1164 matches found
CVE-2026-13759
IBM WebSphere Extreme Scale 8.6.1.0 through 8.6.1.6 ships three ObjectInputStream subclasses WsObjectInputStream, ObjectStreamPool$ReusableInputStream, ObjectInputStreamResolver that install no JEP-290 class filter; when Coherence is on the classpath, multiple RCE gadget chains including...
CVE-2026-50734
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...
UBUNTU-CVE-2026-50734
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...
CVE-2026-57080 Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...
CVE-2026-57080
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...
CVE-2026-57080
Net::BitTorrent (Perl) up to version 2.0.1 is affected by a memory-exhaustion vulnerability caused by an unbounded 4-byte peer-wire message-length prefix in _process_messages. The decoder waits for a full message before processing, allowing the input buffer to grow without limit when a peer annou...
EUVD-2026-40289
Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via an uncapped peer-wire message-length prefix. The peer-wire framing in processmessages trusts the 4-byte length prefix sent by a connected peer with no upper bound, while receivedata appends every inbound byte to th...
CVE-2026-50734
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...
EUVD-2026-40282
Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ Client, Apache ActiveMQ, Apache ActiveMQ All. An unauthenticated network attacker can cause a broker DoS by sending a crafted WireFormatInfo frame with a malicious large size value. The value is not validate and causes t...
GHSA-9M57-25V3-79X9 golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic
For certain crafted inputs, a 'ed25519.PrivateKey' was created by casting malformed wire bytes, leading to a panic when used...
EUVD-2026-31402
golang.org/x/crypto/ssh/agent: Invoking pathological inputs can lead to client panic...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: Input: tiam335xtsc – fixed an off-by-one error in the wireorder validation. The current validation wireorderi ARRAYSIZEconfig pins allows wireorderi to equal ARRAYSIZEconfig pins, which causes out-of-bounds access when used as an...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: Platform/x86: x86-android-tablets: Devices are unregistered in reverse order. Not all subsystems support the removal of a device when there are still consumers referencing that device. One example is the regulator subsystem. If a...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: i2c: npcm: Disable the interrupt enable bit before calling devmrequestirq The customer reports a soft lockup issue related to the i2c driver. After checking, it was found that the i2c module was performing a transmission operatio...
CVE-2026-47964
creationtimestamp| type| source ---|---|--- 2026-06-17 02:00:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moh7r44us52u...
CVE-2026-53864
creationtimestamp| type| source ---|---|--- 2026-06-16 20:00:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moglmhdrsi27 2026-06-16 21:48:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mogrncto6p2g...
CVE-2026-39581
creationtimestamp| type| source ---|---|--- 2026-06-16 13:00:55+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mofu6ceys72f 2026-06-16 13:24:34+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mofvilrs3b2f...
CVE-2026-11774
creationtimestamp| type| source ---|---|--- 2026-06-15 03:00:36+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mocc5w2sez26...
CVE-2026-47170
creationtimestamp| type| source ---|---|--- 2026-06-15 02:00:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3moc6sreia222...
Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks
Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least $150 million in ransom payments...