Lucene search
K

474 matches found

CVE
CVE
added 2026/03/12 8:27 p.m.57 views

CVE-2026-2229

The CVE affects the undici WebSocket client. It arises from improper validation of the server_max_window_bits parameter in the permessage-deflate extension: isValidClientWindowBits() only checks ASCII digits and not the 8–15 range, and createInflateRaw() is not wrapped in a try-catch. A malicious...

7.5CVSS5.8AI score0.00874EPSS
Exploits0References23Affected Software1
Snyk
Snyk
added 2026/03/12 8:21 p.m.3 views

Uncaught Exception

Overview undici is an An HTTP/1.1 client, written from scratch for Node.js Affected versions of this package are vulnerable to Uncaught Exception in the ByteParser when handling a specially crafted WebSocket frame with an extremely large 64-bit length. An attacker can cause the process to termina...

8.7CVSS5.8AI score0.00488EPSS
Exploits0References2
CVE
CVE
added 2026/03/12 6:27 p.m.137 views

CVE-2026-3497

OpenSSH CVE-2026-3497 concerns a flaw in the GSSAPI Key Exchange patch applied by several Linux distributions, not in the upstream OpenSSH project. The bug occurs when sshpkt_disconnect() is used on an error and does not terminate the process, allowing an attacker to send an unexpected GSSAPI mes...

8.2CVSS6AI score0.0218EPSS
Exploits0References42Affected Software4
NVD
NVD
added 2026/03/11 9:16 p.m.6 views

CVE-2026-1717

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...

6.8CVSS0.00144EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/11 8:22 p.m.4 views

CVE-2026-1717

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...

6.8CVSS5.9AI score0.00144EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 6:16 p.m.6 views

UBUNTU-CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

7.5CVSS5.7AI score0.00453EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.4 views

Lenovo Vantage和Lenovo Baiying 安全漏洞

Lenovo Vantage and Lenovo Baiying are both products of the Chinese company Lenovo. Lenovo Vantage is a computer management application. It supports functions such as driver updates, device status diagnosis, and computer configuration. Lenovo Baiying is an asset management software. Both Lenovo...

6.8CVSS5.8AI score0.00144EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24678

An input validation vulnerability was reported in the LenovoProductivitySystemAddin used in Lenovo Vantage and Lenovo Baiying that could allow a local authenticated user to terminate arbitrary processes with elevated privileges...

6.8CVSS5.9AI score0.00144EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/07 12:0 a.m.10 views

Sliver 代码问题漏洞

Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.7.3 have code vulnerabilities; these vulnerabilities stem from Protobuf deserialization log...

6.5CVSS7.3AI score0.00504EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.10 views

CVE-2026-22716

Out-of-bound write vulnerability in VMware Workstation 25H1 and below on any platform allows an actor with non-administrative privileges on a guest VM to terminate certain Workstation processes...

5CVSS5.9AI score0.00156EPSS
Exploits0References1
CVE
CVE
added 2026/02/27 7:1 p.m.30 views

CVE-2026-22716

CVE-2026-22716 is an out-of-bounds write vulnerability in VMware Workstation 25H1 and earlier. A non-administrative user inside a guest VM can terminate certain Workstation processes. The issue is addressed by patching to 25H2u1 (per the VMSA-2026-0002 advisory), with the vulnerability also refer...

5CVSS6AI score0.00156EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/25 6:11 a.m.6 views

Malicious code in @schedaero/bacon (npm)

Multiple suspicious behaviors: preinstall script exfiltrates data to a suspicious URL, terminates process, and few versions. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e1f79d2ea06bc3905829524120560412e8e875463b5bddeb6bad3a343292c20c The package...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/02/25 6:10 a.m.6 views

Malicious code in @schedaero/net-common (npm)

Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/25 6:10 a.m.3 views

MAL-2026-1229 Malicious code in @schedaero/net-common (npm)

Malicious package due to suspicious preinstall script, data exfiltration via User-Agent, process termination, and a suspicious URL. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2e5e87e24ed2574837f59c3fb4cf21d0c9677b4d5e729f0835fc90a9bf427c4c The package...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/02/24 1:43 a.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the SVG decoding process. An attacker can cause excessive memory consumption and process termination by submitting a specially crafted SVG image file. Remediation A fix was pushed...

8.7CVSS5.6AI score0.00501EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.12 views

PT-2026-21588

Name of the Vulnerable Software and Affected Versions free5GC SMF versions prior to 1.4.2 Description The free5GC Session Management Function SMF, a component of the free5GC 5G mobile core network, is susceptible to a panic and process termination. This occurs due to a nil pointer dereference...

8.7CVSS5.9AI score0.0031EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/02/22 1:25 p.m.7 views

CVE-2026-27486

OpenClaw is a personal AI assistant. In versions 2026.2.13 and below of the OpenClaw CLI, the process cleanup uses system-wide process enumeration and pattern matching to terminate processes without verifying if they are owned by the current OpenClaw process. On shared hosts, unrelated processes...

5.3CVSS5.5AI score0.00292EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/18 5:41 p.m.3 views

Unverified Ownership

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Unverified Ownership via the process cleanup routine. An attacker can cause termination of unrelated system processes by exploiting pattern-based process enumeration without ownership...

5.6CVSS5.6AI score0.00292EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.8 views

PT-2026-21337

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.14 Description OpenClaw is a personal AI assistant. The CLI process cleanup mechanism used system-wide process enumeration and pattern matching to terminate processes without verifying ownership by the current...

5.3CVSS6AI score0.00292EPSS
Exploits0References18
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.4 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
Rows per page
Query Builder