Lucene search
K

8560 matches found

Vulnrichment
Vulnrichment
added 2026/05/04 5:15 a.m.5 views

CVE-2026-7735 osrg GoBGP AIGP Attribute bgp.go PathAttributeAigp.DecodeFromBytes buffer overflow

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

7.5CVSS7.2AI score0.00361EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:15 a.m.6 views

CVE-2026-7735

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

7.5CVSS7.3AI score0.00361EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/05/04 5:15 a.m.9 views

EUVD-2026-26915

A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. It is possible to initiate the attack remotely. Upgrading...

7.5CVSS7.3AI score0.00361EPSS
Exploits0References6
CVE
CVE
added 2026/05/04 5:15 a.m.25 views

CVE-2026-7735

The CVE concerns osrg GoBGP (up to 4.3.0) where the PathAttributeAigp.DecodeFromBytes function in pkg/packet/bgp/bgp.go handles the AIGP Attribute Parser. A manipulation can cause a buffer overflow, enabling remote initiation of an attack. This entry specifies that upgrading to version 4.4.0 addr...

7.5CVSS7.3AI score0.00361EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

GoBGP 缓冲区错误漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained a buffer error vulnerability. This vulnerability stems from a buffer overflow in the function PathAttributeAigp.DecodeFromBytes within the AIGP Attribute Parser...

7.5CVSS7.4AI score0.00361EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.8 views

PT-2026-36764

Name of the Vulnerable Software and Affected Versions osrg GoBGP versions prior to 4.4.0 Description A buffer overflow can be triggered remotely within the AIGP Attribute Parser component. The issue exists in the PathAttributeAigp.DecodeFromBytes function located in the pkg/packet/bgp/bgp.go file...

7.5CVSS7.2AI score0.00361EPSS
Exploits0References22
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.11 views

GoBGP 安全漏洞

GoBGP is an open-source implementation of the Border Gateway Protocol BGP developed by osrg. Versions of GoBGP prior to 4.3.0 contained security vulnerabilities. These vulnerabilities stemmed from a function in the SRv6 L3 Service component called pkg/packet/bgp/prefixsid.go. The function...

7.5CVSS6.1AI score0.00464EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/04 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.13.8 (RHSA-2023:4459)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:4459 advisory. - golang: net/http, net/textproto: denial of service from excessive memory allocation CVE-2023-24534 - golang: html/template: improp...

7.5CVSS7AI score0.01888EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/05/02 9:26 a.m.4 views

CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute

The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...

5.4CVSS6AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/05/02 4:27 a.m.17 views

CVE-2026-4658

The CVE-2026-4658 entry concerns the WordPress plugin Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates (Add-to-Cart block). Affected: all versions up to 6.0.4. Root cause: insufficient output escaping in render_callback() where class and data-id attributes are built via raw ...

6.4CVSS6AI score0.00419EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/02 12:0 a.m.5 views

PT-2026-36594

The Brizy – Page Builder plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to, and including, 2.8.11 This is due to a combination of missing nonce verification for unauthenticated form submissions, insufficient handling of FileUpload fields when ...

7.2CVSS6AI score0.00401EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Wireshark 2.4.x < 2.4.9 Multiple Vulnerabilities (macOS)

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 2.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.9 advisory. - In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could...

7.5CVSS5.9AI score0.03459EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Wireshark 2.4.x < 2.4.9 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.4.9. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.4.9 advisory. - In Wireshark 2.6.0 to 2.6.2, 2.4.0 to 2.4.8, and 2.2.0 to 2.2.16, the Bluetooth AVDTP dissector could crash. Thi...

7.5CVSS6.8AI score0.03459EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/01 6:54 p.m.6 views

CVE-2026-43053

A flaw was found in the Linux kernel's XFS filesystem. During the inactivation of inodes with extended attributes, a specific timing window exists where a log shutdown can occur after some data blocks are invalidated but before the attribute map is fully truncated. This can lead to inconsistencie...

5.5CVSS5.8AI score0.00074EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/01 5:14 p.m.5 views

CVE-2026-43026

A flaw was found in the Linux kernel's netfilter component, specifically within the ctnetlink module. This vulnerability occurs because certain fields are not properly initialized when a new connection tracking expectation is created without the Network Address Translation NAT expectation...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/05/01 3:16 p.m.33 views

CVE-2026-43053

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

4.7CVSS0.00074EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/01 2:15 p.m.6 views

CVE-2026-43053

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

4.7CVSS5.7AI score0.00074EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/01 2:15 p.m.54 views

CVE-2026-43053 xfs: close crash window in attr dabtree inactivation

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

0.00074EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:15 p.m.3 views

CVE-2026-43053

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

5.8AI score0.00074EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/01 2:15 p.m.19 views

EUVD-2026-26652

In the Linux kernel, the following vulnerability has been resolved: xfs: close crash window in attr dabtree inactivation When inactivating an inode with node-format extended attributes, xfsattr3nodeinactive invalidates all child leaf/node blocks via xfstransbinval, but intentionally does not remo...

5.8AI score0.00074EPSS
Exploits0References2
Rows per page
Query Builder