Lucene search
K

565 matches found

OSV
OSV
added 2026/06/03 4:16 p.m.8 views

UBUNTU-CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.2AI score0.00343EPSS
Exploits0References3
OSV
OSV
added 2026/06/02 11:16 p.m.12 views

UBUNTU-CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in a loop over all DNS Subject Alternative Name SAN entries. This caused strings.Splithost, "." to execute repeatedly on the same input hostname. With a large DNS SAN list, verification costs scaled quadratically based on the number...

7.5CVSS5.5AI score0.00939EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:17 p.m.12 views

DEBIAN-CVE-2026-46055

In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdragon X1 we see a string buffer overrun: BUG: KASAN: slab-out-of-bounds in aadfamatch...

7.1CVSS5.8AI score0.0015EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:17 p.m.11 views

DEBIAN-CVE-2026-46011

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtkjpegrelease function frees the context structure ctx without first cancelling any pending or running work in ctx-jpegwork. This creates a race...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 2:17 p.m.14 views

DEBIAN-CVE-2026-45949

In the Linux kernel, the following vulnerability has been resolved: hwrng: core - use RCU and workstruct to fix race condition Currently, hwrngfill is not cleared until the hwrngfillfn thread exits. Since hwrngunregister reads hwrngfill outside the rngmutex lock, a concurrent hwrngunregister may...

4.7CVSS5.7AI score0.00088EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 10:7 a.m.14 views

RHSA-2026:20586 Red Hat Security Advisory: thunderbird security update

Bulletin has no description...

8.8CVSS5.9AI score0.00375EPSS
Exploits0References27
OSV
OSV
added 2026/05/20 12:0 a.m.8 views

UBUNTU-CVE-2026-41292

NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of incoming EDNS options. An adversary sending queries with too many EDNS options can hold Unbound threads hostage while they are parsing and creating internal data...

8.7CVSS5.8AI score0.00556EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2026/05/19 2:34 p.m.10 views

0lever-utils (>=0.0.2 <=0.0.7), 2keys (=0.5.1) +5826 more potentially affected by CVE-2026-45409 via idna (>=2.0.0 <=3.14.0)

idna PYPI version =2.0.0, =0.0.2, =0.0.1a0, =0.0.2, =0.0.6, =0.1.0, =0.1.3, =0.0.3, =19.11.0, =0.2.0rc1, =1.1.0rc1 and more Source cves: CVE-2026-45409 Source advisory: OSV:GHSA-65PC-FJ4G-8RJX...

6.9CVSS6.2AI score0.00408EPSS
Exploits0
OSV
OSV
added 2026/05/18 7:12 p.m.13 views

MGASA-2026-0147 Updated rclone packages fix security vulnerabilities

This update bring new features, bugs and vulnerabilities fixed in rclone and golang components used to build it...

10CVSS7.1AI score0.93305EPSS
Exploits16References35
OSV
OSV
added 2026/05/08 7:23 a.m.8 views

MAL-2026-3382 Malicious code in solana-wallet-utils (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0fafa4851b72650b6cb905d88ab0e9ac73276e188d44bf1ff2cb010eb6945c59 Code pretends to be a crypto utility but exfiltrates given private key / seed --- Category: MALICIOUS - The campaign has clearly malicious intent, like...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/05/07 10:7 a.m.7 views

RHSA-2026:13978 Red Hat Security Advisory: libsoup security update

Bulletin has no description...

5.9CVSS5.7AI score0.00254EPSS
Exploits1References8
vulnersOsv
vulnersOsv
added 2026/05/06 9:43 p.m.9 views

a-mailx (=0.1.0), aaa-ml-datasets-course (=1.0.0) +103 more potentially affected by CVE-2026-42557 via notebook (>=7.0.0 <=7.5.5)

notebook PYPI version =7.0.0, =0.0.7, =1.0.1, =0.1.0, =1.6.4, =0.1.0, =0.0.1, =0.1.0, =0.0.1, =0.1.8, =0.0.2, =0.0.6 - compare-my-stocks =1.0.5 and more Source cves: CVE-2026-42557 Source advisory: OSV:GHSA-MQCG-5X36-VFCG...

9.6CVSS5.7AI score0.00386EPSS
Exploits0
OSV
OSV
added 2026/05/06 2:44 p.m.7 views

BIT-JAVA-2023-41074

The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution...

8.8CVSS7.5AI score0.03609EPSS
Exploits0References17
OSV
OSV
added 2026/05/06 12:16 p.m.10 views

UBUNTU-CVE-2026-43124

In the Linux kernel, the following vulnerability has been resolved: pstore: ramcore: fix incorrect success return when vmap fails In persistentramvmap, vmap may return NULL on failure. If offset is non-zero, adding offsetinpagestart causes the function to return a non-NULL pointer even though the...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References11
OSV
OSV
added 2026/05/01 3:16 p.m.6 views

DEBIAN-CVE-2026-31755

In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in epqueue When the gadget endpoint is disabled or not yet configured, the ep-desc pointer can be NULL. This leads to a NULL pointer dereference when cdns3gadgetepqueue is called,...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/05/01 1:54 p.m.9 views

JLSEC-2026-374

VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding...

7.5CVSS6.9AI score0.01936EPSS
Exploits0References20
OSV
OSV
added 2026/04/30 7:16 a.m.8 views

UBUNTU-CVE-2026-5408

BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service...

5.5CVSS5.8AI score0.00143EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 12:44 p.m.10 views

CLSA-2026-1776948287 vim: Fix of CVE-2022-3234

CVE-2022-3234 fix heap buffer overflow in opreplace when replacing NUL after Tab in virtualedit mode...

7.8CVSS7.3AI score0.00501EPSS
Exploits1References1
OSV
OSV
added 2026/04/23 2:16 a.m.8 views

UBUNTU-CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

10CVSS6.2AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2026/04/22 2:16 p.m.4 views

DEBIAN-CVE-2026-31513

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2capecredconnreq Syzbot reported a KASAN stack-out-of-bounds read in l2capbuildcmd that is triggered by a malformed Enhanced Credit Based Connection Request. The vulnerability...

8.1CVSS5.5AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder