Lucene search
K

20857 matches found

Cvelist
Cvelist
added 2026/06/25 8:38 a.m.26 views

CVE-2026-53172 accel/ethosu: fix IFM region index out-of-bounds in command stream parser

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

7.8CVSS0.00129EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:38 a.m.5 views

EUVD-2026-39263

In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix IFM region index out-of-bounds in command stream parser NPUSETIFMREGION extracts the region index with param & 0x7f, giving a maximum value of 127. However regionsize and outputregion in struct...

5.7AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 a.m.10 views

CVE-2026-53172

The CVE-2026-53172 issue in the Linux kernel’s accel/ethosu component is a local-privilege/heap corruption flaw caused by an incorrect mask (0x7f) when processing NPU_SET_IFM_REGION. This allows a userspace caller to supply a region index > 7, writing up to 1016 bytes past the start of region_...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53151

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...

9.8CVSS5.9AI score0.00481EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.29 views

CVE-2026-53151 rxrpc: Fix the ACK parser to extract the SACK table for parsing

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix the ACK parser to extract the SACK table for parsing Fix modification of the received skbuff in rxrpcinputsoftacks and a potential incorrect access of the buffer in a fragmented UDP packet the packet would probably hav...

9.8CVSS0.00481EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:38 a.m.9 views

CVE-2026-53138

The CVE affects the Linux kernel’s drm/amd/display path. A malformed VBIOS image could cause unbounded iteration during probe due to for(;;) record-chain walks in bios_parser.c/bios_parser2.c, terminating only on a 0xFF sentinel or a zero record_size. In worst cases, this could loop hundreds of t...

5.7AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 7:40 a.m.9 views

BIT-PYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.2AI score0.00229EPSS
Exploits1References7
Nuclei
Nuclei
added 2026/06/25 1:31 a.m.157 views

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...

10CVSS7.4AI score0.99838EPSS
Exploits21References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

RockyLinux 8 : wireshark (RLSA-2023:7015)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7015 advisory. wireshark: RTPS dissector crash CVE-2023-0666 wireshark: VMS TCPIPtrace file parser crash CVE-2023-2856 wireshark: NetScaler file parser crash...

6.5CVSS6.7AI score0.02275EPSS
Exploits4References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52247

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ACK parser of the rxrpc module. In the rxrpc input soft acks function, the AF RXRPC component incorrectly assumes that calling skb condense will always result in a...

9.8CVSS5.9AI score0.00481EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 10:13 p.m.22 views

Security Bulletin: Multiple vulnerabilities in Open Source affect IBM Cloud Pak System

Summary Multiple vulnerabilities in Open Source affect IBM Cloud Pak System. Vulnerability Details CVEID:CVE-2024-21538 DESCRIPTION: Versions of the package cross-spawn before 6.0.6, from 7.0.0 and before 7.0.5 are vulnerable to Regular Expression Denial of Service ReDoS due to improper input...

9.8CVSS6.8AI score0.01009EPSS
Exploits4Affected Software1
NVD
NVD
added 2026/06/24 6:17 p.m.16 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS0.0035EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 6:17 p.m.10 views

CVE-2026-44020

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

9.4CVSS0.00334EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 6:17 p.m.3 views

UBUNTU-CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/24 5:45 p.m.6 views

CVE-2026-44020 Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. From 2.13.0 until 2.74.0, the USPTO patent XML parser used the standard xml.sax.parseString without protection against XML External Entity XXE attacks. An attacker could...

7.5CVSS6AI score0.00334EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 5:45 p.m.46 views

CVE-2026-44020

Docling (USPTO patent XML parsers in the Docling stack) contains an XXE vulnerability in the XML parser used by the USPTO patent formats. From 2.13.0 through 2.74.0, the USPTO patent XML parser used xml.sax.parseString() without protections against external entity references, enabling attackers t...

9.4CVSS6AI score0.00334EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 5:5 p.m.5 views

CVE-2026-49851

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, Mistune is vulnerable to a CPU exhaustion DoS due to superlinear approximately On² behavior in parselinktext. When parsing Markdown containing many consecutive characters, parselinktext repeatedly scans the input usin...

8.7CVSS5.9AI score0.0035EPSS
Exploits0
CVE
CVE
added 2026/06/24 4:28 p.m.11 views

CVE-2026-52974

Summary of CVE-2026-52974 (Linux kernel net: tls): The leak is a memory leak in the TLS offload RX path where, if tls_set_device_offload_rx() fails in tls_dev_add(), the cleanup path does not free the anchor skb allocated in tls_strp_init(). This occurs in the “failed to start offload” code path ...

7.5CVSS5.8AI score0.00506EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Bypass of mitigation mechanisms in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS5.8AI score0.00552EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Staging: rtl8723bs: Fix for out-of-bounds read in rtwgetie parser. The Information Element IE parser rtwgetie trusted the length byte of each Information Element without verifying that the IE body len bytes after the 2-byte heade...

5.8AI score0.00176EPSS
Exploits0References3
Rows per page
Query Builder