Lucene search
+L

587 matches found

OSV
OSV
added 2026/05/07 3:9 a.m.2 views

CVE-2026-44601

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...

3.7CVSS6AI score0.00337EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/07 3:9 a.m.22 views

EUVD-2026-28302

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...

3.7CVSS5.8AI score0.00337EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/07 3:9 a.m.18 views

CVE-2026-44601

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...

3.7CVSS5.8AI score0.00337EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/07 12:0 a.m.8 views

CVE-2026-44601

Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Tor 安全漏洞

Tor is a virtual tunnel network created by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability that could lead to client crashes due to the double closure of...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.14 views

PT-2026-38336

Name of the Vulnerable Software and Affected Versions Tor versions prior to 0.4.9.7 Description A client crash can occur when circuit queue memory pressure exists due to a double close of a circuit. Recommendations Update to version 0.4.9.7 or later...

3.7CVSS5.8AI score0.00337EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/03 12:15 p.m.4 views

CVE-2026-7695

A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be...

7.5CVSS6.8AI score0.00343EPSS
Exploits0References4Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:5 a.m.7 views

i2c: s3c24xx: check the size of the SMBUS message before using it

...

7.8CVSS5.8AI score0.00131EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-31549

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but does not make sure that the...

5.5CVSS6.2AI score0.00123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-31627

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that i...

7.8CVSS6AI score0.00131EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/24 2:42 p.m.6 views

CVE-2026-31627

In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that it is in the range of 0..I2CSMBUSBLOCKMAX before processing it. This i...

7.8CVSS5.2AI score0.00131EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 2:42 p.m.9 views

EUVD-2026-25520

In the Linux kernel, the following vulnerability has been resolved: i2c: s3c24xx: check the size of the SMBUS message before using it The first byte of an i2c SMBUS message is the size, and it should be verified to ensure that it is in the range of 0..I2CSMBUSBLOCKMAX before processing it. This i...

5.4AI score0.00131EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/23 2:54 p.m.5 views

CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6CVSS5.6AI score0.00313EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.14 views

GHSA-5PV5-XH52-HVRP uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References5
Ubuntu
Ubuntu
added 2026/04/22 6:24 p.m.12 views

USN-8200-2: Linux kernel (FIPS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Cryptographic API; - GPU drivers; - I2C subsystem; - Network traffic control; CVE-2022-49046,...

7.8CVSS7.2AI score0.00255EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/04/22 5:34 p.m.22 views

DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

6.1CVSS5.7AI score0.00313EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/04/22 4:9 p.m.24 views

CVE-2026-35378

CVE-2026-35378 affects the expr utility in uutils coreutils. A logic error causes evaluation of parenthesized subexpressions during parsing instead of execution, preventing proper short-circuiting for OR/AND. Consequently, arithmetic errors (e.g., division by zero) in dead branches are raised as ...

3.3CVSS5.9AI score0.00156EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34604

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 3.4.0 Description An inconsistency exists between the handling of FORBID TAGS and FORBID ATTR when a function-based ADD TAGS configuration is used. Specifically, when the EXTRA ELEMENT HANDLING.tagCheck function...

6.1CVSS6.3AI score0.00313EPSS
Exploits1References215
Github Security Blog
Github Security Blog
added 2026/04/16 12:46 a.m.20 views

DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/16 12:46 a.m.13 views

GHSA-39Q2-94RC-95CP DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...

5.3CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder