Lucene search
K

107 matches found

OSV
OSV
added 2026/03/24 9:27 a.m.3 views

SUSE-SU-2026:20822-1 Security update for systemd

This update for systemd fixes the following issues: Security issues: - CVE-2026-4105: privilege escalation due to improper access control in RegisterMachine D-Bus method bsc1259650. - CVE-2026-29111: local unprivileged user can trigger an assert in systemd bsc1259418. - udev: check for invalid...

6.7CVSS5.9AI score0.00142EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/19 12:30 a.m.6 views

EUVD-2026-12995

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References2
NVD
NVD
added 2026/03/18 10:16 p.m.6 views

CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS0.00143EPSS
Exploits0References1
OSV
OSV
added 2026/03/18 10:16 p.m.16 views

UBUNTU-CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 9:44 p.m.3 views

CVE-2026-4407

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/18 9:44 p.m.24 views

CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 due to missing validation

Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces...

2.1CVSS0.00143EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.7 views

Xpdf 安全漏洞

Xpdf is a free PDF viewer and toolkit provided by Xpdf Inc., including text extractors, image converters, HTML converters, etc. Versions of Xpdf 4.06 and earlier have security vulnerabilities, which stem from improper validation of the N field in the ICC based color space, potentially leading to...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26161

CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. https://t.co/6EPmHSJwhy...

2.1CVSS5.8AI score0.00143EPSS
Exploits0References3
CVE
CVE
added 2026/03/04 10:9 p.m.23 views

CVE-2026-29085

CVE-2026-29085 – Hono SSE field-injection risk . IBM reports that the Hono-based Node.js module used by IBM App Connect Enterprise contains a vulnerability in streamSSE() within Streaming Helper prior to 4.12.4, where event, id, and retry fields were not validated for CR/LF characters. Since SSE ...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/04 7:48 p.m.4 views

Hono Vulnerable to SSE Control Field Injection via CR/LF in writeSSE()

Summary When using streamSSE in Streaming Helper, the event, id, and retry fields were not validated for carriage return \r or newline \n characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.13 views

Kruise 代码问题漏洞

Kruise is an open-source application developed by OpenKruise. Versions of Kruise prior to 1.8.3 and 1.7.5 contained code vulnerabilities. These vulnerabilities stemmed from the lack of restrictions on the Host field in the PodProbeMarker’s webhook validation, which could allow attackers with...

7.6CVSS7.4AI score0.00285EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/02/24 12:0 a.m.4 views

Unity Linux 20.1060e / 20.1070e Security Update: wireshark (UTSA-2026-005364)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005364 advisory. In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msgdlmap.c by...

7.5CVSS5.6AI score0.0281EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/12/19 12:0 a.m.4 views

CVE-2025-67844

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub Ap...

5CVSS6.4AI score0.00368EPSS
Exploits1References4
CVE
CVE
added 2025/12/10 1:1 p.m.16 views

CVE-2024-2105

CVE-2024-2105 concerns JBL Bluetooth audio devices where an unauthorised nearby attacker can trigger a deadlock during BLE connection requests due to improper validation of the ICM field. Related records reference JBL products but do not disclose exact affected versions, exploit details, or remed...

6.5CVSS6.5AI score0.00186EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/10 1:1 p.m.4 views

CVE-2024-2105 JBL: Improper validation of ICM field in connection requests

An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...

6.5CVSS6.5AI score0.00186EPSS
Exploits0References2
CVE
CVE
added 2025/12/09 1:29 a.m.11 views

CVE-2022-50671

CVE-2022-50671 : In the Linux kernel, the RDMA/rxe path had a NULL pointer dereference during rxe_queue_init failure. Specifically, when rxe_qp_init_req fails, qp->req.task.func and qp->req.task.arg may remain uninitialized. If qp creation subsequently fails, rxe_create_qp invokes rxe_qp_do...

6.1AI score0.00248EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.6 views

Siemens RUGGEDCOM ROX II 注入漏洞

Siemens RUGGEDCOM ROX II is an operating system for industrial applications from Siemens, Germany. Siemens RUGGEDCOM ROX II suffers from an injection vulnerability that stems from insufficient validation of SCEP client fields, which can be exploited by an attacker to cause execution of arbitrary...

8.6CVSS9.3AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/26 12:0 a.m.4 views

BACnet Test Server 资源管理错误漏洞

BACnet Test Server is a testing tool for BACnet protocol devices from BACnet USA. A resource management error vulnerability exists in BACnet Test Server version 1.01 and prior versions that stems from failure to properly validate the BVLC Length field in BACnet/IP BVLC packet processing, which...

8.7CVSS6.5AI score0.00431EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2007-4357

Malware in sbrugna...

4CVSS6.4AI score0.00962EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2008-5373

Malware in sbrugna...

7.2CVSS6.1AI score0.00348EPSS
Exploits1References8
Rows per page
Query Builder