Lucene search
K

1228 matches found

EUVD
EUVD
added 3 days ago7 views

EUVD-2026-42980

GNU Wget does not validate the IP address provided by an FTP PASV response while operating in FTP passive mode. A malicious FTP server, or an HTTP server that redirects to an FTP URL, can exploit this behavior to redirect Wget’s data connection to an arbitrary IP address and port. This allows an...

5.9CVSS6.2AI score0.00121EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago4 views

CVE-2026-59995

A flaw was found in OpenSSH. The sftp client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References6
CVE
CVE
added 2026/07/01 2:8 p.m.17 views

CVE-2026-2891

The CVE-2026-2891 entry concerns Poly Voice IP devices (CCX, Trio, Edge E) and describes a potential DoS if these devices connect to a malicious SIP server sending malformed data. Affected components are the Poly Voice devices themselves; the root cause is triggered by malformed SIP input from a ...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 2:17 a.m.17 views

CVE-2026-57962

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

5.3CVSS0.00203EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/01 12:58 a.m.44 views

CVE-2026-57962 Denial-of-service via malicious LDAP address-book server

A malicious LDAP server, which a Thunderbird user is configured to query for address-book autocomplete, can stash arbitrarily large amounts of attacker-supplied data into the Thunderbird LDAP client until it crashes due to memory exhaustion. This vulnerability was fixed in Thunderbird 152.0.1 and...

0.00203EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.4 views

EUVD-2026-40422

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 11:39 p.m.3 views

BIT-GHOST-2026-53950 @tryghost/activitypub: XSS in Ghost's ActivityPub client

@tryghost/activitypub is Ghost’s social/federation client app. Prior to 3.1.0, the ActivityPub client in Ghost was vulnerable to JavaScript injection on posts shared by a maliciously customised ActivityPub server. This vulnerability is fixed in 3.1.0...

7.5CVSS5.8AI score0.00204EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 2:58 p.m.9 views

CVE-2026-58051

A flaw in libssh2 allows a malicious SSH server to send a malformed public key response, triggering an invalid memory cleanup. This can cause the connecting client application to crash or leak information. Mitigation To mitigate this issue, ensure your applications connect only to trusted and...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2026/06/28 2:16 a.m.3 views

UBUNTU-CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References6
CVE
CVE
added 2026/06/28 1:32 a.m.46 views

CVE-2026-58051

CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.44 views

CVE-2026-58051 libssh2 - Free of Uninitialized Pointer in publickey List Cleanup

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS0.0028EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/28 1:32 a.m.5 views

CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53083

Name of the Vulnerable Software and Affected Versions libssh2 versions prior to 1.11.2 Description An issue exists in the public key parsing process where the software expands its public key list using SSH2 REALLOC but fails to zero-initialize new entries before they are populated. If a parse...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:1 p.m.20 views

CVE-2026-7531

CVE-2026-7531 describes a use-after-free in the handling of PQC hybrid key-shares for TLS 1.3. The issue occurs when a malicious server sends a truncated PQC hybrid KeyShare, which can trigger the error cleanup path to operate on freed memory. Documents consistently label this as an incomplete fi...

9.8CVSS5.9AI score0.00346EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 3:48 p.m.16 views

CVE-2026-54030

CVE-2026-54030 affects LibreChat (MCP OAuth flow). Before v0.8.5, the OAuth Protected Resource metadata’s resource parameter is not validated against the MCP server URL, enabling a malicious MCP server to steal access tokens intended for a legitimate server. Affected version range includes pre-0....

9.3CVSS5.9AI score0.00113EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/06/25 12:59 p.m.6 views

EUVD-2026-39357

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation...

5.9CVSS5.8AI score0.004EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 12:59 p.m.13 views

CVE-2026-42387

PowerDNS Recursor is affected by CVE-2026-42387 due to insufficient input validation in the ZoneToCache function. A malicious authoritative server can send a crafted zone via ZoneToCache, causing the Recursor to crash and impacting availability. Root cause identified as insufficient input validat...

5.9CVSS5.8AI score0.004EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:58 p.m.4 views

CVE-2026-33612

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning...

7.5CVSS5.8AI score0.00119EPSS
Exploits0
CVE
CVE
added 2026/06/24 6:4 p.m.11 views

CVE-2026-53950

CVE-2026-53950 affects @tryghost/activitypub (Ghost’s ActivityPub client). Before 3.1.0, the ActivityPub client was susceptible to JavaScript injection on posts shared from a maliciously customized ActivityPub server. The issue is fixed in 3.1.0. The associated metrics indicate a high-severity im...

7.5CVSS5.9AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.7 views

CVE-2026-55199

A vulnerability in libssh2 allows a malicious SSH server to freeze connected clients during the handshake process. By sending a malformed packet, the server triggers a loop that exhausts the client's CPU, resulting in a denial of service. Mitigation To mitigate this issue, ensure your libssh2...

8.2CVSS5.9AI score0.00408EPSS
Exploits1References6
Rows per page
Query Builder