Lucene search
K

1682 matches found

NVD
NVD
added yesterday5 views

CVE-2026-51602

A stack-based buffer overflow vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 allows an unauthenticated remote attacker to cause a denial of service via a crafted SETUP request. The RTSP service's second-stage URL routing parser fails to validate the length of the URL fiel...

7.5CVSS
Exploits0References1
OSV
OSV
added 4 days ago5 views

OESA-2026-2832 python-zeroconf security update

Pure Python Multicast DNS Service Discovery Library Bonjour/Avahi compatible Security Fixes: readcharacterstring and readstring in src/zeroconf/protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against...

6AI score
Exploits0References2
OSV
OSV
added last week2 views

OPENSUSE-SU-2026:21228-1 Security update for glibc

This update for glibc fixes the following issues - CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write bsc1263656. - CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure bsc1263658...

7.3CVSS6.1AI score0.00311EPSS
Exploits0References4
OSV
OSV
added last week3 views

SUSE-SU-2026:2743-1 Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issue - CVE-2026-52719: gstreamer1-plugins-bad-free: GStreamer: Out-of-bounds read via JPEG segment length validation in VA decoder bsc1268401...

7.1CVSS5.9AI score0.00301EPSS
Exploits0References3
NVD
NVD
added 2026/07/01 3:17 p.m.7 views

CVE-2026-6687

FatFs R0.16 and earlier contains a stack overflow bug in fgetlabel because exFAT label length XDIRNumLabel is trusted without enforcing spec maximums. This maps to CWE-121 Stack-based Buffer Overflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 7.6, High. The estimate...

7.6CVSS0.00232EPSS
Exploits2References4
RedhatCVE
RedhatCVE
added 2026/07/01 9:48 a.m.9 views

CVE-2026-57451

A flaw in Vim allows an attacker to cause a Denial of Service DoS via an application crash. If a user opens a maliciously crafted undo file, an out-of-bounds read is triggered in the gettextprops function due to missing length validation on property counts. Mitigation Users are advised to avoid...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/07/01 9:11 a.m.7 views

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/07/01 12:20 a.m.8 views

kernel: dlm: validate length in dlm_search_rsb_tree

A flaw was found in the Linux kernel's Distributed Lock Manager dlm module. An attacker could send specially crafted network messages with an oversized length parameter to the dlmdumprsbname function. This lack of validation can lead to an out-of-bounds write in the dlmsearchrsbtree function,...

9.8CVSS6.4AI score0.00426EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/30 3:24 p.m.6 views

CVE-2026-45822

A flaw was found in the decode-uri-component library. This vulnerability allows a remote attacker to trigger a Denial of Service DoS by submitting specially crafted input. The decode function, when processing a large number of encoded URI components, consumes excessive CPU resources, which can le...

8.7CVSS5.8AI score0.00304EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 9:42 a.m.3 views

SUSE-SU-2026:22453-1 Security update for glibc

This update for glibc fixes the following issues - CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write bsc1263656. - CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure bsc1263658...

7.3CVSS6.1AI score0.00311EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:10 a.m.7 views

CVE-2026-9267

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...

6.9CVSS6AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.7 views

SUSE SLES15 Security Update : opensc (SUSE-SU-2026:2657-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2657-1 advisory. This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device...

7.8CVSS6.2AI score0.00296EPSS
Exploits2References19
OSV
OSV
added 2026/06/26 12:25 p.m.2 views

SUSE-SU-2026:2657-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to cra...

7.8CVSS6.2AI score0.00296EPSS
Exploits2References13
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.7 views

SUSE CVE-2026-53254

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: validate skb length in MCC handlers The RFCOMM MCC handlers cast skb-data to protocol-specific structs without validating skb-len first. A malicious remote device can send truncated MCC frames and trigger...

8.1CVSS5.9AI score0.00283EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:37 a.m.7 views

CVE-2026-53254

A flaw was found in the Linux kernel's Bluetooth RFCOMM Radio Frequency Communication subsystem. A malicious remote device could exploit this vulnerability by sending specially crafted, truncated Multiplexing Control Channel MCC frames. This lack of proper validation of incoming data length befor...

8.1CVSS5.8AI score0.00283EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 12:32 a.m.6 views

EUVD-2026-39565

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS5.8AI score0.00147EPSS
Exploits0References3
Rockylinux
Rockylinux
added 2026/06/25 12:1 p.m.6 views

freerdp security update

An update is available for freerdp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released...

7.5CVSS6.7AI score0.00985EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.17 views

CVE-2026-53195

The CVE-2026-53195 issue affects the Linux kernel USB: serial: io_ti driver. build_i2c_fw_hdr() allocates a fixed buffer and copies img_header->Length (up to 65535) without validating it against remaining space, enabling a potential heap overflow. The root cause is that check_fw_sanity() valid...

7.8CVSS6AI score0.00153EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.4 views

EUVD-2026-39286

In the Linux kernel, the following vulnerability has been resolved: USB: serial: ioti: fix heap overflow in buildi2cfwhdr buildi2cfwhdr allocates a fixed-size buffer of 161024 - 512 + sizeofstruct tii2cfirmwarerec bytes, then copies le16tocpuimgheader-Length bytes into it without validating that...

6AI score0.00153EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.4 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00175EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder