Lucene search
+L

5153 matches found

NVD
NVD
added 2 days ago6 views

CVE-2026-15422

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...

10CVSS0.00508EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-15422 SCTP needs to better-check INIT ACK chunk parameters

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...

10CVSS0.00508EPSS
Exploits0References3
CVE
CVE
added 2 days ago9 views

CVE-2026-15422

CVE-2026-15422 concerns illumos SCTP where the inbound path performs association lookups for INIT ACK chunks without validating the address parameters. The vulnerability is triggered during packet classification, before SCTP integrity checks or IPsec policies, allowing a remote, unauthenticated a...

10CVSS6.3AI score0.00508EPSS
Exploits0References3
NVD
NVD
added 3 days ago7 views

CVE-2026-55445

Qinglong is a timed task management platform supporting Python3, JavaScript, Shell, and Typescript. Prior to 2.20.1, the init guard middleware in back/loaders/express.ts checks /api/user/init but not /open/user/init, while rewrite'/open/', '/api/$1' rewrites the whitelisted /open/ path after JWT...

9.3CVSS0.00404EPSS
Exploits0References3
CVE
CVE
added 3 days ago16 views

CVE-2026-55445

Qinglong vulnerability CVE-2026-55445: Before 2.20.1, the init guard in back/loaders/express.ts checked /api/user/init but not /open/user/init. After a subsequent rewrite of /open/* to /api/$1 (post-auth), an unauthenticated attacker could issue PUT /open/user/init to reset the administrator cred...

9.3CVSS6.1AI score0.00404EPSS
Exploits0References3
OSV
OSV
added 3 days ago4 views

DEBIAN-CVE-2026-61860

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-44610

ImageMagick before 7.1.2-26 and 6.9.13-51 contains a use-after-free vulnerability that occurs when freetype initialization fails: the method does not exit and continues to use memory that was already freed. This can be triggered during image processing and may lead to a denial of service...

6.3CVSS6.1AI score0.00221EPSS
Exploits0References2
OSV
OSV
added 4 days ago3 views

CVE-2026-10671 User thread can re-initialize an in-use `k_pipe`, corrupting kernel wait queues (`CONFIG_USERSPACE`)

In Zephyr's kernel pipe implementation, the userspace syscall verifier zvrfykpipeinit in kernel/pipe.c used KSYSCALLOBJ which requires the kernel object to already be initialized instead of KSYSCALLOBJNEVERINIT which rejects an already-initialized object. As a result, on CONFIGUSERSPACE builds an...

7.1CVSS6.1AI score0.00103EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00465EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago6 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00465EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago4 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00465EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 5 days ago5 views

OpenEXR: OpenEXR: Information disclosure and denial of service via malformed EXR files

A flaw was found in OpenEXR. A remote attacker could exploit a vulnerability in the IDManifest::init function when processing specially crafted EXR files. The function attempts to reconstruct strings from a prefix-compressed representation. If a previous string exceeds 255 bytes, the subsequent...

9.1CVSS6.1AI score0.00465EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 5 days ago4 views

The vulnerability of the damon_reclaim_init() function in the mm/damon/reclaim.c module of the Linux kernel’s memory management subsystem allows a hacker to trigger a service failure.

The vulnerability of the damonreclaiminit function in the mm/damon/reclaim.c module of the Linux kernel’s memory management subsystem is related to improper memory release „memory leak“. Exploiting this vulnerability could allow an attacker to cause a system failure...

5.5CVSS6.6AI score0.00223EPSS
Exploits0References9Affected Software2
EUVD
EUVD
added 2026/07/10 7:48 a.m.8 views

EUVD-2026-42846

The Easy Upload Files During Checkout plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.0.1. This is due to missing authorization checks in the ufdccustominit function, which processes the 'eufdc-delete' parameter without any nonce verification,...

5.3CVSS6.2AI score0.00243EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:52 a.m.7 views

CVE-2026-7558

The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to unauthorized access in all versions up to and including 4.0.2. This is due to the handleexporttable function being registered on the WordPress 'init' hook, which fires for all requests, including...

5.3CVSS5.8AI score0.00262EPSS
Exploits0References9
OSV
OSV
added 2026/07/08 9:16 p.m.2 views

DEBIAN-CVE-2026-55206

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Prior to 1.1.3, PackInfo.read in archiveinfo.py used an On^2 cumulative sum pattern for attacker-controlled numstreams values parsed from archive headers, allowing a crafted...

8.7CVSS6.1AI score0.00321EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/07/08 5:28 p.m.14 views

Malicious code in next-locomotive-init (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9a11400eaa7dd74b24610ec815438de047089be7005b94c37717fa2b6f916ab6 The package's declared postinstall script reads the installer's OS username via os.userInfo.username and the machine hostname via os.hostname, compos...

6.2AI score
Exploits0References5
CVE
CVE
added 2026/07/08 3:3 p.m.11 views

CVE-2026-55761

Portainer Community Edition contains a vulnerability where, in versions 2.39.0–2.39.3 and 2.40.0–2.43.0, unauthenticated restore and administrator initialization endpoints (/api/restore and /api/users/admin/init) remain accessible during the five-minute setup window for uninitialized instances. A...

7.1CVSS5.9AI score0.00272EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/07/08 3:3 p.m.3 views

CVE-2026-55761 Portainer: Unauthenticated Restore Endpoint Allows Admin Takeover on Uninitialised Portainer Instances

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. In versions 2.39.0 through 2.39.3 and 2.40.0 until 2.43.0, unauthenticated restore and administrator initialization...

7.1CVSS6.1AI score0.00272EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/07/08 11:38 a.m.37 views

CVE-2026-41042 Apache Gravitino: Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter

Unauthenticated callers can supply a malicious H2 JDBC URL through the testConnection API, which executes arbitrary Java code on the server via H2's INIT parameter. Vulnerability in Apache Gravitino. This issue affects Apache Gravitino: before 1.2.1. Users are recommended to upgrade to version...

0.00285EPSS
Exploits0References1
Rows per page
Query Builder