Lucene search
K

5172 matches found

osv
osv
added 2026/06/25 10:15 p.m.7 views

GHSA-QPW4-5X99-6VJP golang.org/x/crypto: Invoking memory leak when rejecting channels can lead to DoS

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS6AI score0.00196EPSS
Exploits0References6
euvd
euvd
added 2026/06/25 10:15 p.m.13 views

EUVD-2026-31392

golang.org/x/crypto/ssh: Invoking memory leak when rejecting channels can lead to DoS...

6.5CVSS5.8AI score0.00196EPSS
Exploits0References6
github
github
added 2026/06/25 10:15 p.m.8 views

golang.org/x/crypto: Invoking memory leak when rejecting channels can lead to DoS

An authenticated SSH client that repeatedly opened channels which were rejected by the server caused unbounded memory growth, eventually crashing the server process and affecting all connected users. Rejected channels are now properly removed from the connection's internal state and released for...

6.5CVSS6AI score0.00196EPSS
Exploits0References6Affected Software1
redhatcve
redhatcve
added 2026/06/25 6:18 p.m.8 views

CVE-2026-53018

A flaw was found in the Linux kernel's f2fs filesystem. During garbage collection, a race condition can occur when a page is moved and updated, but the system attempts to read it again from an outdated location. This can trigger a kernel bug, leading to a system crash and a denial of service DoS....

5.8AI score0.00166EPSS
Exploits0References4
osv
osv
added 2026/06/25 5:20 p.m.19 views

MAL-2026-6467 Malicious code in @vpms/design-system (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 43ce5813fba2660b094a3e8a5c5a0bf2f1972530c294830c0a2e3d15dcd1b096 package.json declares preinstall="node index.js". On every npm install, index.js iterates process.env and harvests any variable whose name contains...

5.8AI score
Exploits0References5
osv
osv
added 2026/06/25 5:6 p.m.8 views

MAL-2026-6466 Malicious code in gx-npm-feature-flags (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7fcad1b944d9ceb92389673398df9f471911a788fe608774a3298c69900bb1c7 [email protected] is a dependency-confusion squat max-semver 99.99.99 on a gx--prefixed name to outrank a private internal package that...

5.8AI score
Exploits0References2
euvd
euvd
added 2026/06/25 2:34 p.m.7 views

EUVD-2026-39428

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/25 2:32 p.m.36 views

CVE-2026-57435 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

6.3CVSS0.00357EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52451

Name of the Vulnerable Software and Affected Versions Nokogiri versions prior to 1.19.4 Description In the Nokogiri XML and HTML library for Ruby, the root= method of Nokogiri::XML::Document only validates that the new root is a Nokogiri::XML::Node. This allows a DTD Document Type Definition node...

6.3CVSS5.7AI score0.00312EPSS
Exploits0References3
nessus
nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65...

5.9AI score0.00166EPSS
Exploits0References3
euvd
euvd
added 2026/06/24 6:32 p.m.9 views

EUVD-2026-38886

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

5.7AI score0.00166EPSS
Exploits0References4
euvd
euvd
added 2026/06/24 5:29 p.m.5 views

EUVD-2026-39014

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References2
attackerkb
attackerkb
added 2026/06/24 5:29 p.m.5 views

CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References3
cve
cve
added 2026/06/24 5:29 p.m.13 views

CVE-2026-48732

Warp prior to version 0.2026.05.06.15.42.stable_01 contains a command injection in the legacy SSH background command path: the remote working directory from the SSH session is embedded into a shell command without escaping, allowing an attacker-controlled path (host/repo/dir) to inject arbitrary ...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References2
nvd
nvd
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53018

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

0.00166EPSS
Exploits0References3
cve
cve
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53018

CVE-2026-53018 concerns the Linux kernel F2FS filesystem and memory management during garbage collection. The issue arises when a page that has already been written and marked uptodate is subsequently moved between block addresses during GC, leading to a VM_BUG_ON_FOLIO condition triggered by the...

5.7AI score0.00166EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/24 3:37 p.m.11 views

CVE-2026-52936

A flaw was found in the Linux kernel's jitterentropy cryptographic module. A long-held spinlock during entropy collection could cause parallel readers to stall. This issue allows a local attacker to trigger a Denial of Service DoS by causing contention for the shared lock, making the system...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
astralinux
astralinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount: Update lastgc only when garbage collection GC has been performed. Currently, lastgc is updated every time a new connection is tracked. This means it is updated even if no garbage collection was performed...

7.5CVSS6.4AI score0.00327EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconncount – increased the connection cleanup limit to 64. After the optimization to perform only one garbage collection per jiffy, a new problem emerged. If more than 8 new connections are tracked per jiffy, the list...

7.5CVSS5.7AI score0.00686EPSS
Exploits0References2
osv
osv
added 2026/06/24 2:5 p.m.11 views

MAL-2026-6396 Malicious code in signup-embedder (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c48f398f700b78d1893db4570d5d6f16985d937ee79677aab97e673a1cf86e7e [email protected] ships preinstall.js and postinstall.js lifecycle scripts that auto-execute on npm install. preinstall.js collects...

5.8AI score
Exploits0References3
Rows per page
Query Builder