Lucene search
+L

17015 matches found

cve
cve
added yesterday9 views

CVE-2026-59860

Kiota is an OpenAPI-based HTTP client code generator. Prior to 1.32.3, it is affected by a code-generation injection in the C# XML documentation-comment sink when OpenAPI descriptions are written into single-line /// comments without stripping newline/Unicode terminators, allowing injection into ...

8.7CVSS6.1AI score
Exploits0References4
osv
osv
added yesterday4 views

UBUNTU-CVE-2026-38753

A use-after-free in the awksub function editors/awk.c of Busybox...

7.5CVSS6.1AI score0.00145EPSS
Exploits0References2
nvd
nvd
added 2 days ago7 views

CVE-2026-38752

A stack overflow in the evaluate function editors/awk.c of BusyBox commit 371fe9 allows attackers to cause a Denial of Service DoS via supplying a crafted AWK script...

7.5CVSS0.0016EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2 days ago8 views

PT-2026-60313

Name of the Vulnerable Software and Affected Versions Busybox version 1.38.0 Description A heap overflow occurs in the ifsbreakup function located in shell/ash.c. This issue allows attackers to cause a Denial of Service DoS by providing a specially crafted input. A heap overflow is a memory...

6.1AI score0.0016EPSS
Exploits0References4
fedora
fedora
added 5 days ago6 views

[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44

Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...

6.3CVSS6.2AI score0.00499EPSS
Exploits0
fedora
fedora
added 6 days ago6 views

[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44

Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...

9.8CVSS6.1AI score0.00663EPSS
Exploits0
cvelist
cvelist
added last week31 views

CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

0.00278EPSS
Exploits0References1
fedora
fedora
added 2026/07/10 12:54 a.m.7 views

[SECURITY] Fedora 44 Update: c-ares-1.34.7-1.fc44

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

5.9AI score
Exploits0
osv
osv
added 2026/07/10 12:0 a.m.4 views

UBUNTU-CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References5
nvd
nvd
added 2026/07/09 11:17 p.m.6 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS0.00137EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/07/09 10:37 p.m.10 views

CVE-2026-59858

Vim is an open source, command line text editor. Prior to 9.2.0735, the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: extension field of a tags entry, without escaping, into a :vimgrep pattern that is run through :execute. Because :vimgrep honor...

8.4CVSS6.2AI score0.00137EPSS
Exploits0References2
cve
cve
added 2026/07/09 10:37 p.m.13 views

CVE-2026-59858

Vim prior to 9.2.0735 is affected by CVE-2026-59858 where the C omni-completion script in runtime/autoload/ccomplete.vim interpolates the typeref: or typename: entry field into a :vimgrep pattern without escaping. This allows a crafted tag field to close the search pattern and append an arbitrary...

8.4CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
redhat
redhat
added 2026/07/09 5:24 p.m.13 views

glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS6.1AI score0.00502EPSS
Exploits1References7
redhat
redhat
added 2026/07/09 5:24 p.m.10 views

Moderate: Red Hat Security Advisory: compat-glibc security update

An update for compat-glibc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

9.8CVSS6AI score0.00502EPSS
Exploits1References2
redhatcve
redhatcve
added 2026/07/09 9:10 a.m.7 views

CVE-2026-33630

A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...

7.5CVSS6AI score
Exploits0References5
euvd
euvd
added 2026/07/08 2:55 p.m.5 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
osv
osv
added 2026/07/08 12:0 a.m.2 views

OPENSUSE-SU-2026:11210-1 cargo-c-0.10.23-1.1 on GA media

These are all security issues fixed in the cargo-c-0.10.23-1.1 package on the GA media of openSUSE Tumbleweed...

9.8CVSS6.1AI score0.00359EPSS
Exploits0References8
redhat
redhat
added 2026/07/07 10:32 a.m.4 views

c-ares: c-ares: Use-after-free / double-free in query-completion handling

A flaw was found in c-ares. A use-after-free / double-free vulnerability exists in the query-completion handling path, where a query callback is invoked while the query is still linked in internal lookup structures. A remote attacker can exploit this via aresgetaddrinfo over TCP by sending crafte...

6AI score
Exploits0References6
redhat
redhat
added 2026/07/07 10:32 a.m.4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: c-ares: c-ares-1.34.7-1.hum1 aarch64, x8664 c-ares-devel-1.34.7-1.hum1 aarch64, x8664 c-ares-1.34.7-1.hum1.src src...

6.1AI score
Exploits0References3
nessus
nessus
added 2026/07/07 12:0 a.m.20 views

Linux Distros Unpatched Vulnerability : CVE-2026-33630

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - c-ares - None Red Hat Enterprise Linux - c-ares: c-ares: Use-after-free / double-free in query-completion handling Ubuntu Linux - Unknown...

6.1AI score
Exploits0References4
Rows per page
Query Builder