Lucene search
K

3043 matches found

OSV
OSV
added 2026/06/09 6:10 a.m.10 views

BELL-CVE-2026-46280

Bulletin has no description...

7.8CVSS5.2AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.9 views

DEBIAN-CVE-2026-41842

Spring MVC and WebFlux applications are vulnerable to Denial of Service DoS attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 through 5.3.48...

7.5CVSS5.5AI score0.00399EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.7 views

DEBIAN-CVE-2026-41848

Applications may be vulnerable to a Regular Expression Denial of Service ReDoS attack if an attacker is able to provide a pattern which is then directly or indirectly supplied to one of the following methods in AntPathMatcher: matchString pattern, String path, matchStartString pattern, String pat...

7.5CVSS5.4AI score0.00317EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 5:16 a.m.8 views

UBUNTU-CVE-2026-41845

Due to incorrect escaping, the use of JavaScriptUtils.javaScriptEscape may lead to JavaScript code injection in the browser, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3....

7.1CVSS5.3AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 3:50 a.m.63 views

CVE-2026-41845

The CVE-2026-41845 entry affects Spring Framework versions 7.0.0–7.0.7, 6.2.0–6.2.18, 6.1.0–6.1.27, and 5.3.0–5.3.48. The issue stems from incorrect escaping in JavaScriptUtils.javaScriptEscape(), which may allow JavaScript code injection in the browser and enable cross-site scripting (XSS). The ...

7.1CVSS5.3AI score0.00161EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/08 5:16 p.m.13 views

DEBIAN-CVE-2026-46306

In the Linux kernel, the following vulnerability has been resolved: flowdissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression PFC is NOT RECOMMENDED for PPPoE. In practice, pppd does not support negotiating PFC for PPPoE sessions, and the flow...

7.5CVSS5.3AI score0.00389EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 5:16 p.m.11 views

DEBIAN-CVE-2026-46307

In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: The ath5k driver seems to do an array-index-out-of-bounds access as shown by the UBSAN kernel message: UBSAN: array-index-out-of-bounds in...

8.3CVSS5.3AI score0.0022EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 5:16 p.m.10 views

DEBIAN-CVE-2026-46302

In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at any time. This allows any process to block any other process from reading the kernel policy. The...

5.4AI score0.00145EPSS
Exploits0References1
NVD
NVD
added 2026/06/08 5:16 p.m.10 views

CVE-2026-43966

Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields string values. cowhttpstructhd:escapestring/2 in cowlib only escapes \ and ", passing all other byt...

6.3CVSS0.00313EPSS
Exploits0References4
OSV
OSV
added 2026/06/08 4:16 p.m.16 views

DEBIAN-CVE-2026-34355

A buffer overflow in modproxyhtml in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue...

7.5CVSS5.6AI score0.00805EPSS
Exploits0References1
OSV
OSV
added 2026/06/07 7:48 a.m.11 views

DEBIAN-CVE-2025-15646

HTML::Gumbo versions before 0.19 for Perl disclose heap memory via type confusion. Support for the element was added to libgumbo 0.10.0 in 2015, but the walktree function in lib/HTML/Gumbo.xs was not updated to support it. The element was treated as a text-node, where strlen over-reads the heap...

9.8CVSS5.8AI score0.00663EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/07 4:47 a.m.11 views

SUSE CVE-2026-11043

Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.5AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/06/06 6:10 a.m.9 views

BELL-CVE-2026-50260

Bulletin has no description...

7.8CVSS5.2AI score0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/06/06 6:10 a.m.7 views

BELL-CVE-2026-50258

Bulletin has no description...

7.8CVSS5.2AI score0.00161EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-5083

Ado::Sessions versions through 0.935 for Perl generates insecure session ids. The session id is generated from a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked fr...

5.3CVSS5.4AI score0.00428EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:16 p.m.12 views

DEBIAN-CVE-2026-48102

7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parser. In CFileId::Parse CPP/7zip/Archive/Udf/UdfIn.cpp, after validating size 38 + idLen + impLen and...

4.3CVSS5.6AI score0.00189EPSS
Exploits1References1
OSV
OSV
added 2026/06/05 4:17 a.m.7 views

UBUNTU-CVE-2026-50593

Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range...

7.3CVSS5.2AI score0.00112EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/05 3:14 a.m.15 views

SUSE CVE-2026-26825

A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xlsparseWorkBook and is triggered by uninitialized heap memory originating from the OLE layer ole2read. The flaw is detectable with MemorySanitizer MSAN and can lead to...

5.3CVSS5.8AI score0.00214EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-11043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out of bounds write in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially...

9.6CVSS5.5AI score0.00301EPSS
Exploits0References2
OSV
OSV
added 2026/06/04 5:16 p.m.8 views

DEBIAN-CVE-2026-49940

Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One U+0661 were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References1
Rows per page
Query Builder