Lucene search
K

52628 matches found

OSV
OSV
added 2026/06/10 8:40 a.m.7 views

SUSE-SU-2026:2331-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2026-31405: media: dvb-net: fix OOB access in ULE extension header tables bsc1261700. - CVE-2026-31629: nfc: llcp: add missing return after LLCPCLOSED checks...

9.8CVSS5.6AI score0.00563EPSS
Exploits5References27
NVD
NVD
added 2026/06/10 7:16 a.m.15 views

CVE-2026-11815

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 5:44 a.m.36 views

CVE-2026-29114

A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain...

2.3CVSS0.0019EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 a.m.7 views

CVE-2026-44746

Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver JAVA JDBC Test Servlet, an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks this link, the injected input is processed during web page generation, resulting in the execution of...

6.1CVSS5.4AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.14 views

CVE-2026-46540

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macrohea...

6.5CVSS0.00259EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48382

An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken security expectations or remote code execution...

5.3CVSS6AI score0.00317EPSS
Exploits0References2
Redos
Redos
added 2026/06/10 12:0 a.m.7 views

ROS-20260610-73-0042

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

9.8CVSS8.3AI score0.00485EPSS
Exploits1
Redos
Redos
added 2026/06/10 12:0 a.m.6 views

ROS-20260610-73-0014

The vulnerability of the IndexedDB component in browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird is related to the exposure of information. Exploiting this vulnerability can allow an attacker to compromise the confidentiality and accessibility of protected informati...

6.5CVSS5.8AI score0.04938EPSS
Exploits1
Redos
Redos
added 2026/06/10 12:0 a.m.7 views

ROS-20260610-73-0015

The vulnerability in browsers Firefox, Firefox ESR, and email clients Thunderbird, Thunderbird ESR, is related to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.8CVSS6.3AI score0.00337EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48545

Name of the Vulnerable Software and Affected Versions russh versions 0.37.0 through 0.60.2 Description In the keyboard-interactive authentication path of the client, a malicious SSH server can send a USERAUTH INFO REQUEST containing an attacker-controlled prompt count. The client uses this raw...

6.5CVSS5.3AI score0.00232EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.11 views

Erlang/OTP 输入验证错误漏洞

Erlang/OTP is an open-source JavaScript library for handling exceptions. This library can catch exceptions caused by Node.js’s built-in APIs. Versions of Erlang/OTP between 5.10 and 9.7.1, 9.6.2.2, and 9.3.2.6 have a vulnerability related to input validation errors. This vulnerability arises...

7.1CVSS5.3AI score0.00335EPSS
Exploits0References1
Redos
Redos
added 2026/06/10 12:0 a.m.7 views

ROS-20260610-73-0046

The vulnerability of the createirpthread function in the RDP client of FreeRDP is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code or cause service failures...

8.1CVSS7.9AI score0.00286EPSS
Exploits1
Redos
Redos
added 2026/06/10 12:0 a.m.5 views

ROS-20260610-73-0035

The vulnerability of the SDL3 RDP client for FreeRDP is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to compromise the accessibility of protected information...

8.2CVSS6.2AI score0.00247EPSS
Exploits1
Redos
Redos
added 2026/06/10 12:0 a.m.8 views

ROS-20260610-73-0041

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

9.8CVSS8.3AI score0.00485EPSS
Exploits1
Zero Day Initiative
Zero Day Initiative
added 2026/06/10 12:0 a.m.10 views

ASUS MyASUS Origin Validation Error Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the ASUS Software Manage...

7.8CVSS6AI score0.00135EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.6 views

Erlang/OTP -- FTP passive-mode client does not validate server response IP

https://github.com/erlang/otp/security/advisories/GHSA-24cv-hwgr-37fq reports: The FTP client in passive mode did not validate the IP address returned in the server's response, allowing a compromised or malicious server to redirect the data connection to an arbitrary host. This enables server-sid...

6.5CVSS5.6AI score0.00234EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/06/10 12:0 a.m.7 views

Erlang/OTP -- httpc leaks authentication headers on cross-host redirect

https://github.com/erlang/otp/security/advisories/GHSA-m75x-4vwg-ggjh reports: The HTTP client httpc in inets now removes Authorization, Proxy-Authorization, Cookie, Referer, and Origin headers when following a redirect to a different host or port, following the requirements of RFC 9110 section...

7.1CVSS5.5AI score0.00335EPSS
Exploits0References1
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.11 views

Critical: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781...

9.8CVSS7AI score0.00563EPSS
Exploits0References28
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.11 views

Critical: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nbd: defer config unlock in nbdgenlconnect...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References28
Spring Security Advisories
Spring Security Advisories
added 2026/06/10 12:0 a.m.7 views

CVE-2026-40987: Remote-file synchronizer in Spring Integration writes server-supplied filename under localDirectory without canonicalization

A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem outside the configured local-directory with attacker-controlled content...

7.1CVSS5.4AI score0.0021EPSS
Exploits0Affected Software1
Rows per page
Query Builder