Lucene search
K

3575 matches found

RedHat Linux
RedHat Linux
added 2 days ago9 views

xorg: X11: xserver: X.org: glamor Font Atlas Heap Buffer Overflow

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.5AI score0.00212EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago3 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes

An out-of-bounds read flaw was found in the X.Org X server and Xwayland in glXDispChangeDrawableAttributes. A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapp...

5.5CVSS6.2AI score0.00132EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-57220

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, the RabbitMQ stream listener does not enforce the configured stream frame-size limit while...

7.5CVSS6.2AI score0.00515EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-61875 luci-app-upnp Stored XSS via UPnP Port Mapping Description

luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious HTML in the NewPortMappingDescription field, which miniupnpd stores and luci-app-upnp renders...

8.8CVSS0.00289EPSS
Exploits0References2
CVE
CVE
added 3 days ago17 views

CVE-2026-61875

The vulnerability is in luci-app-upnp (OpenWrt LuCI) and is a stored cross-site scripting (XSS) flaw in the UPnP IGD AddPortMapping SOAP request. An unauthenticated LAN client can submit malicious HTML in the NewPortMappingDescription field; miniupnpd stores it and luci-app-upnp renders it withou...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References2
Fedora
Fedora
added 3 days ago9 views

[SECURITY] Fedora 43 Update: xorg-x11-server-Xwayland-24.1.13-1.fc43

Xwayland is an X server for running X clients under Wayland...

9CVSS6.1AI score0.00212EPSS
Exploits0
Positive Technologies
Positive Technologies
added 3 days ago7 views

PT-2026-57559

Name of the Vulnerable Software and Affected Versions luci-app-upnp affected versions not specified Description Stored cross-site scripting occurs when unauthenticated LAN clients inject JavaScript through UPnP IGD AddPortMapping SOAP requests. The issue arises because the NewPortMappingDescripti...

8.8CVSS6.1AI score0.00289EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43096

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-44383

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-44383 Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-59724

A flaw was found in Engine.IO. When Engine.IO servers have WebTransport enabled, a remote attacker can craft a session ID to resolve an inherited property of the clients object during WebTransport upgrade handling. This can lead to a TypeError, resulting in a denial of service DoS for the server...

7.5CVSS6.1AI score0.00339EPSS
Exploits0References6
Fedora
Fedora
added 5 days ago7 views

[SECURITY] Fedora 44 Update: xorg-x11-server-Xwayland-24.1.13-1.fc44

Xwayland is an X server for running X clients under Wayland...

9CVSS5.9AI score0.00212EPSS
Exploits0
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-57340

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A flaw in the EV charging station backend allows multiple connections using the same charging station ID. This could enable an attacker to deploy multiple...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References5
OSV
OSV
added 6 days ago4 views

CVE-2026-60108 Zeek < 8.0.9 Uncontrolled Memory Consumption DoS via FTP Analyzer

Zeek before 8.0.9 contains an uncontrolled memory consumption vulnerability in the FTP analyzer that allows unauthenticated remote attackers to cause process termination by sending a crafted FTP control session negotiating AUTH GSSAPI followed by a large ADAT control line. Attackers can exploit t...

8.7CVSS6.2AI score0.00436EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56837

Name of the Vulnerable Software and Affected Versions pyload affected versions not specified Description The EventManager module manages Client instances for event subscriptions. When the get events API is called with a unique uuid, a new Client instance is created and added to the clients list...

6.5CVSS6.1AI score
Exploits0References7
RedhatCVE
RedhatCVE
added last week4 views

CVE-2026-55999

A flaw was found in the glamorfontget function of the xorg-x11-server. This vulnerability, a heap buffer overflow, occurs when the server processes a specially crafted PCF font file where individual glyph metrics exceed the declared maximum bounds. An authenticated X client can exploit this by...

8.5CVSS6.7AI score0.00212EPSS
Exploits0References3
HashiCorp Security Advisories
HashiCorp Security Advisories
added 2026/07/08 5:26 p.m.8 views

Nomad Docker driver vulnerable to host namespace bypass on Linux

Summary HashiCorp Nomad and Nomad Enterprise did not enforce the allowprivileged restriction for the Docker task driver’s host namespace mode options. This may allow an authenticated job submitter to run a container in a host namespace and access information belonging to the host or to other...

7.7CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/07/08 10:16 a.m.9 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.8CVSS0.00643EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/08 9:25 a.m.8 views

CVE-2026-56003

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.5CVSS6.3AI score0.00643EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/08 9:25 a.m.8 views

EUVD-2026-42212

A heap buffer overflow due to missing size checking in the property buffer when parsing PCF files in libXfont2 ComputeScaledProperties before libXfont2 before 2.0.8 could be used by attackers using authenticated X clients to execute code within the X server...

8.5CVSS6.3AI score0.00643EPSS
Exploits0References2
Rows per page
Query Builder