Lucene search
+L

525 matches found

AlpineLinux
AlpineLinux
added 2026/05/20 9:17 a.m.10 views

CVE-2026-32792

NLnet Labs Unbound 1.6.2 up to and including version 1.25.0 has a denial of service vulnerability when compiled with DNSCrypt support '--enable-dnscrypt'. A bad DNSCrypt query could underflow Unbound's DNSCrypt packet reading procedure that may lead to heap overflow. A malicious actor can exploit...

8.2CVSS6AI score0.00337EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: memblock: The memory allocated before it is used in memblockdoublearray was accepted. When increasing the array size in memblockdoublearray, if the slab is not yet available, a call to memblockfindinrange is used to...

5.5CVSS6.5AI score0.00148EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Firefox

A maliciously crafted favicon could lead to a memory-out-of-control crash. This vulnerability affects Firefox versions earlier than 113...

7.5CVSS6.4AI score0.00761EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba. Spaces used in a string surrounding a domain name can, when ignored, cause invalid DN strings to write a zero-byte into out-of-bounds memory, resulting in a crash. The greatest threat of this vulnerability is to system availability...

7.5CVSS6.8AI score0.03833EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/15 12:57 p.m.15 views

CVE-2026-41648

A flaw was found in Incus. An authenticated user could provide a specially crafted image or backup tarball. When parsed, these files would load excessively large YAML documents into memory due to a lack of size restrictions. This could lead to a denial of service DoS by consuming all available...

5.3CVSS5.8AI score0.00269EPSS
Exploits1References2
CVE
CVE
added 2026/05/13 12:40 p.m.17 views

CVE-2026-8463

Crypt::Argon2 for Perl (versions 0.017 before 0.031) contains a heap out-of-bounds read in argon2_verify when given an empty encoded input. The auto-detect path passes encoded_len-1 to memchr without ensuring encoded_len is non-zero; with an empty string this underflows to SIZE_MAX and may cause ...

5.3CVSS5.8AI score0.00327EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/12 12:31 a.m.12 views

EUVD-2026-29290

barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...

7.1CVSS5.8AI score0.0025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.22 views

PT-2026-44975

Name of the Vulnerable Software and Affected Versions cpp-httplib versions prior to 0.43.4 Description A flaw exists in the way the library handles chunked Transfer-Encoding. The read payload function in httplib.h uses std::strtoul to parse the chunk-size field. Because std::strtoul accepts leadi...

7.8CVSS5.8AI score0.00327EPSS
Exploits1References7
OSV
OSV
added 2026/05/11 5:44 a.m.13 views

BIT-GOLANG-2026-33811 Crash when handling long CNAME response in net

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References37
Cvelist
Cvelist
added 2026/05/09 4:3 a.m.72 views

CVE-2026-41311 LiquidJS is vulnerable to Denial of Service via circular block reference in layout

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block reference in % layout % / % block % causes an infinite recursive loop, consuming all available memory 4GB and crashing the Node.js process with FATAL ERROR: JavaScript he...

7.5CVSS0.00382EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/05/09 1:25 a.m.10 views

CVE-2026-43464

A flaw was found in the Linux kernel's mlx5e driver. When using eXpress Data Path XDP multi-buffer programs, an attacker could manipulate the XDP buffer layout. This manipulation leads to incorrect tracking of page fragments, causing a critical error in memory management. The issue can result in ...

7.5CVSS5.7AI score0.00402EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/09 12:0 a.m.10 views

liquidjs 安全漏洞

liquidjs is a simple, expressive, secure and Shopify-compatible pure JavaScript template engine by Jun Yang, a personal developer. A security vulnerability exists in liquidjs versions prior to 10.25.7, which stems from a circular block reference that leads to an infinite recursive loop, consuming...

7.5CVSS5.8AI score0.00382EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.10 views

CVE-2026-33811

When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/07 5:22 p.m.13 views

CVE-2026-37555

A flaw was found in the libsndfile library. An integer overflow in the IMA ADPCM codec can occur when a specially crafted WAV audio file is processed, specifically with malicious samplesperblock and blocks values. This can lead to a heap-based buffer overflow, causing a crash to the application...

8.2CVSS6AI score0.00504EPSS
Exploits1References5
NVD
NVD
added 2026/05/07 2:16 p.m.16 views

CVE-2026-41648

Incus is a system container and virtual machine manager. Prior to version 7.0.0, user provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when...

5.3CVSS0.00269EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/06 7:38 p.m.12 views

CVE-2026-43163

A flaw was found in the Linux kernel's md/bitmap component. This vulnerability involves a use-after-free race condition that occurs during array resize operations. When the bitmapdaemonwork and bitmapresize functions execute concurrently, they can access memory pages that have already been freed...

4.7CVSS5.9AI score0.00091EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/05 1:46 a.m.8 views

SUSE CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS5.9AI score0.00225EPSS
Exploits0References8
NVD
NVD
added 2026/05/04 7:16 p.m.29 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS0.00761EPSS
Exploits0References28
AlpineLinux
AlpineLinux
added 2026/05/04 6:13 p.m.12 views

CVE-2026-42154

Prometheus is an open-source monitoring system and time series database. Prior to versions 3.5.3 and 3.11.3, the remote read endpoint /api/v1/read does not validate the declared decoded length in a snappy-compressed request body before allocating memory. An unauthenticated attacker can send a sma...

7.5CVSS5.8AI score0.00761EPSS
Exploits0
NVD
NVD
added 2026/04/30 9:16 p.m.14 views

CVE-2026-28532

FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16t accumulator variable truncates uint32t values returned by the TLVSIZE macro, causing the loop termination condition to fail while pointer...

6.5CVSS0.00225EPSS
Exploits0References4
Rows per page
Query Builder