Lucene search
+L

1419 matches found

EUVD
EUVD
added 4 hours ago3 views

EUVD-2026-45677

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: check URB actuallength for interrupt-IN notifications USBTMC devices can use an optional interrupt endpoint for notification messages. These typically contain two-byte headers indicating the payload format, but the...

5.4AI score
Exploits0References9
NVD
NVD
added 6 hours ago3 views

CVE-2026-63886

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Validate CHAPR length before base64 decode chapservercomputehash allocates clientdigest as kzallocchap-digestsize and then, for BASE64-encoded responses, passes chapr directly to chapbase64decode without...

Exploits0References6
Cvelist
Cvelist
added 7 hours ago4 views

CVE-2026-64083 hwmon: (pmbus/adm1266) reject short block-read responses in the GPIO accessors

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/adm1266 reject short block-read responses in the GPIO accessors adm1266gpioget and adm1266gpiogetmultiple both compose the pin-status word as pinsstatus = readbuf0 + readbuf1 8; right after i2csmbusreadblockdata,...

Exploits0References8
EUVD
EUVD
added 7 hours ago3 views

EUVD-2026-45569

In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis: require exact CDB reply length Malicious SFP module could respond with rpllen longer than what cmiscdbprocessreply expected, leading to OOB writes. Malicious HW is a bit theoretical but some modules may just be bug...

5.4AI score
Exploits0References4
CVE
CVE
added 7 hours ago4 views

CVE-2026-63985

CVE-2026-63985 relates to the Linux kernel ethtool eeprom Netlink fallback path. The vulnerability stems from missing validation that the read offset plus length stays within the EEPROM length in the Netlink fallback (fallback_set_params()), unlike the ioctl path (ethtool_get_any_eeprom()) which ...

5.4AI score
Exploits0References7
Github Security Blog
Github Security Blog
added 4 days ago11 views

websocket-driver: Resource limit bypass via message compression

Impact If this library is used in tandem with the permessage-deflate extension, a WebSocket server or client can be made to accept messages that are larger than the configured maximum message size. This is because this limit is checked against the message frames' length headers, which give the si...

6.3CVSS6AI score0.00445EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

SUSE SLES15 Security Update : kernel (Live Patch 49 for SUSE Linux Enterprise 15 SP4) (SUSE-SU-2026:2932-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2932-1 advisory. This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.197 fixes various security issues The following security issues were fixed: ...

9.8CVSS6.2AI score0.00563EPSS
Exploits8References61
OSV
OSV
added 5 days ago5 views

JLSEC-2026-749 HMAC zero-length tag forgery in EVP_DigestVerifyFinal, where a zero-length tag could be accepted...

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

7.5CVSS6.1AI score0.00147EPSS
Exploits0References5
OSV
OSV
added 5 days ago5 views

JLSEC-2026-694 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status allows a same-issuer...

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS6.1AI score0.00121EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 5 days ago5 views

CVE-2026-10672 Unterminated URI buffer causes out-of-bounds read in LwM2M firmware pull (Package URI)

subsys/net/lib/lwm2m/lwm2mpullcontext.c copied the firmware-update Package URI into a fixed static buffer context.uri, size CONFIGLWM2MSWMGMTPACKAGEURILEN, default 128 with memcpycontext.uri, uri, LWM2MPACKAGEURILEN, copying exactly the destination size with no length validation. The...

8.2CVSS6.2AI score0.00277EPSS
Exploits1References2
SUSE Linux
SUSE Linux
added 5 days ago3 views

Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...

9CVSS6.7AI score0.00563EPSS
Exploits8References96
OSV
OSV
added 5 days ago2 views

SUSE-SU-2026:2945-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)

This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...

9.8CVSS6.7AI score0.00563EPSS
Exploits8References49
NVD
NVD
added 2026/07/12 5:16 p.m.8 views

CVE-2026-10665

In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...

7.4CVSS0.00382EPSS
Exploits1References2
OSV
OSV
added 2026/07/12 4:16 p.m.4 views

CVE-2026-10665 Heap buffer overflow on WireGuard receive path via unbounded incoming packet length

In Zephyr's WireGuard subsystem subsys/net/lib/wireguard, wgprocessdatamessage in wgcrypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIGWIREGUARDBUFLEN bytes before decryption. The call netbuflinearizebuf-data, datalen, pkt-buffer, ..., datalen passed the...

7.4CVSS6.2AI score0.00382EPSS
Exploits1References5
OSV
OSV
added 2026/07/02 10:16 p.m.11 views

CVE-2026-50721

Libreswan, via the function RSAauthenticatehashsignaturerawrsa, did not correctly verify the length of the authentication hash when the SIG payload of an IKEv1 packet was encoded using PKCS 1 RSA Encryption as per RFC 2313. A remote attacker can use a variation on the Bleichenbacher attack to for...

5.9CVSS6.4AI score0.00392EPSS
Exploits0References4
CVE
CVE
added 2026/07/02 9:44 p.m.29 views

CVE-2026-50721

CVE-2026-50721 concerns Libreswan where the function RSA_authenticate_hash_signature_raw_rsa() does not properly verify the authentication hash length when the SIG payload of an IKEv1 packet is encoded using PKCS#1 RSA Encryption per RFC 2313. This enables a remote attacker to leverage a Bleichen...

8.1CVSS6.3AI score0.00392EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/01 3:19 a.m.4 views

SUSE CVE-2026-53074

In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpfprogtestrunskb bpfprogtestrunskb calls ethtypetrans first and then uses skb-protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access...

5.8AI score0.00164EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 9:15 a.m.5 views

SUSE-SU-2026:2697-1 Security update for opensc

This update for opensc fixes the following issues - CVE-2025-49010: stack-buffer-overflow via crafted smart card or USB device responses bsc1261214. - CVE-2025-66037: crafted input can cause an out-of-bounds read bsc1261218. - CVE-2025-66038: improper compact-TLV length validation can lead to cra...

7.8CVSS6.2AI score0.00296EPSS
Exploits2References13
The Hacker News
The Hacker News
added 2026/06/29 7:6 a.m.21 views

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and includin...

9.8CVSS7.8AI score0.00732EPSS
Exploits11
EUVD
EUVD
added 2026/06/26 12:32 a.m.9 views

EUVD-2026-39565

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS5.8AI score0.00147EPSS
Exploits0References3
Rows per page
Query Builder