Lucene search
K

3156 matches found

OSV
OSV
added 2026/07/07 10:17 a.m.2 views

PYSEC-2026-945 Overflow in `ResizeNearestNeighborGrad`

Impact When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. import tensorflow as tf aligncorners = True halfpixelcenters = False grads = tf.constant1, shape=1,8,16,3, dtype=tf.float16 size = tf.constant1879048192,1879048192, shape=2, dtype=tf.int32...

4.8CVSS7AI score0.0044EPSS
Exploits1References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-989 TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite

Impact The ScatterNd function takes an input argument that determines the indices of of the output tensor. An input index greater than the output tensor or less than zero will either write content at the wrong index or trigger a crash. Patches We have patched the issue in GitHub commit...

7CVSS7.1AI score0.00441EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/07/06 8:58 p.m.8 views

Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator

Summary The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration. Impact A...

8.2CVSS6AI score0.00405EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 8:50 p.m.6 views

Coder's OIDC email_verified type coercion bypass enables account takeover via unverified email linking

Summary Coder's OIDC callback checked emailverified with a direct Go bool type assertion. When an IdP returned the claim as a non-boolean for example the string "false" or omitted it, the assertion failed open and the email was treated as verified. Combined with an unconditional email-based accou...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56066

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists in the OIDC callback where the email verified claim is checked using a direct Go bool type...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.5 views

Oracle Linux 8 : postgresql:13 (ELSA-2026-28208)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-28208 advisory. - Backport fix for CVE-2026-6478 from PostgreSQL 14.23 - Backport fixes for CVE-2026-6637, CVE-2026-6477, CVE-2026-6475, CVE-2026-6473 - fix CVE-2026-2004...

8.8CVSS7.1AI score0.89914EPSS
Exploits14References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

MiracleLinux 8 : xorg-x11-server-1.20.11-28.el8_10.2 (AXSA:2026-803:05)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-803:05 advisory. xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch...

7.8CVSS6.2AI score0.00165EPSS
Exploits0References10
Rockylinux
Rockylinux
added 2026/06/19 12:3 a.m.8 views

xorg-x11-server security, bug fix, and enhancement update

An update is available for xorg-x11-server. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list X.Org is an open-source implementation of the X Window System. It...

7.8CVSS5.8AI score0.00165EPSS
Exploits0
OSV
OSV
added 2026/06/17 12:0 a.m.5 views

ALSA-2026:26562 Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update

Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch CVE-2026-50256 xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server:...

7.8CVSS5.7AI score0.00165EPSS
Exploits0References20
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.17 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a backport of patch ea52cb24cd3f. This patch improperly handled the hugetlb VMA lock allocation,...

5.5CVSS5.3AI score0.001EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-46289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series Fix bugs in...

9.8CVSS6.6AI score0.00457EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/04 12:0 a.m.12 views

Oracle Linux 8 : go-toolset:ol8 (ELSA-2026-22112)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-22112 advisory. delve 1.25.2-1.0.1 golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586 Tenable...

7.5CVSS6AI score0.00813EPSS
Exploits0References12
OSV
OSV
added 2026/06/02 9:7 a.m.8 views

CLSA-2026-1780391238 Fix CVE(s): CVE-2026-8376

SECURITY UPDATE: heap buffer overflow in the regexp compiler 32-bit - debian/patches/CVE-2026-8376.patch: guard against an SSizet overflow when sizing the joined fixed-substring buffer in Perlstudychunk in regcomp.c; backported from upstream commit 5e7f119eb2bb1181be908701f22bf7068e722f1c. -...

9.8CVSS6AI score0.00398EPSS
Exploits1References2
Oracle linux
Oracle linux
added 2026/06/02 12:0 a.m.20 views

go-toolset:ol8 security update

delve golang 1.25.9-1.0.1 - EXPERIMENTAL: Introduce fipsnoenforceems GODEBUG var - Backported from OL9u7 - Resolves: OLDIS-53586...

7.5CVSS5.9AI score0.00813EPSS
Exploits0
OSV
OSV
added 2026/05/23 11:25 a.m.8 views

CLSA-2026-1779535502 unbound: Fix of CVE-2026-33278

CVE-2026-33278: possible remote code execution during DNSSEC validation via a dangling rrsets pointer in dnsmsgdeepcopyregion exposed by the backported KeyTrap mitigation...

10CVSS6.4AI score0.01272EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/23 1:39 a.m.14 views

SUSE CVE-2022-39307

Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the /api/user/password/sent-reset-email URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks...

5.3CVSS6.7AI score0.00696EPSS
Exploits0References9
Oracle linux
Oracle linux
added 2026/05/21 12:0 a.m.16 views

gdk-pixbuf2 security update

2.36.12-3.0.3 - Backport fixes for CVE-2026-5201 Orabug: 39288631 2.36.12-3.0.1 - jpeg: Be more careful with chunked icc data Orabug: 38359772CVE-2025-7345...

7.5CVSS7.1AI score0.01069EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/05/11 2:50 p.m.12 views

Facebook React has a Denial of Service Vulnerability in React Server Components

Impact A denial of service vulnerability could be triggered by sending specially crafted HTTP requests to server function endpoints, this could lead to out-of-memory exceptions or excessive CPU usage. We recommend updating immediately. The vulnerability exists in versions 19.0.0 through 19.0.5,...

7.5CVSS5.9AI score0.01533EPSS
Exploits1References5Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-33243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a...

8.2CVSS5.8AI score0.00108EPSS
Exploits0References2
Securelist
Securelist
added 2026/05/08 8:0 a.m.14 views

CVE-2025-68670: discovering an RCE vulnerability in xrdp

In addition to KasperskyOS-powered solutions, Kaspersky offers various utility software to streamline business operations. For instance, users of Kaspersky Thin Client, an operating system for thin clients, can also purchase Kaspersky USB Redirector, a module that expands the capabilities of the...

9.8CVSS6.8AI score0.01318EPSS
Exploits0
Rows per page
Query Builder