Lucene search
K

233 matches found

ATTACKERKB
ATTACKERKB
added 2026/04/23 8:35 a.m.3 views

CVE-2026-3259

A Generation of Error Message Containing Sensitive Information vulnerability in the Materialized View Refresh mechanism in Google BigQuery on Google Cloud Platform allows an authenticated user to potentially disclose sensitive data using a crafted materialized view that triggers a runtime error...

7.1CVSS5.7AI score0.00226EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/08 12:17 a.m.7 views

Hono missing validation of cookie name on write path in setCookie()

Summary Cookie names are not validated on the write path when using setCookie, serialize, or serializeSigned to generate Set-Cookie headers. While certain cookie attributes such as domain and path are validated, the cookie name itself may contain invalid characters. This results in inconsistent...

5.9AI score
Exploits0References4Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/06 12:0 a.m.18 views

A Multi-Agent Framework for Automated Exploit Generation with Constraint-Guided Comprehension and Reflection

Open-source libraries are widely used in modern software development, introducing significant security vulnerabilities. While static analysis tools can identify potential vulnerabilities at scale, they often generate overwhelming reports with high false positive rates. Automated Exploit Generatio...

6.1AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/27 6:21 p.m.16 views

Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation

Summary When a Handlebars template contains decorator syntax referencing an unregistered decorator e.g. n, the compiled template calls lookupPropertydecorators, "n", which returns undefined. The runtime then immediately invokes the result as a function, causing an unhandled TypeError: ... is not ...

7.5CVSS6AI score0.00616EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/10 7:16 a.m.8 views

PYSEC-2026-143

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

7.5CVSS7.2AI score0.00403EPSS
Exploits1References1
OSV
OSV
added 2026/01/10 6:39 a.m.7 views

CVE-2026-22773 vLLM is vulnerable to DoS in Idefics3 vision models via image payload with ambiguous dimensions

vLLM is an inference and serving engine for large language models LLMs. In versions from 0.6.4 to before 0.12.0, users can crash the vLLM engine serving multimodal models that use the Idefics3 vision model implementation by sending a specially crafted 1x1 pixel image. This causes a tensor dimensi...

6.5CVSS6.7AI score0.00403EPSS
Exploits1References3
OSV
OSV
added 2026/01/07 8:48 p.m.5 views

CVE-2026-21681 iccDEV has Undefined Behavior runtime error: nan is outside the range .. IccProfLib/IccTagBasic.cpp

iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium ICC color management profiles. Versions prior to 2.3.1.2 have a Undefined Behavior runtime error. This vulnerability affects users of the iccDEV library who...

7.1CVSS6.7AI score0.00172EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

iccDEV 输入验证错误漏洞

iccDEV is an open source color configuration code base from the International Color Consortium. An input validation error vulnerability exists in versions of iccDEV prior to 2.3.1.2 that stems from the presence of an undefined behavior runtime error...

7.1CVSS6.9AI score0.00172EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/17 12:25 a.m.4 views

SUSE CVE-2025-68191

In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister returning an error is just a failed operation, not a kernel...

6.4AI score0.00173EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203705

In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister returning an error is just a failed operation, not a kernel...

5.9AI score0.00173EPSS
Exploits0References8
NVD
NVD
added 2025/12/16 2:15 p.m.4 views

CVE-2025-68191

In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister returning an error is just a failed operation, not a kernel...

0.00173EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.4 views

CVE-2025-68191

In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister returning an error is just a failed operation, not a kernel...

5.9AI score0.00173EPSS
Exploits0References34
OSV
OSV
added 2025/12/16 2:15 p.m.2 views

UBUNTU-CVE-2025-68191

In the Linux kernel, the following vulnerability has been resolved: udptunnel: use netdevwarn instead of netdevWARN netdevWARN uses WARN/WARNON to print a backtrace along with file and line information. In this case, udptunnelnicregister returning an error is just a failed operation, not a kernel...

5.7AI score0.00173EPSS
Exploits0References35
CVE
CVE
added 2025/12/16 1:43 p.m.28 views

CVE-2025-68191

In the Linux kernel, CVE-2025-68191 is addressed by replacing netdev_WARN() with netdev_warn() in udp_tunnel_nic_register(). The old netdev_WARN() prints a backtrace via WARN/WARN_ON, which is inappropriate for an error that is simply a normal memory-allocation failure (kzalloc() or udp_tunnel_ni...

6AI score0.00173EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-6634

Malware in sbrugna...

5CVSS6.4AI score0.01719EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0298

Malware in sbrugna...

5.5CVSS5.3AI score0.00189EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2016-6921

Malware in sbrugna...

5.3CVSS5.5AI score0.02472EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0297

Malware in sbrugna...

5.5CVSS5.3AI score0.00189EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0295

Malware in sbrugna...

5.5CVSS5.3AI score0.00189EPSS
Exploits1References9
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.3 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987394)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987394 advisory. In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venusprobe fails at pmruntimeputsync the...

5.5CVSS5.7AI score0.0025EPSS
Exploits0References4
Rows per page
Query Builder