Lucene search
K

248 matches found

The Hacker News
The Hacker News
added 3 days ago9 views

16-Year-Old Linux KVM Flaw Lets Guest VMs Escape to Host on Intel and AMD x86 Systems

A use-after-free bug in Linux's KVM hypervisor can be triggered from a guest virtual machine to corrupt the shadow-page state of the host kernel that runs it. Dubbed 'Januscape' and tracked as CVE-2026-53359, the flaw sits in the shadow MMU code that KVM shares across both Intel and AMD. The publ...

5.9AI score0.00176EPSS
Exploits2
Cvelist
Cvelist
added 2026/06/25 5:24 a.m.32 views

CVE-2026-12245 Denial of DNS over TLS service by any DoT client

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51912

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the kernel may incorrectly initiate I/O to read pages that have already been updated during Garbage Collection GC. This occurs when a page i...

6AI score0.00166EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.14 views

Astra Linux – Vulnerability in Parsec

The vulnerability of the gobblefile function in the lsm utility of the PARSEC security subsystem is related to improper memory release after its use. Exploiting this vulnerability allows an attacker to cause service failures...

6.2CVSS5.9AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/17 8:23 p.m.10 views

CVE-2026-12306

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bug fixed in Thunderbird ESR 140.12...

6.1CVSS5.3AI score0.00261EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/29 12:38 a.m.15 views

EUVD-2026-33205

Out of bounds memory access in ANGLE in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.2AI score0.00325EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.21 views

PT-2026-44989

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 3.26.0 Description The planar bitmap decoder contains an out-of-bounds heap write when decoding RLE planar data. In the libfreerdp/codec/planar.c file, the freerdp bitmap decompress planar function validates the X...

9.8CVSS5.9AI score0.00462EPSS
Exploits1References40
RedHat Linux
RedHat Linux
added 2026/05/28 2:21 a.m.19 views

kernel: mm/page_alloc: clear page->private in free_pages_prepare()

A flaw was found in the Linux kernel's memory management subsystem. When pages are freed, the page-private field is not properly cleared. If these pages are later reallocated as high-order pages and split, the tail pages can retain stale page-private values. This can lead to a use-after-free...

7.8CVSS5.8AI score0.0013EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2019-17025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers reported memory safety bugs present in Firefox 71. Some of these bugs showed evidence of memory corruption and we presume that with enough...

8.8CVSS7.4AI score0.01281EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in aom

The aomimage.c file within libaom in AOMedia, as of April 7, 2021, releases memory that is not located in the heap...

9.8CVSS7.2AI score0.0205EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Squid

A issue was discovered in Squid before version 4.15 and 5.x before version 5.0.6. Due to a memory-management bug, it is vulnerable to a Denial of Service attack targeting all clients using the proxy through HTTP Range request processing...

6.5CVSS7AI score0.95785EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to perform out-of-bounds memory access via a crafted HTML page. Chromium security severity: High...

4.3CVSS5.5AI score0.00278EPSS
Exploits0References2
OSV
OSV
added 2026/05/14 2:43 a.m.13 views

MGASA-2026-0134 Updated redis packages fix security vulnerabilities

CVE-2026-23479 Use-After-Free in unblock client flow may lead to Remote Code Execution. CVE-2026-25243 Invalid memory access in RESTORE may lead to Remote Code Execution CVE-2026-23631 Lua Use-After-Free may lead to remote code execution A user can manipulate data read by a connection by injectin...

8.8CVSS6.1AI score0.02995EPSS
Exploits4References5
Cvelist
Cvelist
added 2026/05/11 8:8 p.m.35 views

CVE-2026-28994

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to...

0.00242EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.39 views

macOS 26.x < 26.5 Multiple Vulnerabilities (127115)

The remote host is running a version of macOS / Mac OS X that is 26.x prior to 26.5. It is, therefore, affected by multiple vulnerabilities: - A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitializ...

8.8CVSS6.8AI score0.07112EPSS
Exploits4References80
Debian CVE
Debian CVE
added 2026/05/06 6:12 p.m.5 views

CVE-2026-7906

Use after free in SVG in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.00267EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-31697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if t...

7.1CVSS7.3AI score0.00126EPSS
Exploits0References3
OSV
OSV
added 2026/04/25 5:50 a.m.6 views

OESA-2026-2105 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6.6AI score0.04938EPSS
Exploits1References26
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

deskflow 安全漏洞

Deskflow is an open-source tool for sharing keyboards and mice across devices. Versions of Deskflow prior to 1.26.0.138 contained security vulnerabilities. These vulnerabilities stemmed from a remote memory security flaw in clipboard deserialization, allowing connected devices to trigger...

8.8CVSS5.8AI score0.00344EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/22 1:14 a.m.7 views

CVE-2026-6785

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149. Some of these bugs showed evidence of memory corrupti...

7.5CVSS5.9AI score0.00513EPSS
Exploits0References5
Rows per page
Query Builder