Lucene search
K

12659 matches found

CVE
CVE
added 2026/05/23 11:44 a.m.273 views

CVE-2026-46300

The CVE-2026-46300 issue affects the Linux kernel's net: skbuff code: skb_try_coalesce() can transfer paged frags from one skb to another while losing the SKBFL_SHARED_FRAG marker, breaking the invariant relied on by ESP decryption logic. This can allow an in-place decrypt path to operate on page...

7.8CVSS6AI score0.03663EPSS
Exploits11References46Affected Software1
Debian CVE
Debian CVE
added 2026/05/23 11:44 a.m.12 views

CVE-2026-43503

In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers pskbcopyfclone and skbshift fail to propagate the SKBFLSHAREDFRAG bit in skbshinfo-flags when moving frags from source to...

8.8CVSS5.7AI score0.0013EPSS
Exploits7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 8:2 a.m.12 views

Malicious code in cloudpivot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4bd95ac92732da86e3ec63771e124da83ea8d98e1dd2f6636ab3d8dde76ab34c On npm install, the package.json preinstall hook runs wget against http://194.120.24.50:7374 with query parameters carrying $whoami, $pwd, $hostname,...

5.9AI score
Exploits0References2
CheckPoint Security
CheckPoint Security
added 2026/05/23 12:0 a.m.28 views

CVE-2026-48135 - HTTP service can incorrectly process malformed HTTP requests

Cause An input-handling issue in the HTTP request processing path. Symptoms - A Check Point HTTP-based service, such as Mobile Access Portal or Identity Awareness Portals except for Captive Portal, can incorrectly handle malformed HTTP requests. Gaia Portal is not affected by this issue. - The...

5.3CVSS5.6AI score0.02607EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 7:21 p.m.20 views

Security Bulletin: Multiple vulnerabilities in Aspera applications.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 and IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer...

9.8CVSS6.8AI score0.0058EPSS
Exploits0Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.4 views

com.github.vindell:spring-boot-starter-cxf-jaxws-plus (>=1.0.0.RELEASE <=1.0.2.RELEASE), org.apache.cxf:apache-cxf (>=3.3.0 <=3.6.10) +1 more potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=3.2.4 <=3.6.10)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =3.2.4, =1.0.0.RELEASE, =3.3.0, =3.4.0, =3.6.10 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...

5.3CVSS5.4AI score0.00338EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.7 views

org.apache.cxf:apache-cxf (=4.2.0), org.apache.cxf:cxf-distribution-javadoc (=4.2.0) potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (=4.2.0)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =4.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.cxf:cxf-rt-ws-transfer and may be impacted: - org.apache.cxf:apache-cxf =4.2.0 - org.apache.cxf:cxf-distribution-javadoc =4.2.0 Source cve...

5.3CVSS5.4AI score0.00338EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/22 3:47 p.m.5 views

org.apache.cxf:apache-cxf (>=4.0.0 <=4.1.5), org.apache.cxf:cxf-distribution-javadoc (>=4.0.0 <=4.1.5) potentially affected by CVE-2026-44618 via org.apache.cxf:cxf-rt-ws-transfer (>=4.0.0 <=4.1.5)

org.apache.cxf:cxf-rt-ws-transfer MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.1.5 Source cves: CVE-2026-44618 Source advisory: SNYK:JAVA-ORGAPACHECXF-17115402...

5.3CVSS5.4AI score0.00338EPSS
Exploits0
OSV
OSV
added 2026/05/22 1:17 p.m.12 views

OESA-2026-2371 perl-HTTP-Tiny security update

This is a very simple HTTP/1.1 client, designed for doing simple requests without the overhead of a large framework like LWP::UserAgent. Security Fixes: HTTP::Tiny versions before 0.093 for Perl do not validate CRLF in HTTP request lines or control field header values. The unvalidated inputs are...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/05/22 1:16 p.m.16 views

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS0.00338EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/22 1:11 p.m.8 views

CVE-2026-43620

A flaw was found in rsync. A malicious rsync server can exploit an out-of-bounds read vulnerability in the recvfiles function. By manipulating compatibility flags and transfer records, the server can cause a connecting client to attempt to read memory outside of allocated bounds. This can lead to...

6.9CVSS5.7AI score0.00503EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:17 p.m.9 views

CVE-2026-44618

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 12:17 p.m.16 views

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.7AI score0.00338EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:17 p.m.19 views

EUVD-2026-31434

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References1
CVE
CVE
added 2026/05/22 12:17 p.m.25 views

CVE-2026-44618

Technical details for CVE-2026-44618 are not publicly available in the provided documents. The records mention an XXE vulnerability in Apache CXF WS-Transfer and upgrade versions, but no further specifics are provided. Monitor for updates.

5.3CVSS5.7AI score0.00338EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/22 12:17 p.m.39 views

CVE-2026-44618 Apache CXF: XXE vulnerability in WS-Transfer functionality

Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...

0.00338EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/22 5:57 a.m.15 views

Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM DevOps Code ClearCase [CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032]

Summary IBM HTTP Server IHS is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. CVE-2026-24072, CVE-2026-28780, CVE-2026-34059, CVE-2026-33523, CVE-2026-41080, CVE-2026-33857, CVE-2026-34032...

9.8CVSS5.8AI score0.01325EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.6 views

SUSE CVE-2026-42000

Insufficient Validation of Names During AXFR...

8.6CVSS5.8AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/22 2:20 a.m.7 views

SUSE CVE-2026-42396

Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail...

4.9CVSS5.8AI score0.00353EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.11 views

Apache CXF 安全漏洞

Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from an insecure XML parser...

5.3CVSS5.9AI score0.00338EPSS
Exploits0References2
Rows per page
Query Builder