Lucene search
K

27 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-23821

A vulnerability in the configuration processing logic of Access Points running AOS-10 could allow an authenticated remote attacker to execute system commands under certain pre-existing conditions. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying...

7.2CVSS6AI score0.00616EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.11 views

PT-2026-41293

Name of the Vulnerable Software and Affected Versions Imager::File::GIF versions prior to 1.003 Description Imager::File::GIF for Perl allows a heap out of bounds OOB write when processing crafted multi-frame GIF files. This occurs because the i readgif multi low function allocates a single per-r...

5.3CVSS5.9AI score0.00193EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/05/06 3:10 p.m.11 views

CVE-2026-43114

A flaw was found in the Linux kernel's netfilter component. This vulnerability, located in the nftsetpipapoavx2 functionality, is caused by incorrect data processing during AVX2 matching operations. This can lead to the system incorrectly identifying or matching network data entries within...

9.4CVSS5.8AI score0.00356EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.12 views

openSUSE 16 Security Update : qemu (openSUSE-SU-2026:20567-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20567-1 advisory. Update to version 10.0.9. Security issues fixed: - CVE-2026-3196: unbounded memory allocation and host denial-of-service via PCMINFO requests se...

7.4CVSS5.7AI score0.00126EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.4 views

CVE-2026-33297

WWBN AVideo is an open source video platform. Prior to version 26.0, the setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numer...

9.1CVSS5.8AI score0.00342EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/15 7:2 p.m.5 views

CVE-2026-4186

A vulnerability was determined in UEditor up to 1.4.3.2. This issue affects some unknown processing of the file php/controller.php?action=uploadimage of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated...

5.1CVSS4.1AI score0.00244EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/22 12:0 a.m.4 views

Debian dla-4488 : modsecurity-crs - security update

The remote Debian 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dla-4488 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4488-1 [email protected]...

9.8CVSS5.8AI score0.13124EPSS
Exploits4References6
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

@adonisjs/lucid 安全漏洞

@adonisjs/lucid is a database object-relational mapping library open-sourced by the AdonisJS Framework. Versions of @adonisjs/lucid before 10.1.3 and versions before 11.0.0-next.9 have security vulnerabilities. These vulnerabilities stem from processing logic for multiple parts of the file, which...

7.5CVSS5.8AI score0.00491EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/05 12:0 a.m.3 views

Amazon Linux 2023 : mod_security_crs (ALAS2023-2026-1399)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1399 advisory. The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when...

9.3CVSS5.9AI score0.13124EPSS
Exploits4References4
RedHat Linux
RedHat Linux
added 2026/01/27 6:7 p.m.7 views

php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images

A flaw was found in PHP. The getimagesize function may leak uninitialized heap memory when processing images in multi-chunk mode, such as through php://filter. This vulnerability, caused by a bug in phpreadstreamallchunks that overwrites the buffer without advancing the pointer, allows an attacke...

7.5CVSS5.8AI score0.00474EPSS
Exploits3References5
OSV
OSV
added 2026/01/16 11:59 a.m.6 views

OESA-2026-1105 mod_security_crs security update

The base rules are provided for modsecurity by this package. Security Fixes: The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 4.22.0 and 3.3.8, the current rule 922110 has a bug when processing multipart...

9.3CVSS6.8AI score0.13124EPSS
Exploits4References2
OSV
OSV
added 2025/11/25 12:15 a.m.4 views

UBUNTU-CVE-2025-64720

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG Portable Network Graphics raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in pngimagereadcomposite when processing palette images with PNGFLAGOPTIMIZEALP...

7.1CVSS6.4AI score0.00281EPSS
Exploits4References7
Tenable Nessus
Tenable Nessus
added 2025/10/08 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2022-50490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htablockbucket to userspace In htabmaplookupanddeletebatch if...

7.1CVSS6.4AI score0.00149EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/10/06 7:1 a.m.4 views

A week in security (September 29 – October 5)

Last week on Malwarebytes Labs: From threats to apology, hackers pull child data offline after public backlash Your Meta AI conversations may come back as ads in your feed Scam Facebook groups send malicious Android malware to seniors Sendit tricked kids, harvested their data, and faked messages,...

6.8AI score
Exploits0
NVD
NVD
added 2025/09/19 4:15 p.m.21 views

CVE-2025-39848

In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25kissrcv Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d "net: introduce per netns packet chains". skb-dev becomes NULL and we crash in netifreceiveskbcore. Before...

5.5CVSS0.00149EPSS
Exploits0References11
Redos
Redos
added 2024/03/13 12:0 a.m.14 views

ROS-2-1681

2.1681 Vulnerability in Mozilla Thunderbird email client CVE-2021-29964, CVE-2021-29967 1. Vulnerability description: CVE-2021-29964 A vulnerability in the Mozilla Thunderbird email client, is related to boundary conditions. Exploitation of the vulnerability could allow an attacker acting remotel...

8.8CVSS9AI score0.01368EPSS
Exploits0
OSV
OSV
added 2024/03/04 6:15 p.m.1 views

DEBIAN-CVE-2021-47099

In the Linux kernel, the following vulnerability has been resolved: veth: ensure skb entering GRO are not cloned. After commit d3256efd8e8b "veth: allow enabling NAPI even without XDP", if GRO is enabled on a veth device and TSO is disabled on the peer device, TCP skbs will go through the NAPI...

6CVSS5.4AI score0.00209EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/04/20 12:0 a.m.5 views

The vulnerability of the DNS BIND server, related to the lack of use of the assert() function, allows a hacker to trigger a service failure.

The vulnerability of the BIND DNS server relates to the processing of the Write Directive DS. BIND waits for this processing to complete, or until the timeout interval expires. As a result, the resumedslookup function is called, but it does not check whether the previous selection has been...

7.8CVSS6.4AI score0.01285EPSS
Exploits0References6Affected Software3
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.6 views

SUSE CVE-2016-6508

epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 uses an incorrect integer data type, which allows remote attackers to cause a denial of service large loop via a crafted packet...

5.9CVSS7.4AI score0.02349EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:10 a.m.3 views

SUSE CVE-2019-14192

An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a netprocessreceivedpacket integer underflow during an ncinputpacket call...

6.3CVSS9.5AI score0.02666EPSS
Exploits0References9
Rows per page
Query Builder