Lucene search
K

3815 matches found

UbuntuCve
UbuntuCve
added 2026/05/14 5:16 p.m.14 views

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/14 4:38 p.m.48 views

CVE-2026-44348 PoDoFo: Double-free vulnerability in compute_hash_to_sign()

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS0.00096EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 4:38 p.m.10 views

EUVD-2026-30337

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/14 4:38 p.m.10 views

CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

2.5CVSS5.7AI score0.00096EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.8 views

CVE-2026-43993

JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...

8.2CVSS5.8AI score0.0023EPSS
Exploits0References1
Lenovo
Lenovo
added 2026/05/12 4:54 p.m.10 views

AMD Device Metrics Exporter (ROCm ecosystem) Vulnerability - Lenovo Support US

No description provided...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/12 4:29 p.m.15 views

CVE-2026-43993

CVE-2026-43993 : In JunoClaw’s WAVS bridge, the function computeDataVerify fetched agent-supplied URLs without validating the URL scheme, port, or resolved IP, enabling an SSRF vulnerability. Affected version range is prior to 0.x.y-security-1 . This could allow access to cloud-metadata and inter...

8.2CVSS5.8AI score0.0023EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.8 views

SUSE CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.7 views

JunoClaw 代码问题漏洞

JunoClaw is a decentralized AI proxy platform developed by Dragonmonk111. Versions of JunoClaw prior to 0.x.y-security-1 contained code vulnerabilities. These vulnerabilities stemmed from the computeDataVerify function in the WAVS bridge, which did not validate the protocol, port, or parse the IP...

8.2CVSS5.9AI score0.0023EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: transfig (UTSA-2026-017536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017536 advisory. An issue was discovered in fig2dev before 3.2.8.. A NULL pointer dereference exists in the function computeclosedspline located in transspline.c. It allows an attack...

5.5CVSS6.6AI score0.00949EPSS
Exploits1References4
Wolfi
Wolfi
added 2026/05/09 2:21 a.m.33 views

CVE-2026-33814 vulnerabilities

Vulnerabilities for packages: cass-operator, azure-service-operator, cert-manager-csi-driver, gatekeeper, node-feature-discovery, mesosphere-vsphere-csi, sonobuoy, cluster-autoscaler, k3s, task, external-secrets-operator, crossplane-provider-aws-route53, argo-cd, terraform-provider-azapi,...

7.5CVSS6.7AI score0.00781EPSS
Exploits0
EUVD
EUVD
added 2026/05/08 3:31 p.m.11 views

EUVD-2026-28605

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 2:16 p.m.9 views

CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

7.8CVSS0.00121EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.11 views

CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

7.8CVSS5.7AI score0.00121EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 2:16 p.m.12 views

UBUNTU-CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

8.4CVSS5.7AI score0.00121EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:26 p.m.6 views

CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

5.8AI score0.00121EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/08 12:31 a.m.9 views

OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/07 10:16 p.m.56 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 10:16 p.m.5 views

DEBIAN-CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 10:16 p.m.35 views

UBUNTU-CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References6
Rows per page
Query Builder