Lucene search
K

1798 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS0.00123EPSS
Exploits0References2
NVD
NVD
added 5 days ago8 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00137EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

UBUNTU-CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40050

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-57966

Summary (CVE-2026-57966): A path traversal flaw in spice-vdagent allows a malicious/untrusted SPICE host to write arbitrary files on the guest filesystem via an unsanitized filename during file transfers. The vulnerability enables writes with the spice-vdagent process privileges (usually the logg...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-57966 Spice-vdagent: path traversal in file transfer via unsanitized filename

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS0.00137EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-57964

A flaw was found in spice-vdagent. On macOS and BSD platforms, an unprivileged local user can bypass authentication by connecting to the Unix Domain Socket Client/Server UDSCS socket. This allows the unauthorized user to receive host-to-guest messages, including clipboard data and file transfers,...

5.3CVSS5.8AI score
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-40049

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References2
CVE
CVE
added 5 days ago10 views

CVE-2026-57965

CVE-2026-57965 describes a vulnerability in spice-vdagent where an integer overflow in udscs_write() can cause a heap buffer overflow, crashing the spice-vdagent daemon and resulting in a Denial of Service for the guest VM. Exploitation requires a malicious or compromised SPICE host, i.e., an unt...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-57965 Spice-vdagent: integer overflow in udscs_write() leading to heap buffer overflow

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS0.00123EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-57966

A path traversal vulnerability was found in spice-vdagent. This flaw allows a malicious or compromised SPICE host to write arbitrary files to any location on the guest operating system. This occurs because the filename provided by the SPICE host during file transfers is not properly sanitized...

4.4CVSS5.9AI score0.00137EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago4 views

CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.9AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 5 days ago5 views

CVE-2026-57965

A flaw was found in spice-vdagent. A malicious or compromised SPICE host can trigger an integer overflow by sending a specially crafted message. This vulnerability can lead to a heap buffer overflow, causing the spice-vdagent daemon to crash and resulting in a Denial of Service DoS for the virtua...

5.1CVSS5.9AI score0.00123EPSS
Exploits0References3
OSV
OSV
added 2026/06/19 9:42 p.m.9 views

GHSA-4VRG-R928-H5VV SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

3.7CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Qemu

A flaw was discovered in the USB redirector device emulation of QEMU in versions prior to 6.1.0-rc2. This flaw occurs when dropping packets during a bulk transfer from a SPICE client, due to the packet queue being full. A malicious SPICE client could exploit this flaw to call the free function in...

8.5CVSS7.2AI score0.02904EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Spice

A flaw was discovered in the spice library in versions prior to 0.14.92. A DoS tool could make it easier for remote attackers to cause a denial of service resulting in high CPU usage by performing multiple renegotiations within a single connection...

5.3CVSS6.7AI score0.02703EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/06/08 10:59 p.m.5 views

ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +1044 more potentially affected by CVE-2026-44894 via io.netty:netty-codec-classes-quic (>=4.2.10.Final <=4.2.14.Final)

io.netty:netty-codec-classes-quic MAVEN version =4.2.10.Final, =0.1.0, =0.1.0, =0.0.1-alfa, =0.0.1-demo, =6.0.1, =4.0.3-M1, =1.21.9, =1.0.5, =3.6.4, =1.0.1, =26.2.1, =26.6.1 and more Source cves: CVE-2026-44894 Source advisory: OSV:GHSA-CMM3-54F8-PX4J...

7.5CVSS5.7AI score0.00143EPSS
Exploits0
CVE
CVE
added 2026/05/23 6:30 p.m.33 views

CVE-2018-25349

The CVE-2018-25349 vulnerability affects userSpice 4.3.24. A cross-site scripting flaw arises from crafted X-Forwarded-For header values sent to backup.php, with scripts executing when administrators visit the audit log page. This is the explicit impact described in the connected records. No reme...

6.1CVSS5.7AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder