Lucene search
K

1598 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In the function htabmaplookupanddeletebatch, if htablockbucket returns -EBUSY, the operation proceeds to the next bucket. Moving to the next bucket may not only silently skip...

7.1CVSS5.7AI score0.00149EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Thunderbird

Thunderbird unprotects a secret OpenPGP key before using it for decryption, signing, or key import tasks. If the task fails, the secret key may remain in memory in its unprotected state. This vulnerability affects Thunderbird versions earlier than 78.8.1...

7.5CVSS6.8AI score0.00853EPSS
Exploits1References1
OSV
OSV
added 2026/06/17 2:3 p.m.5 views

GHSA-5JV2-G5WQ-CMR4 vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

Summary Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels csrc/quantization/gguf/ggufkernel.cu causes partial tensor processing. The output tensor is allocated at full size via torch::empty uninitialized memory, but the dequantize CUDA kernel processes only a truncated...

5.3CVSS5.7AI score0.00281EPSS
Exploits0References4
NVD
NVD
added 2026/06/17 1:20 p.m.9 views

CVE-2026-12450

Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS0.00184EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50200

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Media component allows a remote attacker to obtain potentially sensitive information from process memory by using a crafted HTML page...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References38
EUVD
EUVD
added 2026/06/16 12:34 a.m.9 views

EUVD-2026-37026

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

5.6CVSS5.5AI score0.00139EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 6:30 p.m.15 views

Tornado has out-of-bounds memory access via C extension

Summary Tornado's optional native extension tornado.speedups implements websocketmask without validating that the mask argument is exactly four bytes long. The C function reads four bytes from mask unconditionally, even when Python passes a shorter byte string. This can read beyond the provided...

5.3AI score0.00027EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/11 8:48 p.m.32 views

CVE-2026-12033

Out of bounds read in VideoCapture in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the GPU process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.14 views

PT-2026-48762

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.115 Description A use after free issue exists in the Autofill component. This allows a remote attacker who has already compromised the renderer process to obtain potentially sensitive information from...

8.3CVSS5.4AI score0.00227EPSS
Exploits0References41
NVD
NVD
added 2026/06/10 2:16 a.m.16 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS0.00117EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 12:34 a.m.24 views

CVE-2026-45329

ESF-IDF (Espressif IoT Development Framework) contains a vulnerability in ESP-TEE secure-service wrappers (esp_secure_services.c and esp_secure_services_iram.c) affecting versions 5.5.4 and 6.0. Several caller-supplied pointer arguments were not fully validated, allowing inputs to reference TEE-e...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/09 6:9 p.m.19 views

CVE-2026-10045

The CVE-2026-10045 entry affects Shenzhen Kangda Xin Intelligent Network Technology Co. router model DR300 (firmware version 2.1.2.121). The device reportedly ships with hardcoded login credentials and has Telnet enabled by default on both WAN and LAN interfaces, enabling remote read/write of mem...

9.8CVSS5.5AI score0.00209EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 12:33 a.m.13 views

EUVD-2026-35222

Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.5AI score0.00193EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 12:16 a.m.15 views

CVE-2026-11678

Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS0.00177EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2251)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

9.1CVSS6.5AI score0.0043EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : libsoup (EulerOS-SA-2026-2213)

According to the versions of the libsoup packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in libsoup, an HTTP client/server library. This HTTP Request Smuggling vulnerability arises from non-RFC-compliant parsing in th...

9.1CVSS6.5AI score0.0043EPSS
Exploits0References5
Adobe
Adobe
added 2026/06/09 12:0 a.m.13 views

APSB26-62 : Security update available for Adobe Dreamweaver

Adobe has released a security update for Adobe Dreamweaver. This update resolves critical and important vulnerabilities that could lead to arbitrary code execution, memory exposure, and arbitrary file system read...

5.8AI score
Exploits0Affected Software1
Adobe
Adobe
added 2026/06/09 12:0 a.m.23 views

APSB26-58 : Security update available for Adobe InDesign

Adobe has released a security update for Adobe InDesign. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution, application denial-of-service, and memory exposure...

5.8AI score
Exploits0Affected Software1
Adobe
Adobe
added 2026/06/09 12:0 a.m.191 views

APSB26-63 : Security update available for Adobe Acrobat Reader

Adobe has released a security update for Adobe Acrobat and Reader for Windows and macOS. This update addresses critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution, application denial-of-service, and memory exposure...

5.8AI score
Exploits0Affected Software3
CVE
CVE
added 2026/06/08 11:27 p.m.36 views

CVE-2026-11678

Summary: CVE-2026-11678 is an integer overflow in libyuv used by Google Chrome, fixed in version 149.0.7827.103. The issue could allow a remote attacker who has compromised the renderer process to extract potentially sensitive data from process memory via a crafted HTML page. Affected component: ...

5.3CVSS5.5AI score0.00177EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder