Lucene search
K

11127 matches found

NVD
NVD
added 2026/06/22 4:16 p.m.9 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00317EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:47 p.m.4 views

CVE-2026-9071

IBM WebSphere Application Server 9.0, and 8.5 and IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.6 are vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...

7.5CVSS5.9AI score0.00314EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2026/06/22 2:31 p.m.7 views

CVE-2023-33854

IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data are affected (versions 4.8, 5.0, 5.1, 5.2, 5.3). The issue allows an authenticated user to bypass client-side validation and manipulate input data via man-in-the-middle techniques. Underlying impact is HIGH for integrity, with ...

5.3CVSS5.9AI score0.00188EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2026/06/22 2:16 p.m.12 views

CVE-2026-10561

IBM Langflow OSS 1.0.0 through 1.9.3 has an vulnerability due to an improper isolation of Python execution combined with an authentication bypass that allows an unauthenticated attacker to execute arbitrary code on the host system, resulting in complete compromise...

10CVSS0.00502EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 2:10 p.m.13 views

CVE-2026-7664

Summary: IBM Langflow OSS versions 1.0.0–1.8.4 are affected by an unauthenticated access issue due to improper authorization enforcement on the Streamable MCP transport endpoint, potentially allowing access to protected MCP project resources and execution of MCP operations. Affected products/vers...

9.8CVSS5.9AI score0.00277EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/22 1:55 p.m.34 views

CVE-2026-12549

The CVE-2026-12549 entry concerns GNOME Libsoup (soupserver). A regression after the fix for CVE-2026-2443 replaced specific overflow checks with a general signed comparison. When a client issues a Range request with a suffix length exceeding the content size, the resulting negative start value i...

4.8CVSS5.9AI score0.00317EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 1:55 p.m.7 views

EUVD-2026-38279

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

5.3CVSS6.1AI score0.0043EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:55 p.m.4 views

CVE-2026-12549

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS5.9AI score0.00317EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 1:55 p.m.30 views

CVE-2026-12549 Libsoup: incomplete fix for cve-2026-2443: range suffix overflow in libsoup soupserver

The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sends a Range request with a suffix length exceeding the content size, the resulting negative start value is not properly clamped, leading t...

4.8CVSS0.00317EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:5 p.m.4 views

CVE-2026-12888

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/22 12:8 p.m.2 views

SUSE-SU-2026:2487-1 Security update for rmt-server

This update for rmt-server fixes the following issues - CVE-2026-26961: rack: mismatch in header handling can allow to smuggle multipart content bsc1261398. - CVE-2026-26962: rack: improper unfolding of folded multipart headers can lead to header injection or response splitting bsc1261471. -...

7.5CVSS5.9AI score0.0043EPSS
Exploits0References22
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.7 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/22 4:4 a.m.8 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/22 1:58 a.m.6 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
RedHat Linux
RedHat Linux
added 2026/06/22 1:41 a.m.8 views

kernel: net/sched: act_pedit: extend the writable skb range per key

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

7.8CVSS5.8AI score0.00259EPSS
Exploits9References6
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.17 views

Linux Distros Unpatched Vulnerability : CVE-2026-12549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The fix for CVE-2026-2443 was regressed by a subsequent rework commit that replaced specific overflow checks with a general signed comparison. When a client sen...

5.3CVSS6.1AI score0.0043EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

RHEL 8 : kernel (RHSA-2026:27707)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27707 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the writab...

7.8CVSS6.5AI score0.00259EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

RHEL 9 : kernel (RHSA-2026:27705)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:27705 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: actpedit: extend the writab...

7.8CVSS6.5AI score0.00259EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.10 views

AlmaLinux 8 : kernel (ALSA-2026:27353)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:27353 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...

9.8CVSS6.8AI score0.00353EPSS
Exploits9References10
EUVD
EUVD
added 2026/06/20 6:27 p.m.10 views

EUVD-2026-38129

vLLM versions = 0.10.2 and 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tensor invariant checks by default, an attacker can submit crafted embedding requests with malformed negative or out-of-bounds tensor indices, when the...

8.8CVSS6.1AI score0.00831EPSS
Exploits0References2
Rows per page
Query Builder