Lucene search
K

1374 matches found

Amazon
Amazon
added 2026/04/14 12:0 a.m.9 views

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

8.8CVSS7.8AI score0.21621EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/09 10:35 p.m.12 views

CVE-2026-5503

In TLSXEchChangeSNI, the ctx-extensions branch set extensions unconditionally even when TLSXFind returned NULL. This caused TLSXUseSNI to attach the attacker-controlled publicName to the shared WOLFSSLCTX when no inner SNI was configured. TLSXEchRestoreSNI then failed to clean it up because its...

9.1CVSS5.2AI score0.00393EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/08 9:21 p.m.1 views

CVE-2026-5912

Integer overflow in WebRTC in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Low...

6AI score0.00215EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.9 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006788)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006788 advisory. In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential staticcommandline memory overflow We allocate memory of size 'xlen +...

7.8CVSS6.4AI score0.00279EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 12:24 p.m.6 views

SUSE-SU-2026:1203-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2026-28493: integer overflow in the SIXEL decoder leads to out-of-bounds write bsc1259446. - CVE-2026-28494: missing bounds checks in the morphology kernel parsing functions can lead to a stack buffer overflow bsc1259447. -...

8.1CVSS6AI score0.00475EPSS
Exploits0References41
RedhatCVE
RedhatCVE
added 2026/04/03 1:33 p.m.5 views

CVE-2026-34743

A flaw was found in XZ Utils. When the lzmaindexdecoder function processes an empty index, and a subsequent lzmaindexappend operation is performed, insufficient memory is allocated. This can lead to a buffer overflow, potentially causing a denial of service DoS for affected systems...

6.3CVSS6AI score0.00351EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:19 p.m.1 views

CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS6.1AI score0.00228EPSS
Exploits0References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/02 12:0 a.m.2 views

Security update for postgresql13 (important)

openSUSE security update: security update for postgresql13 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20449-1 Rating: important References: bsc1253332 bsc1253333 Cross-References: CVE-2025-12817 CVE-2025-12818 CVSS scores: CVE-2025-12817 SUSE :...

8.8CVSS6.6AI score0.00332EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 3:24 p.m.3 views

SUSE-SU-2026:20986-1 Security update for postgresql13

This update for postgresql13 fixes the following issues: Security fixes: - CVE-2025-12817: Fixed missing check for CREATE privileges on the schema in CREATE STATISTICS allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts bsc1253332 -...

5.9CVSS6.7AI score0.00332EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2026/03/26 3:54 p.m.9 views

USN-8128-1: CryptX vulnerabilities

It was discovered that CryptX did not verify authentication tags while performing GCM and ChaCha20-Poly1305 decryption. An attacker could possibly use this issue to cause CryptX to accept modified ciphertext, leading to data integrity violations or authentication bypass. This issue only affected...

9.8CVSS5.9AI score0.00489EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/25 7:10 p.m.4 views

CVE-2026-23395

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix accepting multiple L2CAPECREDCONNREQ Currently the code attempts to accept requests regardless of the command identifier which may cause multiple requests to be marked as pending FLAGDEFERSETUP which can cau...

6.3CVSS5.7AI score0.00249EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 3:16 p.m.4 views

ALPINE-CVE-2026-32647

NGINX Open Source and NGINX Plus have a vulnerability in the ngxhttpmp4module module, which might allow an attacker to trigger a buffer over-read or over-write to the NGINX worker memory resulting in its termination or possibly code execution, using a specially crafted MP4 file. This issue affect...

8.5CVSS6.1AI score0.00918EPSS
Exploits0References1
Rosalinux
Rosalinux
added 2026/03/22 9:2 p.m.9 views

Advisory ROSA-SA-2026-3233

software: libcupsfilters 2.0.0 OS: ROSA-CHROME unaffected versions = libcupsfilters-2.0.0.0-8 affected versions libcupsfilters-2.0.0-8 CVE-ID: CVE-2025-57812 BDU-ID: 2025-15977 CVE-Crit: LOW CVE-DESC.: A vulnerability in the cfFilterImageToRaster function of the CUPS print server is related to...

3.7CVSS5.7AI score0.0044EPSS
Exploits1
Elastic
Elastic
added 2026/03/19 4:54 p.m.7 views

Metricbeat 8.19.13, 9.2.5 Security Update (ESA-2026-09)

Memory Allocation with Excessive Size Value in Metricbeat Leading to Denial of Service Memory Allocation with Excessive Size Value CWE-789 in the Prometheus remotewrite HTTP handler in Metricbeat can lead Denial of Service via Excessive Allocation CAPEC-130. Affected Versions: 8.x: All versions...

5.7CVSS5.8AI score0.00179EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/03/18 8:16 p.m.6 views

CVE-2026-31971

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. When reading data encoded using the BYTEARRAYLEN method, the crambytearraylendecode failed to validat...

8.1CVSS6.3AI score0.00336EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/18 8:16 p.m.6 views

CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

8.8CVSS6.2AI score0.00409EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/18 7:38 p.m.5 views

CVE-2026-31968

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data using a variety of encodings and compression methods. For the VARINT and CONST encodings, incomplete validation of the context in which the encodings were...

8.8CVSS6.2AI score0.00409EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 1:1 p.m.3 views

GHSA-C8RR-9GXC-JPRV UltraJSON has an integer overflow handling large indent leads to buffer overflow or infinite loop

Summary ujson.dumps crashes the Python interpreter segmentation fault when the product of the indent parameter and the nested depth of the input exceeds INT32MAX. It can also get stuck in an infinite loop if the indent is a large negative number. Both are caused by an integer overflow/underflow...

7.5CVSS6AI score0.00469EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.8 views

HTSlib 安全漏洞

HTSlib is a C-language library developed by samtools. Versions of HTSlib prior to 1.23.1, 1.22.2, and 1.21.1 have security vulnerabilities. These vulnerabilities stem from the crambytearraylendecode function not verifying the amount of data, which may lead to heap buffer overflows or stack...

8.1CVSS5.9AI score0.00336EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/17 5:58 p.m.1 views

Improperly Controlled Sequential Memory Allocation

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improperly Controlled Sequential Memory Allocation in the Cloud function endpoint. An attacker can cause the server process ...

8.2CVSS5.8AI score0.00512EPSS
Exploits0References2
Rows per page
Query Builder