Lucene search
K

52629 matches found

Redos
Redos
added 2026/06/10 12:0 a.m.8 views

ROS-20260610-73-0041

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

9.8CVSS8.3AI score0.00662EPSS
Exploits1
Redos
Redos
added 2026/06/10 12:0 a.m.7 views

ROS-20260610-73-0042

The vulnerability of the ndrreaduint8Array function in the RDP client FreeRDP is related to writing beyond the buffer boundaries. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code or cause service failures remotely...

9.8CVSS8.3AI score0.00662EPSS
Exploits1
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.11 views

Critical: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781 kernel: nbd: defer config unlock in nbdgenlconnect...

9.8CVSS6.8AI score0.00563EPSS
Exploits0References28
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.11 views

Critical: kernel-rt security update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: geneve: Fix use-after-free in genevefinddev. CVE-2025-21858 kernel: smc: Fix use-after-free in tcpwritetimerhandler CVE-2023-53781...

9.8CVSS7AI score0.00563EPSS
Exploits0References28
NVD
NVD
added 2026/06/09 11:17 p.m.10 views

CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS0.00103EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 11:17 p.m.3 views

UBUNTU-CVE-2026-9741

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.3AI score0.00103EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/09 9:59 p.m.7 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the handleTokenExchange function. An attacker can gain unauthorized access to restricted resources by exploiting the lack of enforcement of allowed connectors when exchanging tokens. This is only exploitable i...

8.7CVSS5.4AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/09 9:59 p.m.14 views

Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

5.6AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/09 9:59 p.m.4 views

GHSA-7QJX-GP9H-65QJ Dex: Token-exchange endpoint is missing AllowedConnectors enforcement

Summary server/handlers.go::handleTokenExchange lines 1804-1893 does not call isConnectorAllowedclient.AllowedConnectors, connID before issuing tokens, while sibling handlers do. This is a per-client connector ACL gap on the token-exchange endpoint; the redirect-flow paths enforce the same field...

8.7CVSS5.6AI score
Exploits0References3
CVE
CVE
added 2026/06/09 9:56 p.m.35 views

CVE-2026-9741

CVE-2026-9741 affects the MongoDB client-side encryption/QueryAble Encryption workflow, specifically the $vectorSearch aggregation stage. The root cause is in query analysis processing for QE or CSFLE, where literal values for encrypted fields used in the $vectorSearch stage filter expressions ar...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/09 9:56 p.m.36 views

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS0.00103EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 9:56 p.m.6 views

CVE-2026-9741 Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/06/09 9:56 p.m.8 views

Client side encryption fails to encrypt values in a $vectorSearch

A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption QE or Client-Side Field Level Encryption CSFLE results in literal values for encrypted fields within the $vectorSearch stage filter expressions to be sent to the server as plaintext instead of...

7.1CVSS5.4AI score0.00103EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/06/09 6:33 p.m.5 views

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the certificate verification path, in the TLS client's OCSP stapling response handling. An attacker operating a malicious server can deliver an OCSP response via the statusrequest extension that corrupts heap memory and...

8.2CVSS5.9AI score0.00245EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:31 p.m.8 views

EUVD-2026-35519

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.8 views

EUVD-2026-35516

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.00602EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.8 views

EUVD-2026-35518

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

7.5CVSS6AI score0.0055EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.7 views

EUVD-2026-35700

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network...

8.8CVSS6AI score0.01001EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 6:30 p.m.13 views

EUVD-2026-35484

Issue summary: An attacker-controlled CMP Certificate Management Protocol server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference causes a crash of the application and a Denial of Service. An attacker controlling a CMP server or acti...

5.9CVSS5.5AI score0.00349EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 6:30 p.m.10 views

EUVD-2026-35480

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

6AI score0.00245EPSS
Exploits0References4
Rows per page
Query Builder