Lucene search
K

4706 matches found

OSV
OSV
added 2026/06/12 2:32 p.m.7 views

MAL-2026-5693 Malicious code in sea-bound-siren (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cd5f2d5cc691968b1bb69f12ea7476c618f6432b42976869906df06312b912c0 On npm install, postinstall.js executes a shell pipeline that collects the output of id, os.hostname, the full process environment env | sort, the...

5.5AI score
Exploits0References24
NVD
NVD
added 2026/06/12 10:16 a.m.16 views

CVE-2026-50628

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

9.8CVSS0.00629EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/12 8:56 a.m.7 views

EUVD-2026-36396

A logic error in OAuthRequestFilter rejects legitimate requests originating from the bound IP address, while blindly allowing requests from any other IP address. Enabling this security feature inadvertently creates an inverse security check. Users are recommended to upgrade to versions 4.2.2 or...

5.2AI score0.00629EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.12 views

SUSE CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 7:16 p.m.5 views

DEBIAN-CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0References1
OSV
OSV
added 2026/06/11 7:16 p.m.6 views

UBUNTU-CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/11 6:15 p.m.7 views

CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.7AI score0.00228EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/11 6:7 p.m.10 views

CVE-2026-53702

A stack buffer overflow flaw was found in the GStreamer H.265 codec parser library gst-plugins-bad. When parsing a buffering period SEI message, the parser uses an incorrect loop bound derived from cpbcntminus1i the loop index instead of the sub-layer 0 CPB count cpbcntminus10 from the referenced...

6.5CVSS5.2AI score0.00228EPSS
Exploits0References3
RustSec
RustSec
added 2026/06/11 12:0 p.m.10 views

Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/11 12:0 p.m.26 views

RUSTSEC-2026-0177 Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 8:19 p.m.8 views

CVE-2026-46702 Russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets

Russh is a Rust SSH client & server library. From version 0.34.0 to before version 0.61.1, when SSH compression is enabled, russh accepted compressed packets whose on-wire size passed the normal transport packet-length checks but whose decompressed size was much larger. This allowed a remote peer...

7.5CVSS5.5AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.22 views

VMware Spring Data MongoDB 安全漏洞

VMware Spring Data MongoDB is a MongoDB data access framework developed by the American company VMware. There is a security vulnerability in VMware Spring Data MongoDB, which stems from insufficient validation of bound parameters in repository query methods using the @Query annotation and regular...

5.9CVSS5.3AI score0.00262EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:16 p.m.13 views

DEBIAN-CVE-2026-11790

A flaw was found in 389 Directory Server. The PBKDF2-SHA256 password storage plugin does not enforce an upper bound on the iteration count extracted from stored password hashes. A privileged attacker who can modify a user's password hash can cause excessive CPU consumption during authentication,...

4.9CVSS5.4AI score0.00291EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:16 p.m.9 views

UBUNTU-CVE-2026-46332

In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352bootloaderrx appends each serdev chunk into the fixed rxbuffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may recei...

8CVSS5.4AI score0.00193EPSS
Exploits0References7
OSV
OSV
added 2026/06/08 5:16 p.m.7 views

UBUNTU-CVE-2026-46281

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

5.7AI score0.00183EPSS
Exploits0References10
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.38 views

CVE-2026-46281 vmalloc: fix buffer overflow in vrealloc_node_align()

In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vreallocnodealign Commit 4c5d3365882d "mm/vmalloc: allow to set node and align in vrealloc" added the ability to force a new allocation if the current pointer is on the wrong NUMA node, or if an...

0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47353

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow exists in the vrealloc node align function. When a request is made to shrink an allocation size old size and a new allocation is required due to NUMA node or alignment...

9.8CVSS5.6AI score0.93235EPSS
Exploits31References333
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.12 views

CVE-2026-7768

@fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded, eventually exhausting the...

7.5CVSS5.5AI score0.00284EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/05 4:51 p.m.9 views

CVE-2026-45290 Cloudburst Network has DoS in RakNet connection handling due to missing bound checks

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

7.5CVSS5.5AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 4:51 p.m.36 views

CVE-2026-45290 Cloudburst Network has DoS in RakNet connection handling due to missing bound checks

Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to 1.0.0.CR3-20260417.085727-30 impacts publicly accessible software depending on the affected versions of Network and allows an attacker to exploit a vulnerability in Network to stal...

7.5CVSS0.00278EPSS
Exploits0References1
Rows per page
Query Builder