Lucene search
K

2729 matches found

OSV
OSV
added 2 days ago7 views

DEBIAN-CVE-2026-8927

When reusing a libcurl handle for sequential transfers driven by environment-variable proxy configuration, libcurl fails to clear the proxy authentication state between requests. Specifically, if the initial transfer authenticates against proxyA using Digest auth, a subsequent transfer routed...

5.9AI score0.0025EPSS
Exploits0References1
OSV
OSV
added 4 days ago2 views

DEBIAN-CVE-2026-53339

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...

5.7AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-13980

Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

DEBIAN-CVE-2026-13966

Inappropriate implementation in History in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.8AI score0.0023EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-13945

Insufficient policy enforcement in Extensions in Google Chrome on Linux prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform UI spoofing via a crafted Chrome Extension. Chromium security severity: Medium...

3.1CVSS5.8AI score0.00156EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-13869

Use after free in Device in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.0028EPSS
Exploits0References1
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-13860

Incorrect security UI in Autofill in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...

4.2CVSS5.8AI score0.00199EPSS
Exploits0References1
OSV
OSV
added 6 days ago5 views

DEBIAN-CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS5.9AI score0.00609EPSS
Exploits0References1
Debian
Debian
added 2026/06/28 2:13 p.m.9 views

[SECURITY] [DSA 6372-1] tor security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6372-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 28, 2026 https://www.debian.org/security/faq -...

5.8AI score
Exploits0
Debian
Debian
added 2026/06/27 9:29 a.m.7 views

[SECURITY] [DSA 6370-1] xorg-server security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6370-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 27, 2026 https://www.debian.org/security/faq -...

7.8CVSS5.8AI score0.00165EPSS
Exploits0
Debian
Debian
added 2026/06/25 6:21 p.m.6 views

[SECURITY] [DSA 6366-1] sogo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6366-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...

8.6CVSS5.7AI score0.00398EPSS
Exploits0
Debian
Debian
added 2026/06/25 6:20 p.m.12 views

[SECURITY] [DSA 6365-1] libssh2 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6365-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 25, 2026 https://www.debian.org/security/faq -...

9.2CVSS6AI score0.00732EPSS
Exploits10
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

DEBIAN-CVE-2026-53211

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftmetabridge: fix stale stack leak via IIFHWADDR register NFTMETABRIIIFHWADDR declares its destination register with len = ETHALEN 6 bytes, which the register-init tracking rounds up to two 32-bit registers 8 bytes...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

DEBIAN-CVE-2026-53199

In the Linux kernel, the following vulnerability has been resolved: hvnetvsc: use kmaplocalpage in netvsccopytosendbuf netvsccopytosendbuf copies page buffer entries into the VMBus send buffer using phystovirt on the entry PFN. Entries for the RNDIS header and the skb linear data come from...

7.5CVSS5.9AI score0.0053EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 7:17 p.m.3 views

DEBIAN-CVE-2026-13023

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

5.3CVSS5.9AI score0.00186EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 5:17 p.m.2 views

DEBIAN-CVE-2026-52950

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

7.8CVSS5.7AI score0.00132EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 5:17 p.m.3 views

DEBIAN-CVE-2026-56113

dhcpcd through 10.3.2, fixed in commit 5733d3c, contains a heap use-after-free vulnerability that allows unauthenticated same-link attackers to crash the daemon by sending a crafted DHCPv6 RENEW reply with RFC6603 OPTIONPDEXCLUDE and both preferred and valid lifetimes set to zero. Attackers actin...

6.5CVSS5.9AI score0.00175EPSS
Exploits0References1
OSV
OSV
added 2026/06/23 4:17 p.m.6 views

DEBIAN-CVE-2026-55767

Guzzle is an extensible PHP HTTP client. Prior to 7.12.1, CookieJar incorrectly accepts cookies with a dot-only Domain attribute and whitespace-padded variants. SetCookie::matchesDomain removes leading dots from the cookie domain, normalizing dot-only values to the empty string; SetCookie::valida...

5.8CVSS5.9AI score0.00111EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.4 views

Debian dsa-6362 : gir1.2-gst-plugins-bad-1.0 - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6362 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6362-1 [email protected] https://www.debian.org/securit...

7.1CVSS6.3AI score0.00307EPSS
Exploits0References8
OSV
OSV
added 2026/06/22 6:16 p.m.6 views

DEBIAN-CVE-2026-54278

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, during cleanup it is possible for a compressed request body to be decompressed into memory in one chunk. An attacker may be able to send a compressed payload in specific situations that could be...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References1
Rows per page
Query Builder