Lucene search
+L

264 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.7 views

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS5.8AI score0.00462EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.4 views

PT-2026-28359

Name of the Vulnerable Software and Affected Versions EVerest versions prior to 2026.02.0 Description EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race C++ undefined behavior triggered by a 1-phase ↔ 3-phase switch request ac switch three phases while charging...

4.2CVSS5.9AI score0.00134EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 3:53 p.m.12 views

Malicious code in nf-promise-state-machine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc012f9411ceaa957f4b364f6b1443d3244155de13f5fc0ccb759ad682bd0ae7 The package nf-promise-state-machine was found to contain malicious code...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/24 3:53 p.m.8 views

MAL-2026-2376 Malicious code in nf-promise-state-machine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc012f9411ceaa957f4b364f6b1443d3244155de13f5fc0ccb759ad682bd0ae7 The package nf-promise-state-machine was found to contain malicious code...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/19 5:10 p.m.4 views

CVE-2026-2645

In wolfSSL 5.8.2 and earlier, a logic flaw existed in the TLS 1.2 server state machine implementation. The server could incorrectly accept the CertificateVerify message before the ClientKeyExchange message had been received. This issue affects wolfSSL before 5.8.4 wolfSSL 5.8.2 and earlier is...

6.9CVSS5.8AI score0.00126EPSS
Exploits0References2
NVD
NVD
added 2026/03/13 7:54 p.m.8 views

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS0.00462EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/03/13 7:19 p.m.5 views

CVE-2026-31814

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. From 0.13.0 to before 0.13.9, a specially crafted WindowUpdate can cause arithmetic overflow in send-window accounting, which triggers a panic in the connection state machine. This is remotely reachable over a normal...

8.7CVSS5.4AI score0.00462EPSS
Exploits1
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.10 views

Yamux 输入验证错误漏洞

Yamux is a multiplexer developed under the open-source Libp2p project in the United States. Versions of Yamux from 0.13.0 to 0.13.9 contained a vulnerability related to input validation errors. This vulnerability stemmed from a specially crafted WindowUpdate that could cause an arithmetic overflo...

8.7CVSS5.9AI score0.00462EPSS
Exploits1References1
Hacker One
Hacker One
added 2026/02/26 2:30 p.m.17 views

curl: Curl Telnet Handler Buffer Overflow

Summary: I found a buffer overflow in curl's telnet protocol handler that allows remote memory corruption without authentication. The bug is in the CURLSBACCUM macro in lib/telnet.c line 69, where the bounds check lets you write one byte past the end of a 512-byte buffer. When curl receives 512+...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the osdfault function not resetting the sparse read state. This could lead to state machine error...

7.5CVSS7AI score0.0028EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/26 10:12 p.m.6 views

CVE-2026-24003 EvseV2G has sequence state validation bypass

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References2
Hacker One
Hacker One
added 2025/11/26 8:34 a.m.22 views

curl: Infinite loop issue in the state machine of the curl project

Summary: Vulnerability impact: When curl attempts to download files from a malicious FTP server, it triggers an infinite loop in the code execution. I discovered this issue in the FTP functionality of the curl project .As described in...

7.6AI score
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/11/18 1:1 a.m.5 views

net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY

...

5.5CVSS8.8AI score0.00159EPSS
Exploits0
Fedora
Fedora
added 2025/11/06 2:24 a.m.9 views

[SECURITY] Fedora 42 Update: qt5-qtscxml-5.15.18-1.fc42

The Qt SCXML module provides functionality to create state machines from SCXM L files. This includes both dynamically creating state machines loading the SCXML file and instantiating states and transitions and generating a C++ file that has a class implementing the state machine. It also contains...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/10/28 11:48 a.m.10 views

CVE-2025-40061 RDMA/rxe: Fix race in do_task() when draining

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in dotask when draining When dotask exhausts its iteration budget !ret, it sets the state to TASKSTATEIDLE to reschedule, without a secondary check on the current task-state. This can overwrite the...

0.00183EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2017-3891

Malware in sbrugna...

7.5CVSS7.6AI score0.01589EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-2811

Malware in sbrugna...

4.3CVSS7.4AI score0.03275EPSS
Exploits1References38
OSV
OSV
added 2025/10/04 12:11 a.m.6 views

RLSA-2025:12187 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird: Incorrect URL stripping in CSP reports CVE-2025-80...

7.5CVSS7.4AI score0.00472EPSS
Exploits0References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-15839

Malicious code in bioql PyPI...

7.6AI score0.00159EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2573

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0076EPSS
Exploits0References7
Rows per page
Query Builder