Lucene search
K

1707 matches found

AlmaLinux
AlmaLinux
added 2026/04/20 12:0 a.m.8 views

Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution v...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References6
OSV
OSV
added 2026/04/18 12:7 p.m.7 views

RLSA-2026:8458 Important: freerdp security update

FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fixes: FreeRDP: FreeRDP: Heap buffer overflow allows arbitrary code execution v...

7.5CVSS6.6AI score0.00426EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/18 12:47 a.m.5 views

Improper Null Termination

Overview Affected versions of this package are vulnerable to Improper Null Termination due to improper null termination in the ptpunpackCanonFE function. An attacker can cause out-of-bounds reads by supplying crafted data that fills the filename buffer exactly, leading to unintended memory access...

3.5CVSS5.9AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/04/15 10:57 p.m.9 views

CLSA-2026-1776256710 binutils: Fix of CVE-2025-11082

CVE-2025-11082: Fix heap-based buffer overflow in bfdelfparseehframe triggered by crafted EH frame data; apply patches ea1a0737c769 and e4f355f13be...

7.8CVSS6.6AI score0.00234EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/14 12:3 a.m.4 views

CVE-2026-39417

MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of the workflow engine. MaxKB only restricts the referencing code path loading MCP config from the...

9.8CVSS6AI score0.00427EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/04/10 9:8 p.m.3 views

Prototype Pollution

Overview langsmith is a Client library to connect to the LangSmith Observability and Evaluation Platform. Affected versions of this package are vulnerable to Prototype Pollution via constructor.prototype in the baseAssignValue function. An attacker can modify the Object.prototype by supplying...

6.3CVSS6.4AI score0.00313EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-5507

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the...

4.1CVSS5.8AI score0.00172EPSS
Exploits0References3
OSV
OSV
added 2026/04/08 8:16 p.m.7 views

ALPINE-CVE-2026-39863

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References1
NVD
NVD
added 2026/04/08 8:16 p.m.2 views

CVE-2026-39863

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS0.00463EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/08 8:16 p.m.5 views

CVE-2026-39863

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS5.8AI score0.00463EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/08 7:55 p.m.4 views

EUVD-2026-20616

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS6AI score0.00463EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 7:55 p.m.48 views

CVE-2026-39863

CVE-2026-39863 affects the Kamailio core (formerly OpenSER/SER). Prior to versions 5.1.1, 6.0.6, and 5.8.8 , an out-of-bounds access in the core allows remote attackers to cause a denial of service via a specially crafted data packet sent over TCP. Impact is on Kamailio instances with TCP or TLS ...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/08 7:55 p.m.1 views

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS6AI score0.00463EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/08 7:55 p.m.2 views

CVE-2026-39863

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS5.4AI score0.00463EPSS
Exploits0
OSV
OSV
added 2026/04/07 10:16 p.m.4 views

DEBIAN-CVE-2026-28390

Issue summary: During processing of a crafted CMS EnvelopedData message with KeyTransportRecipientInfo a NULL pointer dereference can happen. Impact summary: Applications that process attacker-controlled CMS data may crash before authentication or cryptographic operations occur resulting in Denia...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/04 1:51 p.m.4 views

CVE-2018-25254

NICO-FTP 3.0.1.19 contains a structured exception handler buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending crafted FTP commands. Attackers can connect to the FTP service and send oversized data in response handlers to overwrite SEH pointers and...

9.8CVSS6.7AI score0.00914EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.6 views

SUSE CVE-2026-35537

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbitrary file write operations by unauthenticated attackers via crafted session data...

7.5CVSS5.9AI score0.00475EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/02 11:21 p.m.7 views

Cross-site Scripting (XSS)

Overview telejson is an A library for teleporting rich data to another place. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parse function. An attacker can execute arbitrary JavaScript code in the new Function context by supplying a crafted JSON payload...

4.2CVSS5.8AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/02 5:7 p.m.2 views

CVE-2026-34827 Rack: Algorithmic-Complexity DoS in Rack::Multipart::Parser

Rack is a modular Ruby web server interface. From versions 3.0.0.beta1 to before 3.1.21, and 3.2.0 to before 3.2.6, Rack::Multipart::Parserhandlemimehead parses quoted multipart parameters such as Content-Disposition: form-data; name="..." using repeated Stringindex searches combined with...

7.5CVSS5.8AI score0.00475EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 4:16 p.m.8 views

ALPINE-CVE-2026-34235

PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure SS data. Insufficient bounds checking on the payload...

9.1CVSS5.3AI score0.00405EPSS
Exploits0References1
Rows per page
Query Builder