Lucene search
K

450 matches found

CVE
CVE
added 5 days ago13 views

CVE-2026-57030

CVE-2026-57030 describes a race condition in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series. The vulnerability occurs during flow timeout handling in stateful traffic processing: a race when setting a flow’s timeout can cause the value to be set to an abnormally hig...

8.2CVSS6AI score0.00381EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.12 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS0.00359EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.6 views

CVE-2026-56248

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 12:12 p.m.9 views

EUVD-2026-38431

Cap-go capgo capgo-backend before 12.128.12 contains an unauthenticated denial-of-service vulnerability arising from the auditlogs table's Row-Level Security RLS policy when accessed via the Supabase PostgREST API. Because the PostgreSQL query planner executes costly logic before RLS rejection,...

8.7CVSS5.9AI score0.00359EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: qla2xxx: Fixed a crash that occurred due to stale SRB accesses during I/O timeouts. Ensured that the SRB is returned during the escalation of an I/O timeout error. If this is not possible, the escalation path is failed...

5.5CVSS6.2AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.18 views

PT-2026-49534

Name of the Vulnerable Software and Affected Versions grpc versions 0.3.1 through 0.9.x Description Unauthenticated attackers can exhaust the BEAM memory and crash the server by streaming a large or slow-trickle unary request body. The function read full body/3 in...

8.7CVSS5.3AI score0.00344EPSS
Exploits0References7
Mageia
Mageia
added 2026/06/12 11:28 p.m.15 views

Updated libssh packages fix security vulnerabilities

CVE-2026-0964 Improper sanitation of paths received from SCP servers CVE-2026-0965 The libssh can attempt to read non-regular files when misconfigured, which could cause resource exhaustion or blocking. CVE-2026-0966 Providing 0-length input for the sshgethexa causes 1-byte buffer underflow on...

8.2CVSS5.7AI score0.00582EPSS
Exploits0References7
NVD
NVD
added 2026/06/11 8:16 p.m.17 views

CVE-2026-45802

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

6CVSS0.00259EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 4:41 p.m.18 views

klever-go: REST API slow-header connection exhaustion via Gin Engine.Run

Summary The Klever seednode REST API starts a Gin engine with Engine.RunrestAPIInterface. In Gin v1.9.1, Engine.Run calls Go's default http.ListenAndServe, which constructs an HTTP server without application-level ReadHeaderTimeout, ReadTimeout, or MaxHeaderBytes limits. An unauthenticated client...

5.6AI score0.0005EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 9:15 p.m.13 views

Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2022-29582

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has ...

7CVSS5.8AI score0.00773EPSS
Exploits3References2
OSV
OSV
added 2026/05/26 12:12 p.m.10 views

CLSA-2026-1779797547 Fix CVE(s): CVE-2026-29168

SECURITY UPDATE: fix denial of service in modmd OCSP response handling by enforcing size limit and timeouts - debian/patches/CVE-2026-29168.patch: fix denial of service in modmd OCSP response handling by enforcing size limit and timeouts - CVE-2026-29168...

7.3CVSS5.8AI score0.00628EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:0 p.m.10 views

CVE-2026-47077

Allocation of Resources Without Limits or Throttling vulnerability in benoitc hackney allows Flooding. hackneyh3:awaitresponseloop/6 accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer that resets on every received chunk,...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/05/22 12:0 a.m.36 views

CVE-2026-42626

HP ENVY 5000 series printers (VERBASPP1N003.2237A.00) are affected by a DoS condition caused by improper management of concurrent TCP connections to port 9100 (JetDirect/RAW printing). An unauthenticated remote attacker on the same network can establish a persistent connection and send keep-alive...

5.9CVSS5.8AI score0.0016EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.16 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-excon (UTSA-2026-016618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016618 advisory. In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted such as by a timeout would leave da...

5.9CVSS5.8AI score0.014EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: TCP: Fixed a data race around the sysctltcpthinlineartimeouts function. When reading sysctltcpthinlineartimeouts, it can be changed concurrently. Therefore, we need to add READONCE to its reader...

4.7CVSS6.1AI score0.00181EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel before version 5.17.3, fs/iouring.c contains a use-after-free issue due to a race condition related to iouring timeouts. This issue can be triggered by a local user who does not have access to any user namespace. However, the race condition may only be exploited infrequently...

7CVSS6.7AI score0.00773EPSS
Exploits3References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021647 advisory. In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRTSOCKUPDTIMEOUT when reset transport Since transport-sock has been set to NULL...

5.5CVSS6.6AI score0.00225EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.11 views

PT-2026-41778

Name of the Vulnerable Software and Affected Versions FHIRPathEngine affected versions not specified Description Implementations of FHIRPathEngine evaluate arbitrary FHIRPath expressions without input validation. The functions matches, matchesFull, and replaceMatches pass user-controlled regular...

7.5CVSS6AI score0.00086EPSS
Exploits0References7
NVD
NVD
added 2026/05/13 8:16 p.m.47 views

CVE-2026-44363

MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The htmltomarkdown module accepted arbitrary HTTPS URLs without sufficient validation, which could allo...

5.8CVSS0.00102EPSS
Exploits0References2
Rows per page
Query Builder