Lucene search
K

20053 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.7 views

GO-2026-5473 Nuclei: Environment variable disclosure via Response-Derived DSL Expressions in github.com/projectdiscovery/nuclei

Nuclei: Environment variable disclosure via Response-Derived DSL Expressions in github.com/projectdiscovery/nuclei...

7.5CVSS5.8AI score0.00344EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 6:26 p.m.5 views

GO-2026-5170 OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response in github.com/openfga/openfga

OpenFGA: Unauthenticated playground endpoint discloses preshared API key in HTML response in github.com/openfga/openfga...

7.5CVSS5.8AI score0.00286EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/25 4:53 p.m.20 views

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-13223

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one...

6.3CVSS0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-47154

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observe...

7.1CVSS0.00249EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 1:34 p.m.2 views

SUSE-SU-2026:2633-1 Security update for nodejs24

This update for nodejs24 fixes the following issues Update to 24.17.0: - CVE-2026-2581: undici: Undici: Denial of Service due to uncontrolled resource consumption bsc1268480. - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response...

9.8CVSS6AI score0.02806EPSS
Exploits3References43
EUVD
EUVD
added 2026/06/25 1:12 p.m.5 views

EUVD-2026-39378

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce = 1.6.2 versions...

5.4CVSS5.9AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 9:31 a.m.6 views

EUVD-2026-39183

NSD from version 4.13.0 has a heap use-after-free bug in logging errors on TLS connections, causing a crash of the server process, which can be triggered trivially by sending a DNS query over a DoT connection, and closing the connection without reading the response...

8.7CVSS5.8AI score0.00274EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53186

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

9.1CVSS0.00544EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

7.1CVSS0.00242EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

7.1CVSS5.9AI score0.00242EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53208

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: reject BR/EDR signaling packets over MTUsig net/bluetooth/l2capcore.c:l2capsigchannel accepts BR/EDR signaling packets up to the channel MTU and dispatches each command without enforcing the signaling MTU MTUsig...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/25 8:38 a.m.4 views

EUVD-2026-39277

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

6AI score0.00544EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:38 a.m.17 views

CVE-2026-53186

CVE-2026-53186 affects the Linux kernel SRP path in RDMA: the SRP_RSP data length (resp_data_len) is not bounded by the actual received bytes, risking an out-of-bounds read when processing sense data. The copy is capped to 96 bytes, but the source offset can point far past the received data, pote...

9.1CVSS6AI score0.00544EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.10 views

CVE-2026-53186

In the Linux kernel, the following vulnerability has been resolved: RDMA/srp: bound SRPRSP sense copy by the received length srpprocessrsp copies sense data from rsp-data + respdatalen, where respdatalen is the full 32-bit value supplied by the SRP target and is never checked against the number o...

9.1CVSS5.9AI score0.00544EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:38 a.m.26 views

CVE-2026-53148

The CVE affects the Linux kernel Thunderbolt driver (tb_xdp_properties_request) where per-packet copy length is derived from the response header without bounds checking against the allocated data buffer, causing a potential out-of-bounds memcpy and memory corruption. The issue can lead to denial ...

7.8CVSS5.7AI score0.00145EPSS
Exploits0References11Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53148

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without checking that it fits in the previously allocated data buffer. A maliciou...

7.8CVSS5.7AI score0.00145EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39237

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

6AI score0.00242EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:38 a.m.15 views

CVE-2026-53146

CVE-2026-53146 affects the Linux kernel Thunderbolt XDomain handling. tb_xdomain_copy() copies req->response_size bytes from the received packet buffer regardless of the actual frame size, allowing a short response to read past valid frame data into stale DMA contents. The fixed behavior is to...

7.1CVSS6AI score0.00242EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.4 views

CVE-2026-53146

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Limit XDomain response copy to actual frame size tbxdomaincopy copies req-responsesize bytes from the received packet buffer regardless of the actual frame size. When a short response arrives, this reads past the val...

7.1CVSS5.9AI score0.00242EPSS
Exploits0
Rows per page
Query Builder