Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18947 matches found

Vulnrichment
Vulnrichmentadded 2026/06/09 4:3 p.m.5 views

CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

5.5AI score0.00158EPSS
Exploits0References2
CVE
CVEadded 2026/06/09 4:3 p.m.133 views

CVE-2026-34182

CVE-2026-34182 describes a vulnerability in CMS AuthEnvelopedData processing in OpenSSL where insufficient input validation on cipher and tag length can allow forged or manipulated messages. Attack scenarios include selecting non-AEAD ciphers (e.g., AES-256-OFB) that bypasses integrity checks and...

9.1CVSS5.5AI score0.00222EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinuxadded 2026/06/09 4:3 p.m.17 views

CVE-2026-34182

Issue Summary: Cryptographic Message Services CMS processing fails to perform sufficient input validation on the cipher and tag length fields of AuthEnvelopedData containers, leading to various potential compromises. Impact Summary: Attackers making use of these vulnerabilities may achieve...

9.1CVSS5.4AI score0.00222EPSS
Exploits0
CVE
CVEadded 2026/06/09 4:2 p.m.21 views

CVE-2026-49841

FreeSWITCH is affected by a pre-authentication heap overflow in the mod_verto HTTP POST body read. Before version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for application/x-www-form-urlencoded bodies but accepts Content-Length up to just under 10 MiB. The body-rea...

9.8CVSS5.7AI score0.0034EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinuxadded 2026/06/09 4:2 p.m.7 views

CVE-2026-49841

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the modverto HTTP request handler allocates a fixed 2 MiB buffer for a POST...

9.8CVSS5.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 4:0 p.m.34 views

CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS0.00267EPSS
Exploits0References2
EUVD
EUVDadded 2026/06/09 4:0 p.m.6 views

EUVD-2026-35471

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS5.4AI score0.00267EPSS
Exploits0References2
CVE
CVEadded 2026/06/09 4:0 p.m.22 views

CVE-2026-49840

CVE-2026-49840 affects FreeSWITCH libesl before version 1.11.1. The flaw occurs in esl_recv_event(): Content-Length is parsed with atol() and the result is passed to malloc(len + 1) without sign or magnitude checks, allowing a pre-authentication, remote attacker to corrupt the heap or crash the p...

9.1CVSS5.4AI score0.00267EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/06/09 4:0 p.m.6 views

CVE-2026-49840 FreeSWITCH: Pre-authentication heap buffer overflow in libesl `Content-Length` parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS5.4AI score0.00267EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/06/09 4:0 p.m.4 views

CVE-2026-49840

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS5.4AI score0.00267EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/06/09 4:0 p.m.31 views

CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS0.00278EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/06/09 4:0 p.m.7 views

CVE-2026-49475 FreeSWITCH: Out-of-bounds memory access in core STUN attribute parsing

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2026/06/09 4:0 p.m.9 views

CVE-2026-49475

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser...

7.5CVSS5.4AI score0.00278EPSS
Exploits0References2
OSV
OSVadded 2026/06/09 2:16 p.m.8 views

DEBIAN-CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.7AI score0.00335EPSS
Exploits0References1
NVD
NVDadded 2026/06/09 2:16 p.m.10 views

CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS0.00335EPSS
Exploits0References3
OSV
OSVadded 2026/06/09 2:16 p.m.5 views

UBUNTU-CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.5AI score0.00335EPSS
Exploits0References5
NVD
NVDadded 2026/06/09 1:16 p.m.7 views

CVE-2026-46321

In the Linux kernel, the following vulnerability has been resolved: tun: free page on short-frame rejection in tunxdpone tunxdpone returns -EINVAL on a frame shorter than ETHHLEN without freeing the page that vhostnetbuildxdp allocated for it. tunsendmsg discards that -EINVAL and still returns...

7.1CVSS0.00129EPSS
Exploits0References4
CVE
CVEadded 2026/06/09 1:2 p.m.22 views

CVE-2026-11789

Affected software : 389 Directory Server (389-ds-base). Vulnerable component : SMD5 password storage plugin. Root cause : unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read and LDAP server crash during authenticatio...

6.5CVSS5.7AI score0.00335EPSS
Exploits0References3Affected Software3
Debian CVE
Debian CVEadded 2026/06/09 1:2 p.m.7 views

CVE-2026-11789

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

6.5CVSS5.7AI score0.00335EPSS
Exploits0
Cvelist
Cvelistadded 2026/06/09 1:2 p.m.26 views

CVE-2026-11789 389-ds-base: 389-ds-base: smd5 password storage plugin salt length integer underflow crash

A flaw was found in 389 Directory Server. The SMD5 password storage plugin performs unsigned integer underflow when computing salt length from a crafted password hash shorter than 16 bytes, causing a buffer over-read that crashes the LDAP server during authentication...

4.9CVSS0.00335EPSS
Exploits0References3
Rows per page
Query Builder