Lucene search
K

48 matches found

RedhatCVE
RedhatCVE
added 2026/04/14 7:23 p.m.8 views

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.9AI score0.00172EPSS
Exploits0References1
NVD
NVD
added 2026/04/09 11:17 p.m.12 views

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS0.00172EPSS
Exploits0References1
OSV
OSV
added 2026/04/09 11:17 p.m.7 views

DEBIAN-CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4CVSS5.6AI score0.00172EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/09 11:17 p.m.5 views

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.9AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2026/04/09 11:17 p.m.8 views

UBUNTU-CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.9AI score0.00172EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 10:18 p.m.3 views

CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.9AI score0.00172EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 10:18 p.m.2 views

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS6AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/04/09 10:18 p.m.27 views

CVE-2026-5507

The CVE-2026-5507 issue affects session cache restore in wolfSSL, where a pointer from serialized session data is used in a free operation without validation. This allows an attacker who can poison the session cache to trigger an arbitrary free during a targeted restore, requiring the attacker to...

4.1CVSS6AI score0.00172EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/09 10:18 p.m.4 views

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.5AI score0.00172EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/09 10:18 p.m.3 views

CVE-2026-5507

When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free. Exploitation requires the ability to inject a crafted session into the cache and for the...

4.1CVSS5.5AI score0.00172EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.13 views

PT-2026-31818

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary free...

4.1CVSS5.9AI score0.00172EPSS
Exploits0References11
Hacker One
Hacker One
added 2025/11/20 4:39 a.m.20 views

curl: Arbitrary free in curl's config file parsing.

Summary: arbitrary free leading to possible double-free / use-after-free / memory corruption, depending on the program and the ability of what a we can do after freeing the pointer we control. Statement clarifying if an AI was used to find the issue or generate the report: Yes I used AI to list...

7.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-16391

Malware in sbrugna...

10CVSS9.5AI score0.00829EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-18388

Malware in sbrugna...

9.8CVSS9.2AI score0.05589EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-27286

Malicious code in bioql PyPI...

9.8CVSS8.1AI score0.01093EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-18306

Malicious code in bioql PyPI...

8.8CVSS7.7AI score0.01768EPSS
Exploits0References2
Talos
Talos
added 2025/08/09 12:0 a.m.14 views

Dell ControlVault3 cv_close arbitrary free vulnerability

Talos Vulnerability Report TALOS-2024-2129 Dell ControlVault3 cvclose arbitrary free vulnerability August 9, 2025 CVE Number CVE-2025-25215 SUMMARY An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 5.14.3.0. A specially crafted ControlVault API call can lea...

8.8CVSS7.8AI score0.01768EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/15 10:14 p.m.7 views

CVE-2025-25215

An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...

8.8CVSS7.2AI score0.01768EPSS
Exploits0References1
NVD
NVD
added 2025/06/13 10:15 p.m.21 views

CVE-2025-25215

An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted ControlVault API call can lead to an arbitrary free. An attacker can forge a fake session to trigger this vulnerability...

8.8CVSS0.01768EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 9:26 p.m.80 views

CVE-2025-25215

CVE-2025-25215 affects Dell ControlVault3 and ControlVault3 Plus; an arbitrary-free vulnerability resides in the cv_close path due to insufficient session validation. Talos’ analysis shows an attacker can forge a fake session on the CV firmware (for sessions allocated on the device heap) and trig...

8.8CVSS8.7AI score0.01768EPSS
Exploits0References2
Rows per page
Query Builder