Lucene search
K

797 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

jackson-databind: Jackson-databind: Security bypass allows arbitrary code execution

A flaw was found in jackson-databind, a library used for processing data. This vulnerability allows an attacker to bypass security controls designed to validate data types. By sending specially crafted input, an attacker can force the system to process untrusted data, which may lead to the...

8.1CVSS6AI score0.00695EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-6094

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data...

9.1CVSS6.2AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.14 views

PT-2026-53970

Name of the Vulnerable Software and Affected Versions IBM Business Automation Manager Open Editions versions 9.0.0 through 9.4.2 Description An XML external entity injection XXE occurs when processing XML data. This allows a remote attacker to expose sensitive information or consume memory...

9.1CVSS6AI score0.00406EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, a buffer overread could occur in the freerdpimagecopyfromicondata function libfreerdp/codec/color.c, due to malicious RDP window icon TSICONINFO data. This bug could be exploited over the network when a clie...

6.9CVSS6.2AI score0.00242EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 12:42 p.m.6 views

SUSE-SU-2026:22132-1 Security update for openssl-3

This update for openssl-3 fixes the following issues - CVE-2024-41996: DHEATATTACK: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE bsc1230698. - CVE-2026-7383:...

9.1CVSS6.9AI score0.02719EPSS
Exploits0References24
ATTACKERKB
ATTACKERKB
added 2026/06/04 2:34 p.m.8 views

CVE-2026-40930

LIBPNG is a reference library for use in applications that process PNG Portable Network Graphics raster image files. In version 1.8.0, three inter-frame chunk discard paths in the push-mode APNG parser clear the chunk-header flag without consuming the chunk body and CRC, allowing...

5.4CVSS5.8AI score0.00202EPSS
Exploits0References3Affected Software2
AlmaLinux
AlmaLinux
added 2026/06/01 12:0 a.m.13 views

Moderate: compat-openssl11 security update

The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases. Security Fixes: openssl: OpenSSL: Denial of Service due to NULL pointer...

7.5CVSS5.8AI score0.00805EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/29 9:14 p.m.11 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the decoding process. An attacker can cause application crashes or bypass memory allocation limits by supplying specially crafted Avro data that exploits integer arithmetic errors during decoding...

8.7CVSS5.8AI score0.00397EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 3:20 p.m.53 views

CVE-2026-44483 RVF: Prototype pollution in @rvf/set-get reachable via @rvf/core preprocessFormData (HTTP form data)

RVF formerly Remix Validated Form provides easy form validation and state management for React. From 6.0.0 to before 6.0.4 and 7.0.2, setPath in @rvf/set-get used by @rvf/core to flatten incoming form data into a nested object does not block the keys proto, constructor, or prototype when walking ...

8.2CVSS0.00271EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fixed possible out-of-bounds accesses to addldescptr. Sanitized possible out-of-bounds accesses to addldescptr in sesenclosuredataprocess...

5.9AI score0.00193EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm: fixed NULL dereferencing when uninstalling an interrupt. In cases of early initialization errors, and on platforms that do not use the DPU controller, the deinitialization code can be called with the kms pointer set t...

6.1AI score0.00175EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/19 2:28 p.m.97 views

cisco-hypershield

Ansible Collection: stevefulme1.ciscohypershield Ansible Col...

9.8CVSS7.5AI score0.83428EPSS
Exploits12
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40525

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution...

8.8CVSS6.3AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

zebra 安全漏洞

Zebra is an open-source Zcash implementation built using Rust by the Zcash Foundation. Versions of Zebra prior to 4.4.0 contained security vulnerabilities. These vulnerabilities stemmed from excessive buffer sizes allocated for multiple inbound deserialization paths, which could allow attackers t...

5.3CVSS5.9AI score0.00362EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/06 3:10 p.m.13 views

CVE-2026-43114

A flaw was found in the Linux kernel's netfilter component. This vulnerability, located in the nftsetpipapoavx2 functionality, is caused by incorrect data processing during AVX2 matching operations. This can lead to the system incorrectly identifying or matching network data entries within...

9.4CVSS5.8AI score0.00356EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 9:31 a.m.6 views

EUVD-2026-27231

A race condition exists in PaperCut MF when processing badge-swipe data from certain HP multifunction devices. Under specific network conditions involving dropped packets and out-of-order sequence counters, the server may incorrectly process fragmented data chunks. If a sequence reset notificatio...

4.1CVSS5.8AI score0.00228EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/16 9:30 p.m.8 views

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +599 more potentially affected by CVE-2026-41313 via pypdf (>=3.10.0 <=6.10.1)

pypdf PYPI version =3.10.0, =0.1.1, =0.8.1, =0.9.1, =0.2.0, =0.0.2, =0.0.1, =0.0.1, =0.2.0, =0.1.4, =0.1.0a0.dev0, =1.1.3 and more Source cves: CVE-2026-41313 Source advisory: OSV:GHSA-4PXV-J86V-MHCW...

6.5CVSS5.7AI score0.00214EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/08 7:55 p.m.1 views

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS6AI score0.00463EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/08 7:55 p.m.20 views

CVE-2026-39863 Kamailio Core: TCP Data Processing Vulnerability

Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio formerly OpenSER and SER allows remote attackers to cause a denial of service process crash via a specially crafted data packet sent over TCP. The...

7.5CVSS0.00463EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 7:55 p.m.50 views

CVE-2026-39863

CVE-2026-39863 affects the Kamailio core (formerly OpenSER/SER). Prior to versions 5.1.1, 6.0.6, and 5.8.8 , an out-of-bounds access in the core allows remote attackers to cause a denial of service via a specially crafted data packet sent over TCP. Impact is on Kamailio instances with TCP or TLS ...

7.5CVSS6AI score0.00463EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder