Lucene search
K

3966 matches found

CVE
CVE
added 2026/06/26 1:14 a.m.42 views

CVE-2026-48619

CVE-2026-48619 describes a flaw in Node.js HTTP/2 client where a server can send an unlimited number of ORIGIN frames, potentially causing an Out of Memory (OOM) on the client. Affected releases are Node.js 22, 24, and 26. The June 2026 security releases provide fixes in updated versions: 22.23.0...

7.5CVSS6.7AI score0.00656EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 1:14 a.m.8 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

5.3CVSS6.5AI score0.00656EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/26 1:14 a.m.8 views

CVE-2026-48619

A flaw in Node.js HTTP/2 client allows a server to send an unlimited number of ORIGIN frames, which could lead to an Out of Memory error on the client. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS6.7AI score0.00656EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 12:37 a.m.7 views

CVE-2026-53254

A flaw was found in the Linux kernel's Bluetooth RFCOMM Radio Frequency Communication subsystem. A malicious remote device could exploit this vulnerability by sending specially crafted, truncated Multiplexing Control Channel MCC frames. This lack of proper validation of incoming data length befor...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 12:3 a.m.8 views

CVE-2026-53087

A flaw was found in the Linux kernel's bcmgenet network driver. When the transmit tx queue is reclaimed, the driver incorrectly drops data frames without returning them to the pool of free buffer descriptors bds. This oversight results in a resource leak, which can lead to resource exhaustion and...

7.5CVSS6AI score0.00376EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 7:33 p.m.3 views

SUSE-SU-2026:22369-1 Security update for libaom

This update for libaom fixes the following issues - CVE-2026-56208: untrusted encoder configuration inputs can lead to a heap-based buffer overflow and a process crash bsc1268650. - CVE-2026-56209: crafted video frames with specific Y-plane pixel values can lead to an arbitrary memory write...

7.6CVSS6.7AI score0.00414EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.6 views

CVE-2026-53003

A flaw was found in the Linux kernel's Point-to-Point Protocol over Ethernet PPPoE driver. A remote attacker or a peer with a misconfigured implementation could send specially crafted Protocol Field Compression PFC frames. This could lead to a one-byte shift in the PPP payload, causing a four-byt...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 5:32 p.m.6 views

CVE-2026-54274

A flaw was found in aiohttp, an asynchronous HTTP client/server framework. An attacker can exploit this vulnerability by sending large, incomplete websocket frame payloads. This can bypass normal memory usage limits, potentially leading to a Denial of Service DoS where the affected system becomes...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References5
OSV
OSV
added 2026/06/25 1:15 p.m.7 views

USN-8471-1 containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu...

9.4CVSS6.4AI score0.00781EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/25 1:14 p.m.10 views

USN-8473-1: containerd vulnerabilities

It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...

9.9CVSS6.4AI score0.00781EPSS
Exploits0
CVE
CVE
added 2026/06/25 12:22 p.m.21 views

CVE-2026-40208

CVE-2026-40208 concerns DoH3 servers handling DoH3 GET queries with an invalid DATA frame, potentially delaying processing and causing a denial of service. The available records state the impact as availability loss (LOW) with a CVSS 3.1 base score of 3.7, network-exposed and requiring no privile...

3.7CVSS5.9AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53253

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

7.1CVSS0.00274EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 9:16 a.m.6 views

UBUNTU-CVE-2026-53253

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

7.1CVSS5.7AI score0.00274EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/25 8:39 a.m.7 views

EUVD-2026-39204

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

5.7AI score0.00274EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.30 views

CVE-2026-53253 Bluetooth: bnep: reject short frames before parsing

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

7.1CVSS0.00274EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:39 a.m.20 views

CVE-2026-53253

CVE-2026-53253 affects the Linux kernel Bluetooth BNEP stack. The vulnerability arises when a BNEP peer sends a short SDU and the kernel bnep_rx_frame() reads the packet type, then bnep_rx_control() dereferences the control opcode or setup UUID-size byte before ensuring those bytes are present. T...

7.1CVSS5.7AI score0.00274EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53253

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: reject short frames before parsing A BNEP peer can send a short BNEP SDU. bneprxframe reads the packet type byte immediately and, for control packets, reads the control opcode and setup UUID-size byte before...

7.1CVSS5.7AI score0.00274EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52324

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the XSK branch of the mlx5e xmit xdp buff function. When the sq-xmit xdp frame function returns false, such as when the XDPSQ is full, the system fails to unmap t...

7.5CVSS6AI score0.00466EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53003

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pppoe: drop PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiatin...

7.5CVSS5.9AI score0.00508EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and addres...

6AI score0.00164EPSS
Exploits0References3
Rows per page
Query Builder