Lucene search
+L

619 matches found

OSV
OSV
added 2026/05/13 7:17 p.m.20 views

UBUNTU-CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

7.5CVSS5.8AI score0.00408EPSS
Exploits0References5
Packet Storm News
Packet Storm News
added 2026/05/11 12:0 a.m.10 views

Can a Single Message Paralyze the AI Infrastructure? the Rise of AbO-DDoS Attacks through Targeted Mobius Injection

Large Language Model LLM agents have emerged as key intermediaries, orchestrating complex interactions between human users and a wide range of digital services and LLM infrastructures. While prior research has extensively examined the security of LLMs and agents in isolation, the systemic risk of...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Tor 安全漏洞

Tor is a virtual tunnel network created by the Tor Project organization. It allows individuals and groups to enhance their privacy and security on the Internet. Versions of Tor prior to 0.4.9.7 contained a security vulnerability that could lead to client crashes due to the double closure of...

7.5CVSS5.8AI score0.00337EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 11:10 p.m.7 views

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime in the handling of TCP connections with ALLOWHALFCLOSURE enabled when a remote peer sends a FIN followed by a RST. An attacker can cause resource exhaustion or high CPU utilization by...

8.7CVSS5.8AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.20 views

PT-2026-38280

Name of the Vulnerable Software and Affected Versions Netty versions 4.2.0.Final through 4.2.12.Final Description Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed. This occurs when a connection has ALLOW HALF CLOSURE enabled or is in a...

7.5CVSS5.9AI score0.00408EPSS
Exploits0References318
Snyk
Snyk
added 2026/05/01 5:32 p.m.7 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process. An attacker can execute arbitrary code by sending a crafted serialized PHP closure to the TCP server, which is then deserialized and executed without authentication or...

8.6CVSS6.1AI score0.00253EPSS
Exploits0References2
NVD
NVD
added 2026/05/01 4:16 p.m.9 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS0.00253EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/01 12:0 a.m.10 views

EUVD-2026-26670

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS6.1AI score0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/01 12:0 a.m.7 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS6.1AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2026/05/01 12:0 a.m.12 views

CVE-2026-37552

CVE-2026-37552 . Affected: MixPHP Framework 2.x up to 2.2.17. Root cause: unsafe deserialization using Opis\Closure\unserialize() on data received by the sync-invoke TCP server, then executed via call_user_func(). No authentication/signature on the localhost TCP port (127.0.0.1). Impact: arbitrar...

8.4CVSS6.1AI score0.00253EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.10 views

PT-2026-36487

Name of the Vulnerable Software and Affected Versions MixPHP Framework versions 2.x through 2.2.17 Description An unsafe deserialization issue exists in the sync-invoke TCP server. The server receives data from a TCP socket and passes it directly to the unserialize function within the OpisClosure...

8.4CVSS6AI score0.00253EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2026/04/29 3:55 p.m.7 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS7.5AI score0.00585EPSS
Exploits1References12
RedHat Linux
RedHat Linux
added 2026/04/28 6:49 a.m.4 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.2AI score0.00534EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/04/23 7:18 a.m.9 views

freerdp: FreeRDP has a Heap-use-after-free in play_thread

A heap use after free has been discovered in FreeRDP. The RDPSND async playback thread can process queued PDUs after the channel is closed and internal state is freed, leading to a use after free in rdpsndtreatwave...

8.7CVSS5.7AI score0.00534EPSS
Exploits0References7
NVD
NVD
added 2026/04/21 10:16 p.m.6 views

CVE-2026-40943

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

8.7CVSS0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 9:13 p.m.3 views

CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

8.7CVSS5.9AI score0.00202EPSS
Exploits0References1
OSV
OSV
added 2026/04/21 9:13 p.m.2 views

CVE-2026-40943 Oxia: Server crash via race condition in session heartbeat handling

Oxia is a metadata store and coordination system. Prior to 0.16.2, a race condition between session heartbeat processing and session closure can cause the server to panic with send on closed channel. The heartbeat method uses a blocking channel send while holding a mutex, and under specific timin...

8.7CVSS6.1AI score0.00202EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007389)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007389 advisory. In the Linux kernel, the following vulnerability has been resolved: binder: make sure fd closes complete During BCFREEBUFFER processing, the BINDERTYPEFDA object...

5.5CVSS6.2AI score0.0025EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007222 advisory. In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: free queued packets when closing socket As reported by syzbot 1, there is a memory...

5.5CVSS6.4AI score0.0025EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/16 10:34 a.m.12 views

github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload

A denial-of-service vulnerability in github.com/sirupsen/logrus occurs when Entry.Writer processes a single-line payload larger than 64KB with no newline characters. Due to a limitation in Go’s internal bufio.Scanner, the read operation fails with a “token too long” error, causing the underlying...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References12
Rows per page
Query Builder