Lucene search
K

158907 matches found

Chainguard
Chainguard
added 2026/05/22 7:18 p.m.10 views

GHSA-8RM2-7QQF-34QM vulnerabilities

Vulnerabilities for packages: elastic-agent, ld-relay-fips, ld-relay, prometheus-fips, minio, prometheus, elastic-agent-fips, minio-fips...

5.8AI score
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 6:43 p.m.8 views

CVE-2026-48700

An issue was discovered in all versions of PCManFM-Qt starting from 1.1.0. When a regular file's path is passed as a URI in an org.freedesktop.FileManager1.ShowFolders D-Bus method call, PCManFM-Qt delegates to a different program based on the file type without user confirmation. This could be us...

9.3CVSS6.2AI score0.00181EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/22 4:16 p.m.11 views

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/22 3:1 p.m.7 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 3:1 p.m.5 views

CVE-2026-25680

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS5.9AI score0.00248EPSS
Exploits0
OSV
OSV
added 2026/05/22 2:5 p.m.21 views

USN-8277-2 linux-oracle-6.17 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS7AI score0.96775EPSS
Exploits228References21
Debian CVE
Debian CVE
added 2026/05/22 1:26 p.m.8 views

CVE-2026-8997

vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file vifminfo.json. This flaw occurs because the application lacks a runtime check on the length of history entries in release builds, potentially allowing a crafted long path or command in the...

4.8CVSS6AI score0.0014EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 1:22 p.m.9 views

CVE-2026-9277

shell-quote's quote function did not validate object-token inputs against the operator model used by parse. The .op field was backslash-escaped character by character using /./g, which in JavaScript does not match line terminators \n, \r, U+2028, U+2029. A line terminator in .op therefore passed...

9.2CVSS5.9AI score0.00848EPSS
Exploits1
CBLMariner
CBLMariner
added 2026/05/22 1:21 p.m.10 views

CVE-2026-47783 affecting package memcached for versions less than 1.6.27-5

CVE-2026-47783 affecting package memcached for versions less than 1.6.27-5. A patched version of the package is available...

8.1CVSS5.8AI score0.01312EPSS
Exploits0
Chainguard
Chainguard
added 2026/05/22 1:18 p.m.21 views

GHSA-XH8F-G2QW-GCM7 vulnerabilities

Vulnerabilities for packages: minio, minio-fips...

5.8AI score
Exploits0
Chainguard
Chainguard
added 2026/05/22 1:18 p.m.14 views

CVE-2026-42600 vulnerabilities

Vulnerabilities for packages: minio, minio-fips...

6.9CVSS5.8AI score0.08457EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/05/22 1:16 p.m.14 views

USN-8295-1: Evince vulnerability

It was discovered that Evince did not properly sanitize command-line arguments in PDF /GoToR actions. If a user opened a specially crafted PDF file, an attacker could possibly use this issue to execute arbitrary code...

8.4CVSS6.1AI score0.00529EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39830

A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close, resulting in a resource leak per connection. Unsolicited global responses are now discarded...

9.1CVSS5.8AI score0.005EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.9 views

CVE-2026-46598

For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...

5.3CVSS5.8AI score0.00313EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.8 views

CVE-2026-39829

The RSA and DSA public key parsers did not enforce size limits on key parameters. A crafted public key with an excessively large modulus or DSA parameter could cause several minutes of CPU consumption during signature verification. This could be triggered by unauthenticated clients during public...

7.5CVSS5.8AI score0.00389EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.6 views

CVE-2026-39834

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS5.9AI score0.00466EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.8 views

CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

10CVSS5.8AI score0.0044EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.7 views

CVE-2026-39828

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

8.8CVSS5.8AI score0.00221EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.6 views

CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS5.8AI score0.00338EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/22 2:31 a.m.6 views

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00273EPSS
Exploits0
Rows per page
Query Builder