Lucene search
K

2540 matches found

EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42082

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-58470

GNU Wget through 1.25.0, fixed in commit 43d3ba9, contains an integer overflow vulnerability in the parsecontentrange function within src/http.c that allows server-controlled values to cause signed integer arithmetic to overflow. Attackers can supply malicious Content-Range header values to trigg...

6.9CVSS6.1AI score0.00247EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 6 days ago8 views

SUSE CVE-2026-42327

rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.7 to before 0.10.79, X509Ref::ocspresponders returns OCSP responder URLs from a certificate's AIA extension as OpensslString, whose Deref wraps the raw bytes with str::fromutf8unchecked. OpenSSL does not enforce th...

7.5CVSS6AI score0.00211EPSS
Exploits0References9
PyPA
PyPA
added 6 days ago6 views

Invalid char to bool conversion when printing a tensor

ImpactWhen printing a tensor, we get it's data as a const char array since that's the underlying storage and then we typecast it to the element type. However, conversions from char to bool are undefined if the char is not 0 or 1, so sanitizers/fuzzers will crash. PatchesWe have patched the issue ...

7.5CVSS7.1AI score0.00389EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-1026 Missing validation results in undefined behavior in `QuantizedConv2D`

Impact The implementation of tf.rawops.QuantizedConv2D does not fully validate the input arguments: python import tensorflow as tf input = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 filter = tf.constant1, shape=1, 2, 3, 3, dtype=tf.quint8 bad args mininput = tf.constant, shape=0,...

5.5CVSS5.9AI score0.00332EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-955 Undefined behavior when users supply invalid resource handles

Impact Multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid: python import tensorflow as tf tf.rawops.QueueIsClosedV2handle= python import tensorflow as tf tf.summary.flushwriter= In graph mode, it would have been impossible to perform these...

5.5CVSS5.9AI score0.00317EPSS
Exploits1References11
OSV
OSV
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-1032 Missing validation results in undefined behavior in `SparseTensorDenseAdd

Impact The implementation of tf.rawops.SparseTensorDenseAdd does not fully validate the input arguments: python import tensorflow as tf aindices = tf.constant0, shape=17, 2, dtype=tf.int64 avalues = tf.constant, shape=0, dtype=tf.float32 ashape = tf.constant6, 12, shape=2, dtype=tf.int64 b =...

5.5CVSS6.1AI score0.00338EPSS
Exploits1References11
OSV
OSV
added 2026/06/30 11:30 a.m.3 views

OPENSUSE-SU-2026:21183-1 Security update for nilfs-utils

This update for nilfs-utils fixes the following issues: Changes in nilfs-utils: - CVE-2026-55392: Fixed undefined behavior in nilfssbisvalid bsc1268553...

6.7CVSS5.8AI score0.00105EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 7:1 a.m.7 views

CVE-2026-53151

A flaw was found in the Linux kernel's AFRXRPC subsystem. This vulnerability involves incorrect handling of fragmented UDP packets when parsing the SACK Selective Acknowledgment table. An attacker could potentially craft a fragmented UDP packet to trigger an incorrect buffer access within the...

9.8CVSS5.9AI score0.00497EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/24 8:44 p.m.12 views

CVE-2026-52931

A flaw was found in the batman-adv tpmeter module of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted acknowledgment ACK packet to a node configured as a receiver in an ongoing tpmeter session. This could lead to the use of uninitialized sender...

9.8CVSS5.9AI score0.00404EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

9.8CVSS7AI score0.00418EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, the progressivedecompresstileupgrade function detected mismatches using progressiverfxquantcmpequal, but only emitted a WLogWARN message; execution continued. The wrapped value 247 was used as a shift...

7.5CVSS6.1AI score0.00426EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Firefox

Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149...

9.1CVSS5.8AI score0.00322EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Undefined behavior in the WebRTC: Signaling component. This vulnerability was fixed in Firefox 149, Firefox ESR 140.9, Thunderbird 149, and Thunderbird 140.9...

8.1CVSS7AI score0.00299EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 8:16 a.m.10 views

CVE-2026-52931

In the Linux kernel, the following vulnerability has been resolved: batman-adv: tpmeter: avoid use of uninit sender vars batadvtprecvack and batadvtpstop are only valid for tpvars in the BATADVTPSENDER role. When called with a BATADVTPRECEIVER role, it proceeds to read sender-only members that we...

9.8CVSS0.00404EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 3:41 p.m.4 views

SUSE-SU-2026:2599-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.2AI score0.01073EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/06/22 12:18 p.m.9 views

CVE-2026-55392

A flaw was found in NILFS utilities. An attacker can exploit this vulnerability by supplying a crafted NILFS2 image. This can lead to undefined behavior, oversized shifts, or out-of-memory conditions, ultimately causing a Denial of Service DoS by crashing tools such as nilfs-tune and dumpseg...

6.7CVSS5.8AI score0.00105EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 9:4 a.m.2 views

SUSE-SU-2026:22248-1 Security update for libarchive

This update for libarchive fixes the following issues - CVE-2025-60753: bsdtar hangs and OOMs with zero-length pattern matches bsc1253088. - CVE-2026-4111: logical deadlock the RAR5 filter subsystem and the half-window output limiter leads to infinite loop and DoS bsc1259635. - CVE-2026-4424:...

9.8CVSS7.3AI score0.01073EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.11 views

SUSE CVE-2026-55392

NILFS utilities through 2.3.0, fixed in commit 26efb5d, nilfssbisvalid function fails to validate slogblocksize field in NILFS2 superblock before bit-shift operations. Attackers supplying crafted NILFS2 images trigger undefined behavior through oversized shifts or out-of-memory conditions, crashi...

6.7CVSS5.8AI score0.00105EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 8:27 a.m.6 views

CVE-2026-11576

The security fix for CVE-2025-0728 in eclipse-threadx NetX Duo refactors error handling in the HTTP server PUT process to use a shared cleanup label, but this unified cleanup path unconditionally calls fxfileclose even when the file was never successfully opened. Multiple error branches jump to t...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder