Lucene search
K

16930 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53028

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not...

6AI score0.00166EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:9 a.m.8 views

libssh2 - Out-of-Bounds Write via Unchecked packet_length in transport.c

...

9.2CVSS5.8AI score0.00732EPSS
Exploits10
RedhatCVE
RedhatCVE
added 2026/06/26 4:34 p.m.7 views

CVE-2026-53028

A flaw was found in the Linux kernel's USB Type-C subsystem. This vulnerability occurs when an error pointer for tps-partner is checked but not handled, leading to its subsequent dereference. This unhandled error can cause a system crash, resulting in a Denial of Service DoS for the affected syst...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 3:40 p.m.8 views

CVE-2026-52997

A flaw was found in the Linux kernel's schdualpi2 qdisc queueing discipline component. When dualpi2change attempts to enforce updated limit and memory limit values, it may incorrectly try to dequeue packets from an empty C-queue while packets are present in the L-queue. This can lead to a NULL sk...

5.7AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 2:16 a.m.9 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS0.00405EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 1:14 a.m.8 views

EUVD-2026-39614

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.6AI score0.00405EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/25 11:6 p.m.4 views

CVE-2026-53196

A flaw was found in the Linux kernel's ioti USB serial driver. A malicious USB device, when plugged into a host running this driver, can exploit a heap overflow vulnerability in the getmanufinfo function. This occurs because the driver does not properly validate the size of data read from the...

6.8CVSS6.2AI score0.00282EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 9:25 p.m.7 views

EUVD-2026-38382

MessagePack-CSharp: Unity unsafe blit formatter allocates from unbounded byte length...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 9:7 p.m.3 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: mariadb-connector-c: mariadb-connector-c-3.4.9-1.hum1 aarch64, x8664 mariadb-connector-c-config-3.4.9-1.hum1 noarch mariadb-connector-c-devel-3.4.9-1.hum1 aarch64, x8664...

9.8CVSS5.9AI score0.00419EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:53 p.m.8 views

EUVD-2026-38386

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:52 p.m.6 views

EUVD-2026-38387

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:46 p.m.8 views

EUVD-2026-38388

MessagePack-CSharp: MessagePackReader.Skip can recurse without enforcing maximum object graph depth...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38865

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.7AI score0.00173EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:29 p.m.5 views

CVE-2026-52997

The CVE-2026-52997 entry documents a Linux kernel net/sched vulnerability in sch_dualpi2 (dualpi2_change) where the code could dereference a NULL skb when switching backlog/memlimit if packets were queued in the L-queue while the C-queue was empty. The fix enforces correct queue draining by: (1) ...

5.7AI score0.00173EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: fixed a potential buffer overflow in i2chidgetreport i2chidxfer is used to read recvlen + sizeofle16 bytes of data into ihid-rawbuf. The former can originate from the user space of the hidraw driver, and is bounded ...

7.8CVSS6AI score0.00142EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-51922

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An error pointer dereference exists in the USB Type-C subsystem. The cd321x update work function checks if the tps-partner variable is an error pointer; however, if an error is detected,...

6.1AI score0.00166EPSS
Exploits0References12
Cvelist
Cvelist
added 2026/06/23 12:0 a.m.33 views

CVE-2025-55639

GPAC MP4Box v2.4 was discovered to contain a NULL pointer dereference in the gfisomaddtrackkind function at isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

0.00352EPSS
Exploits1References4
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2026-48516

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

7.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.14 views

CVE-2026-48513

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, runtime-generated union deserializers emitted by DynamicUnionResolver do not call MessagePackSecurity.DepthStepref reader and do not decrement reader.Depth around recursive deserialization and skip paths. This means...

7.5CVSS0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.7 views

CVE-2026-48506

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses MessagePackSecurity.MaximumObjectGraphDepth, the...

7.5CVSS0.00275EPSS
Exploits0References1
Rows per page
Query Builder