application...

5.9AI score0.0004EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 9:16 p.m.15 views

CVE-2026-5358

Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold...

0.0004EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/20 8:37 p.m.11 views

CVE-2026-5358

...

5.7AI score0.0004EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/20 8:37 p.m.6 views

CVE-2026-5358

Removed by vendor...

5.7AI score0.0004EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/20 3:34 a.m.7 views

Langflow: DoS Through Lack of File Size Restriction via Deprecated Unauthenticated File Upload API

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function createuploadfile of the file src/backend/base/Langflow/api/v1/endpoints.py of the component API Endpoint. The manipulation results in unrestricted upload. It is possible to launch the attack...

7.5CVSS7AI score0.00284EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.6 views

PT-2026-33850

Name of the Vulnerable Software and Affected Versions glibc versions prior to 2.44 Description The obsolete nis local principal function may overflow a buffer in the data section. This allows an attacker to spoof a crafted response to a UDP request generated by this function and overwrite...

9.1CVSS5.5AI score0.0004EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/18 1:5 a.m.6 views

OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path

Summary !IMPORTANT There is no plan to fix this issue as OpenTelemetry.Exporter.Jaeger was deprecated in 2023. It is for informational purposes only. OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on a large observed span/tag set...

5.9CVSS5.7AI score0.00222EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/17 3:31 p.m.6 views

EUVD-2026-23432

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.8AI score0.0016EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/17 1:45 p.m.46 views

CVE-2026-6491 libvips nip2 vips7compat.c im_minpos_vec heap-based overflow

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:45 p.m.4 views

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.6AI score0.0016EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/04/17 1:45 p.m.8 views

CVE-2026-6491 libvips nip2 vips7compat.c im_minpos_vec heap-based overflow

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.8AI score0.0016EPSS
Exploits0References7
Rows per page
Query Builder