Lucene search
+L

17033 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/19 2:16 p.m.6 views

CVE-2023-54353

Chromacam 4.0.3.0 contains an unquoted service path vulnerability in the PsyFrameGrabberService that allows local attackers to execute arbitrary code by placing malicious executables in unquoted path directories. Attackers with write access to C:\ or subdirectories like C:\Program Files...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel before version 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. This could lead to an out-of-bounds write vulnerability...

7.8CVSS6.7AI score0.00266EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/19 5:10 a.m.22 views

Malicious code in node-slot (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d71bcdec983467ab6a47b538e524abc1cdafc98b411761bffb375be17d72009 On npm install, package.json's postinstall hook executes node test.js which invokes code in index.js that performs two distinct attacks on the...

5.9AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.17 views

PT-2026-51088

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj is a JSON parser and Object marshaller for Ruby. A Use-After-Free issue exists when using the Oj::Parser in SAJ mode. The parser fails to protect cached object keys of 35 bytes or more from garbage...

8.7CVSS5.7AI score0.00253EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-51083

Name of the Vulnerable Software and Affected Versions Oj versions prior to 3.17.2 Description Oj::Doc iterators each value, each child, each leaf are subject to a heap use-after-free. This occurs when a Ruby block yielded during iteration calls doc.close or d.close, causing the document's heap...

8.7CVSS5.7AI score0.00117EPSS
Exploits0References4
Fedora
Fedora
added 2026/06/17 8:44 a.m.12 views

[SECURITY] Fedora 44 Update: librabbitmq-0.16.0-1.fc44

This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1...

5.3AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/16 10:6 a.m.78 views

binary-exploitation-labs

Binary Exploitation & Reverse Engineering Labs Hands-on labs...

5.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/15 8:9 p.m.11 views

aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/15 8:9 p.m.8 views

GHSA-63HW-FMQ6-XXG2 aiohttp: C HTTP Parser Bypasses max_line_size for Fragmented Lines

Summary It is possible to bypass the maxlinesize check in parts of an HTTP request in the C parser. Impact If using the optimised C parser the default in pre-built wheels, then an attacker may be able to send oversized lines through the HTTP parser and use an excessive amount of memory, potential...

8.7CVSS5.4AI score0.00322EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/15 7:22 p.m.11 views

Security Bulletin: IBM Sterling Connect:Direct Web Services is Affected by command injection.

Summary glob-10.4.5.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64756. Vulnerability Details CVEID:CVE-2025-64756 DESCRIPTION: Glob matches files using patterns the shell uses. Starting in version 10.2.0 and prior to versions 10.5.0 and 11.1.0, the glob CLI contains a command...

7.5CVSS6.5AI score0.03136EPSS
Exploits1Affected Software1
OSV
OSV
added 2026/06/15 9:19 a.m.5 views

SUSE-SU-2026:22125-1 Security update for editorconfig-core-c

This update for editorconfig-core-c fixes the following issue: - CVE-2026-40489: lpattern buffer overflow bsc1262131...

8.6CVSS5.7AI score0.00151EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.34 views

CVE-2025-55641

A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

0.00188EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.23 views

PT-2026-49591

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.14.1 Description An issue exists in the C parser of the asynchronous HTTP client/server framework where the max line size check can be bypassed in parts of an HTTP request. When using the optimized C parser, which i...

8.7CVSS5.9AI score0.00322EPSS
Exploits0References20
CVE
CVE
added 2026/06/14 5:26 p.m.43 views

CVE-2026-54412

CVE-2026-54412 affects LiamBindle MQTT-C up to v1.1.6. The vulnerability is a heap-based out-of-bounds read and integer underflow in mqtt_unpack_publish_response() (src/mqtt.c). A broker-controlled or injected PUBLISH packet can allow a remote unauthenticated attacker to crash a subscribed MQTT-C...

8.8CVSS5.6AI score0.00407EPSS
Exploits0References4
OSV
OSV
added 2026/06/14 5:26 p.m.4 views

CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS6.1AI score0.00407EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 7:16 p.m.16 views

CVE-2026-12043

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

8.8CVSS0.00351EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/12 6:35 p.m.11 views

CVE-2026-12043 Heap double-free in AWS Common Runtime aws-c-http

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

8.8CVSS5.9AI score0.00351EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 6:35 p.m.5 views

CVE-2026-12043 Heap double-free in AWS Common Runtime aws-c-http

Improper handling of HPACK dynamic table size updates in the AWS Common Runtime aws-c-http library might allow a remote threat actor operating a server to cause memory corruption on a connecting client application, potentially leading to arbitrary code execution, via a crafted sequence of HTTP/2...

8.7CVSS6.3AI score0.00351EPSS
Exploits0References5
NVD
NVD
added 2026/06/12 4:16 p.m.11 views

CVE-2026-44967

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS0.00206EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 4:16 p.m.7 views

UBUNTU-CVE-2026-44967

OpenTelemetry-cpp is the C++ implementation of OpenTelemetry. Prior to release 1.27.0, the OTLP HTTP exporters traces/metrics/logs read the full HTTP response into an in-memory vector of bytes without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is...

5.3CVSS5.4AI score0.00206EPSS
Exploits0References6
Rows per page
Query Builder