Lucene search
K

15097 matches found

RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.9 views

CVE-2026-41926

WDR201A WiFi Extender HW V2.1, FW LFMZX28040922V1.02 contains an OS command injection vulnerability in the firewall.cgi binary across five request handlers that apply insufficient input validation. Attackers can inject arbitrary shell commands through vulnerable parameters like websURLFilter,...

9.3CVSS5.9AI score0.01235EPSS
Exploits0References1
OSV
OSV
added 2026/05/06 6:27 p.m.4 views

GHSA-V2FC-QM4H-8HQV Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

5.3CVSS5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/06 12:39 p.m.4 views

CLSA-2026-1778071148 openssl: Fix of 4 CVEs

CVE-2026-28387: fix use of OPENSSLfree instead of X509free on dane-mcert in danematch X509 reference-count bypass / UAF - CVE-2026-28388: fix NULL deref in checkdeltabase when a delta CRL carries the Delta CRL Indicator extension but lacks a CRL Number - CVE-2026-28389: fix NULL deref in...

9.8CVSS5.8AI score0.00885EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.5 views

EUVD-2026-27818

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

5.8AI score0.00128EPSS
Exploits0References9
EUVD
EUVD
added 2026/05/06 12:30 p.m.7 views

EUVD-2026-27697

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...

5.8AI score0.00123EPSS
Exploits0References9
NVD
NVD
added 2026/05/06 12:16 p.m.6 views

CVE-2026-43200

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...

5.5CVSS0.00123EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.6 views

CVE-2026-43257

In the Linux kernel, the following vulnerability has been resolved: media: cx88: Add missing unmap in sndcx88hwparams In error path, add cx88alsadmaunmap to release resource acquired by cx88alsadmamap...

5.8AI score0.00128EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/06 11:28 a.m.12 views

CVE-2026-43257

The CVE-2026-43257 issue affects the Linux kernel media cx88 driver. The root cause is a missing unmap in snd_cx88_hw_params() in the error path, leading to unreleased resources when cx88_alsa_dma_map() is used. The fix adds cx88_alsa_dma_unmap() in the error path to release the DMA resource and ...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/05/06 11:28 a.m.15 views

CVE-2026-43200

The CVE-2026-43200 issue affects the Linux kernel PCI endpoint functionality. Specifically, pci_primary_epc_epf_unlink() and pci_secondary_epc_epf_unlink() swap parameters in their configfs unlink paths, which can trigger a kernel crash when using unlink in configfs. Red Hat's advisory frames thi...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References7Affected Software1
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.9 views

CVE-2026-43200

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix swapped parameters in pciprimary/secondaryepcepfunlink functions struct configfsitemoperations callbacks are defined like the following: int allowlinkstruct configitem src, struct configitem target; void...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.25 views

CVE-2026-43135 media: cx23885: Add missing unmap in snd_cx23885_hw_params()

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...

0.00123EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/06 11:27 a.m.4 views

CVE-2026-43135

In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Add missing unmap in sndcx23885hwparams In error path, add cx23885alsadmaunmap to release the resource acquired by cx23885alsadmamap...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Veracode
Veracode
added 2026/05/06 8:41 a.m.13 views

Improperly Controlled Modification Of Dynamically-Determined Object Attributes

Apache Camel is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. The vulnerability is due to lack of header filtering when mapping CoAP query parameters to message headers, which allows an attacker to inject malicious headers and execute arbitrary...

10CVSS6AI score0.06157EPSS
Exploits1References15Affected Software3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37475

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the snd cx23885 hw params function. In the error path, the system fails to call cx23885 alsa dma unmap, which is necessary to release the resource previously...

5.5CVSS5.4AI score0.00123EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37597

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak occurs in the Linux kernel within the snd cx88 hw params function. The issue arises because the error path fails to call cx88 alsa dma unmap, which is necessary to releas...

5.5CVSS5.5AI score0.00128EPSS
Exploits0References18
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.11 views

PT-2026-38288

Name of the Vulnerable Software and Affected Versions vLLM versions 0.18.0 through 0.19.1 Description The extract hidden states speculative decoding proposer returns a tensor with an incorrect shape after the first decode step, leading to a RuntimeError that crashes the EngineCore process. This...

6.5CVSS5.8AI score0.00367EPSS
Exploits0References9
NVD
NVD
added 2026/05/05 9:16 p.m.10 views

CVE-2026-39852

Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged users to bypass HTTP...

8.8CVSS0.00432EPSS
Exploits0References9
CVE
CVE
added 2026/05/05 8:58 p.m.34 views

CVE-2026-39852

Summary of CVE-2026-39852 : Quarkus exposes an authorization bypass due to path normalization mismatch between the security layer and RESTEasy Reactive routing, which preserves semicolons (matrix parameters) in the raw URL while routing drops them for endpoint matching. This allows unauthenticate...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2026/05/05 4:16 p.m.17 views

CVE-2026-31196

OS command injection vulnerability in the traceroute diagnostic handler in /bin/httpdclientside in ALTICE LABS / SFR France GR140DG Fibre Router with firmware 3GN8020801R13, 3GN8020802R0A, or 3GN8020803R0A inserts unsanitized user input into a system call, allowing authenticated remote attackers ...

8.8CVSS0.01275EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/05 12:40 p.m.39 views

CVE-2026-30246 github.com/gofiber/fiber/v3 cache middleware can mix responses across query parameters

Fiber is a web framework for Go. In github.com/gofiber/fiber/v3 versions through 3.1.0, the default key generator in the cache middleware uses only the request path and does not include the query string. As a result, requests for the same path with different query parameters can share a cache key...

6.5CVSS0.00251EPSS
Exploits1References3
Rows per page
Query Builder