Lucene search
K

1384 matches found

Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-39244

adm-zip before 0.5.18 is vulnerable to denial of service via a crafted ZIP file with a manipulated uncompressed size header field. In zipEntry.js line 103, Buffer.alloccentralHeader.size allocates memory based on the declared uncompressed size from the ZIP central directory header without...

0.00432EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

OpenSSH < 10.4 Multiple Vulnerabilities

The version of OpenSSH installed on the remote host is prior to 10.4. It is, therefore, affected by multiple vulnerabilities, including: - ssh in OpenSSH before 10.4 can have a use-after-free when a server changes its host key during a key re-exchange. This outcome occurs only on the client side...

9.4CVSS6.2AI score0.00407EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-60001

A flaw was found in OpenSSH's SSH daemon sshd. A remote attacker could exploit this vulnerability by repeatedly attempting authentication. The flaw allows the attacker to bypass the intended minimum authentication delay, which can facilitate brute-force attacks. This makes it easier for an attack...

6.5CVSS6AI score0.00265EPSS
Exploits0References6
OSV
OSV
added 2026/07/08 1:16 a.m.4 views

DEBIAN-CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2026/07/08 1:16 a.m.8 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS0.00265EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/08 12:16 a.m.8 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0
EUVD
EUVD
added 2026/07/08 12:16 a.m.8 views

EUVD-2026-42145

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:16 a.m.4 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 12:16 a.m.33 views

CVE-2026-60001

Technical details are not publicly available in the provided documents for CVE-2026-60001. Monitor for updates.

6.5CVSS5.9AI score0.00265EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/07/08 12:16 a.m.132 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS0.00265EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/07/08 12:16 a.m.6 views

CVE-2026-60001

sshd in OpenSSH before 10.4 does not always honor the minimum authentication delay...

6.5CVSS5.9AI score0.00265EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/07 8:36 a.m.36 views

CVE-2026-13199 Insufficient Entropy in Raspberry Pi 5 and Compute Module 5

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS0.00114EPSS
Exploits0References2
CVE
CVE
added 2026/07/07 8:36 a.m.16 views

CVE-2026-13199

CVE-2026-13199 affects Raspberry Pi 5 and Compute Module 5 EEPROM firmware. The issue is that the EEPROM produced non-random KASLR and RNG seed values, resulting in consistent kernel addresses across boots and devices. This may lower entropy and potentially ease exploitation of other vulnerabilit...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 5:24 p.m.7 views

CVE-2026-57959

Hi.Events through 1.9.0 contains a promo code validation vulnerability where reservation validates usage count before asynchronous UpdateEventStatisticsJob increments it, allowing attackers to redeem limited promo codes unlimited times. Attackers can sequentially reserve multiple orders with the...

8.2CVSS5.8AI score0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52901

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.2 OpenProject versions prior to 17.4.0 Description OpenProject exposes a document update endpoint used to modify existing documents. The system loads the target document with visibility checks, but...

4.3CVSS5.8AI score0.00201EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 1:16 p.m.21 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS0.00413EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 1:16 p.m.8 views

CVE-2026-40208

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame...

3.7CVSS0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:23 p.m.5 views

EUVD-2026-39350

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 12:23 p.m.2 views

CVE-2026-40211 Denial of service via crafted DoH3 queries

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/25 12:23 p.m.6 views

CVE-2026-40211

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memo...

5.3CVSS6.1AI score0.00413EPSS
Exploits0
Rows per page
Query Builder