Lucene search
+L

734 matches found

Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-60185

Name of the Vulnerable Software and Affected Versions F5 BIG-IP affected versions not specified Description When an HTTP/2 profile is configured on a virtual server, specific undisclosed requests can lead to increased memory resource utilization. This data plane issue allows a remote,...

8.7CVSS5.2AI score0.00328EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-60045

Impact DNSIncoming. decode labels at offset recurses once per DNS-name compression pointer RFC 1035 §4.1.4. Pointer cycles and label counts were capped, but the chain length of unique forward pointers was not. A single 3 kB mDNS packet carrying 1500 chained pointers drives the recursion past...

6.5CVSS6.1AI score0.0023EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/08 3:44 p.m.5 views

CVE-2026-59880

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Immutable.Map and Immutable.Set keep keys that share the same 32-bit hash in a HashCollisionNode collision bucket that is scanned linearly, allowing an attacker who controls keys inserted into a Map, such a...

8.7CVSS6AI score0.0037EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/07/01 10:16 p.m.8 views

CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS0.0022EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:8 p.m.6 views

CVE-2026-54260

Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, an authenticated admin user can trigger expensive rendition processing with purposefully crafted filter specs resulting in potentially service degradation. The vulnerability is not...

4.3CVSS5.6AI score0.0022EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/07/01 9:8 p.m.29 views

CVE-2026-54260

CVE-2026-54260 affects Wagtail (Django-based CMS). In versions prior to 7.0.8, 7.3.3, and 7.4.2, an authenticated admin user can trigger expensive rendition processing via crafted filter specs in the image preview, leading to potential service degradation. This is not exploitable by anonymous vis...

4.3CVSS5.6AI score0.0022EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 12:8 a.m.10 views

CVE-2026-52983

A flaw was found in the Linux kernel's airoha network driver. This vulnerability stems from an inconsistent accounting of inflight packets in the transmit TX path, leading to a Byte Queue Limit BQL imbalance. This issue could potentially result in network performance degradation or a denial of...

7.5CVSS5.8AI score0.00451EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.14 views

SUSE SLES15 Security Update : unbound (SUSE-SU-2026:2369-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2369-1 advisory. This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278:...

10CVSS6.7AI score0.01272EPSS
Exploits0References34
SUSE Linux
SUSE Linux
added 2026/06/11 12:22 p.m.9 views

Security update for unbound

This update for unbound fixes the following issues CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. CVE-2026-40622: "Ghost domain name" variant bsc1265581. CVE-2026-41292: Parsing a long list of incoming...

8.6CVSS6.2AI score0.01272EPSS
Exploits0References44
OSV
OSV
added 2026/06/11 12:22 p.m.8 views

SUSE-SU-2026:2369-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: 'Ghost domain name' variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.2AI score0.01272EPSS
Exploits0References23
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.8 views

When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems

Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate...

5.6AI score
Exploits0
UbuntuCve
UbuntuCve
added 2026/06/09 12:0 a.m.3 views

CVE-2026-41850

Applications that evaluate user-supplied Spring Expression Language SpEL expressions are vulnerable to an Algorithmic Denial of Service DoS. By providing a specially crafted expression, an attacker can trigger excessive resource consumption during evaluation, leading to application degradation or...

7.5CVSS6.1AI score0.0036EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/08 7:15 p.m.11 views

CVE-2026-46295

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A race condition in the Advanced Programmable Interrupt Controller APIC interrupt handling can lead to an incorrect state during interrupt synchronization. This issue, occurring between a sender and target virtual...

5.5CVSS5.5AI score0.00112EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.15 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS5.5AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.17 views

CVE-2026-25659

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.14 views

CVE-2026-25657

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure CWE-228 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.13 views

CVE-2026-25658

Ericsson Packet Core Gateway PCG versions prior to 1.30 contain an Improper Handling of Missing Values CWE-230 vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers...

7.1CVSS5.4AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:30 p.m.11 views

CVE-2026-42534

A flaw was found in Unbound. An adversary who can query a vulnerable Unbound instance and control a slow or malicious domain name server can exploit a vulnerability in the jostle logic. This flaw allows retransmitted queries to renew the age of slow-running queries, preventing them from being...

7.5CVSS5.8AI score0.00519EPSS
Exploits0References4
NVD
NVD
added 2026/06/05 3:16 p.m.16 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS0.00165EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/05 1:44 p.m.8 views

CVE-2025-59174

Ericsson Packet Core Controller PCC versions prior to 1.39 contain a vulnerability where an attacker sending a large volume of specially crafted messages may cause service degradation...

7.1CVSS5.5AI score0.00165EPSS
Exploits0References2
Rows per page
Query Builder