Lucene search
K

2488 matches found

Cvelist
Cvelist
added 2026/06/25 8:39 a.m.27 views

CVE-2026-53242 ALSA: PCM: Fix wait queue list corruption in snd_pcm_drain() on linked streams

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

7.8CVSS0.00138EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.4 views

CVE-2026-53242

In the Linux kernel, the following vulnerability has been resolved: ALSA: PCM: Fix wait queue list corruption in sndpcmdrain on linked streams sndpcmdrain uses initwaitqueueentry which does not clear entry.prev/next, and addwaitqueue with a conditional removewaitqueue that is skipped when tocheck...

7.8CVSS5.7AI score0.00138EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/24 11:4 p.m.20 views

Malicious code in leo-streams (npm)

The leo-streams npm package was compromised as part of the Miasma worm campaign targeting the LeoPlatform npm ecosystem. On June 24, 2026, 20 LeoPlatform packages were published within a 3-second window by a threat actor who had taken over the npm account czirker belonging to the LeoPlatform...

5.8AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.7 views

CVE-2026-52929

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP stream handling. When an attempt to add outgoing streams is denied, the system fails to fully roll back the associated state. This incomplete rollback can leave behind stale stream metadata, which a subsequent stream...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS0.00394EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.11 views

CVE-2026-52929

The CVE affects the Linux kernel SCTP stream handling. When ADD_OUT_STREAMS is denied, the rollback only shrinks queued chunks and lowers outcnt, leaving removed stream metadata behind. A subsequent re-add can reuse a stale ext and trigger a null-pointer dereference in the scheduler get path, pot...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.40 views

CVE-2026-52929 sctp: stream: fully roll back denied add-stream state

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS0.00394EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38699

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

5.7AI score0.00394EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-52929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves...

7.5CVSS6AI score0.00394EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where the system fails to fully roll back the state when an ADD OUT STREAMS request is denied. In such cases, the system only shrinks queued...

7.5CVSS5.8AI score0.00394EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/23 7:53 p.m.6 views

CVE-2026-12891

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2023-54365

Traefik before 2.10.5 and 3.0.0-beta4 is affected by a denial-of-service vulnerability in HTTP/2 request handling inherited from the Go standard library's HTTP/2 implementation CVE-2023-44487 / CVE-2023-39325, the 'Rapid Reset' technique. A remote attacker can rapidly create and cancel HTTP/2...

8.7CVSS0.00562EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 12:59 p.m.5 views

JLSEC-2026-611 Unbounded HTTP/2 concurrent streams and Rapid Reset denial of service in HTTP.jl server

Description The HTTP.jl HTTP/2 server advertised an empty initial SETTINGS frame, leaving SETTINGSMAXCONCURRENTSTREAMS effectively unlimited, and the HEADERS code path allocated per-stream state, a send-window entry, and a Threads.@spawned handler with no check on the number of open streams...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/06/23 12:59 p.m.4 views

JLSEC-2026-624 HTTP/2 client HPACK desynchronization via header blocks for unknown streams in HTTP.jl

Description The HTTP/2 client's processincomingframe! dropped HEADERS/CONTINUATION frames for stream ids absent from conn.streams without passing the header block through the connection's HPACK decoder. Because HPACK's dynamic table is connection-scoped and mutated as a side effect of decoding ea...

5.9AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51589

Name of the Vulnerable Software and Affected Versions GStreamer gst-plugins-bad affected versions not specified Description A flaw in the H.266 parser occurs when processing a malformed H.266/VVC video stream containing a crafted aspect ratio indicator value. This leads to an out-of-bounds read o...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References15
NVD
NVD
added 2026/06/22 9:16 p.m.8 views

CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 9:16 p.m.4 views

UBUNTU-CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/22 8:28 p.m.23 views

CVE-2026-49460 pypdf: Inefficient decoding of FlateDecode PNG predictor streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...

5.1CVSS0.00117EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 6:16 p.m.10 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits1References1
Rows per page
Query Builder