Lucene search
K

1071 matches found

OSV
OSV
added 2026/06/05 12:4 p.m.10 views

RLSA-2026:22649 Important: php8.4 security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

8.2CVSS5.7AI score0.0078EPSS
Exploits1References7
Rockylinux
Rockylinux
added 2026/06/05 12:4 p.m.14 views

php8.4 security update

An update is available for php8.4. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list PHP is an HTML-embedded scripting language. PHP attempts to make it easy for...

9.1CVSS5.7AI score0.0078EPSS
Exploits1
NVD
NVD
added 2026/05/29 4:16 p.m.10 views

CVE-2018-25383

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

8.6CVSS0.00181EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.12 views

CVE-2018-25383 Free MP3 CD Ripper 2.8 Buffer Overflow SEH DEP Bypass

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

8.6CVSS6.5AI score0.00181EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/29 2:46 p.m.12 views

EUVD-2018-21905

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

8.6CVSS6.5AI score0.00181EPSS
Exploits0References3
CVE
CVE
added 2026/05/29 2:46 p.m.22 views

CVE-2018-25383

CVE-2018-25383 affects Free MP3 CD Ripper 2.8. The vulnerability is a stack-based buffer overflow in WMA file processing within the Convert function, allowing a local attacker to bypass DEP via SEH manipulation and execute arbitrary code (via a ROP chain and shellcode injection). The impact is lo...

8.6CVSS6.5AI score0.00181EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:7 a.m.8 views

ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

...

7.1CVSS5.4AI score0.00128EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-44861

Free MP3 CD Ripper 2.8 contains a stack-based buffer overflow vulnerability in WMA file processing that allows local attackers to bypass DEP protection via structured exception handling manipulation. Attackers can craft a malicious WMA file that triggers the overflow when loaded through the Conve...

8.6CVSS6.5AI score0.00181EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 6:39 p.m.13 views

CVE-2026-46146

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture usb-audio subsystem. This vulnerability exists in the convertchmapv3 function, where the csdesc-wLength value is not properly validated. A malicious actor could provide a specially crafted, malformed USB audio descripto...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 10:16 a.m.13 views

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.5CVSS0.00128EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.8 views

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.7AI score0.00128EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.14 views

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
NVD
NVD
added 2026/05/28 8:16 a.m.17 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS0.00258EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/28 6:41 a.m.39 views

CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS0.00258EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:41 a.m.10 views

CVE-2026-9806 Stored Cross-Site Scripting (XSS) in CTI Transmute Notification Panel via Malicious Convert Names

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 6:41 a.m.8 views

CVE-2026-9806

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 6:41 a.m.12 views

EUVD-2026-32728

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:41 a.m.22 views

CVE-2026-9806

CTI Transmute is affected by a stored XSS in the notification panel prior to the patched release. The issue occurs when notification messages include user-controlled convert names that are rendered via innerHTML without sanitization, allowing arbitrary JavaScript execution in the authenticated us...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...

9.8CVSS6AI score0.03663EPSS
Exploits11References293
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32270

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set EXT4GETBLOCKSCONVERT when splitting before submitting I/O When allocating blocks during within-EOF DIO and writeback with dioreadnolock enabled, EXT4GETBLOCKSPREIO was set to split an existing large unwritten...

5.8AI score0.00123EPSS
Exploits0References8
Rows per page
Query Builder