Lucene search
K

12400 matches found

Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53991

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated remote attacker can repeatedly send crafted connection requests to cause a memory leak. In single-process deployments, the memory consumption...

8.7CVSS6AI score0.00379EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/29 4:44 a.m.9 views

CVE-2026-54233

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. A remote attacker could exploit a vulnerability in the /v1/audio/transcriptions endpoint. By uploading a specially crafted compressed audio file, such as an OPUS file, the attacker could cause the system to...

6.5CVSS5.8AI score0.00243EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 9:1 p.m.7 views

GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction

internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...

6.9CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 2026/06/26 12:32 a.m.8 views

EUVD-2025-210343

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

10CVSS6.7AI score0.00639EPSS
Exploits1References3
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5758 containerd CRI — image-config `LABEL` flows to restart-monitor `binary://` logger: host-root command execution from an image pull in github.com/containerd/containerd

containerd CRI — image-config LABEL flows to restart-monitor binary:// logger: host-root command execution from an image pull in github.com/containerd/containerd...

9.4CVSS6AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 7:34 p.m.5 views

CVE-2026-40983

A flaw was found in Micrometer. A remote attacker can provide specially crafted gRPC gRPC Remote Procedure Call requests, which may lead to a denial-of-service DoS condition. This vulnerability allows an attacker to disrupt the availability of the affected system. Mitigation To mitigate this issu...

7.5CVSS5.9AI score0.00474EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.6 views

keycloak: Keycloak: Unauthorized account access via replayed refresh tokens after cluster restart

A flaw was found in Keycloak. When revokeRefreshToken=true is enabled and persistent session storage is in use, a server restart can reset internal timing mechanisms. This allows a remote attacker, who has previously captured a user's refresh token, to replay that token even after it has been...

6.8CVSS5.8AI score0.00305EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/25 2:20 a.m.9 views

SUSE CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

7CVSS5.8AI score0.00335EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.19 views

PT-2026-52616

Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...

10CVSS6.7AI score0.00639EPSS
Exploits1References10
EUVD
EUVD
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38954

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenettimeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along...

5.7AI score0.00386EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.29 views

CVE-2026-53086 net: bcmgenet: fix racing timeout handler

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix racing timeout handler The bcmgenettimeout handler tries to take down all tx queues when a single queue times out. This is over zealous and causes many race conditions with queues that are still chugging along...

9.8CVSS0.00386EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, there was an integer underflow vulnerability in the ppdCreateFromIPP function cups/ppd-cache.c. This vulnerability allowed any unprivileged local user to crash the...

6.2CVSS5.8AI score0.00154EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS0.00335EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.4 views

UBUNTU-CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS5.6AI score0.00335EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS5.7AI score0.00335EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.33 views

CVE-2026-52924

The CVE-2026-52924 entry describes a Linux kernel SCTP use-after-free vulnerability triggered during Stale COOKIE-ECHO handling. In COOKIE_WAIT transitions, sctp_stream_update() can leave a stale out_curr pointer after rolling back from COOKIE_ECHOED to COOKIE_WAIT, so scheduler paths (FCFS/RR/PR...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References11Affected Software1
OSV
OSV
added 2026/06/24 7:14 a.m.1 views

CVE-2026-52924 sctp: purge outqueue on stale COOKIE-ECHO handling

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS5.8AI score0.00335EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.20 views

PT-2026-51980

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The bcmgenet timeout handler incorrectly attempts to shut down all transmit tx queues when only a single queue experiences a timeout. This behavior creates race conditions—situations whe...

9.8CVSS5.8AI score0.00386EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/22 2:7 p.m.12 views

CVE-2026-12205

A flaw was found in Crypt::DSA, a Perl module for Digital Signature Algorithm DSA cryptography. This vulnerability occurs because the software reuses a unique random number, known as a nonce, for multiple digital signatures generated with the same cryptographic key. An attacker could exploit this...

9.1CVSS5.8AI score0.00289EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/22 12:21 p.m.6 views

CVE-2026-50589

A flaw was found in OpenStack Ironic. An unauthenticated malicious user could exploit this vulnerability by submitting a specially crafted JSON JavaScript Object Notation string to certain API Application Programming Interface or JSON-RPC Remote Procedure Call service endpoints. This could lead t...

7.5CVSS5.8AI score0.00433EPSS
Exploits0References4
Rows per page
Query Builder