Lucene search
K

1375 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.7 views

CVE-2026-43247

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

5.8AI score0.00121EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/06 11:28 a.m.46 views

CVE-2026-43247

CVE-2026-43247 affects the Linux kernel media driver for wave5 (chips-media). The issue causes a kernel panic triggered by an asynchronous SError interrupt when the system enters suspend mode due to an autosuspend delay timeout, leading to an unresponsive system (DoS-like impact). The vulnerabili...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/05 12:30 a.m.10 views

Hashicorp Boundary workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes

Boundary Community Edition and Boundary Enterprise "Boundary" workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...

7.5CVSS5.8AI score0.002EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/05/04 11:24 p.m.9 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the TLS handshake process. An attacker can cause worker connection handling to block by opening a connection to the authentication listener and delaying or withholding the client...

7.5CVSS5.8AI score0.002EPSS
Exploits0References2
NVD
NVD
added 2026/05/04 10:16 p.m.18 views

CVE-2026-7776

Boundary Community Edition and Boundary Enterprise “Boundary” workers are vulnerable to a denial-of-service condition during node enrollment TLS handshakes. An attacker with network access to the worker authentication listener may open a connection and delay or withhold the client certificate...

7.5CVSS0.002EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/01 12:0 a.m.4 views

Wireshark 2.0.x < 2.0.8 Multiple Vulnerabilities

The version of Wireshark installed on the remote Windows host is prior to 2.0.8. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-2.0.8 advisory. - In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion,...

5.9CVSS6AI score0.01717EPSS
Exploits0References13
Fedora
Fedora
added 2026/04/25 1:53 a.m.8 views

[SECURITY] Fedora 44 Update: libcgif-0.5.3-1.fc44

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

5.3CVSS4.8AI score0.00492EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.6 views

PT-2026-35063

Name of the Vulnerable Software and Affected Versions 4ga Boards versions prior to 3.3.5 Description 4ga Boards is a boards system for realtime project management. The software allows user enumeration through a timing side-channel in the login endpoint '/api/access-tokens'. The server responds...

5.3CVSS5.2AI score0.00197EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/23 1:24 a.m.9 views

SUSE CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS5.8AI score0.00371EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 1:54 p.m.31 views

CVE-2026-31501 net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path cppi5hdescgetpsdata returns a pointer into the CPPI descriptor. In both emacrxpacket and emacrxpacketzc, the descriptor is freed via k3cppidescpoolfree befor...

9.8CVSS0.00379EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 12:44 a.m.3 views

CVE-2026-39396

OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, ExtractPluginFromImage in OpenBao's OCI plugin downloader extracts a plugin binary from a container image by streaming decompressed tar data via io.Copy with no upper bound on the number of bytes written. ...

3.1CVSS5.8AI score0.00218EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/16 11:36 p.m.6 views

BIT-AUTHENTIK-2025-64708 authentik invitation expiry is delayed by at least 5 minutes

authentik is an open-source Identity Provider. Prior to versions 2025.8.5 and 2025.10.2, in previous authentik versions, invitations were considered valid regardless if they are expired or not, thus relying on background tasks to clean up expired ones. In a normal scenario this can take up to 5...

5.8CVSS7.2AI score0.00216EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/16 8:42 p.m.7 views

ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

Summary The password reset endpoint /api/v1/@apostrophecms/login/reset-request exhibits a measurable timing side channel that allows unauthenticated attackers to enumerate valid usernames and email addresses. When a user is not found, the handler returns after a fixed 2-second artificial delay, b...

3.7CVSS5.8AI score0.00365EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/04/16 8:42 p.m.12 views

GHSA-MJ7R-X3H3-7RMR ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

Summary The password reset endpoint /api/v1/@apostrophecms/login/reset-request exhibits a measurable timing side channel that allows unauthenticated attackers to enumerate valid usernames and email addresses. When a user is not found, the handler returns after a fixed 2-second artificial delay, b...

3.7CVSS5.8AI score0.00365EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2026/04/13 3:4 p.m.5 views

Security update for the Linux Kernel (Live Patch 72 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.272 fixes various security issues The following security issues were fixed: CVE-2023-53794: cifs: fix session state check in reconnect to avoid use-after-free issue bsc1255235. CVE-2025-39973: i40e: add validation for ringlen param...

8.7CVSS6.7AI score0.00204EPSS
Exploits0References28
Fedora
Fedora
added 2026/04/10 1:11 a.m.5 views

[SECURITY] Fedora 42 Update: libcgif-0.5.3-1.fc42

A fast and lightweight GIF encoder that can create GIF animations and images. Summary of the main features: - user-defined global or local color-palette with up to 256 colors limit of the GIF format - size-optimizations for GIF animations: - option to set a pixel to transparent if it has identica...

5.3CVSS5.8AI score0.00492EPSS
Exploits0
OSV
OSV
added 2026/03/24 7:18 p.m.5 views

GHSA-7789-65HX-F26W FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel

Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...

5.3CVSS5.9AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/24 7:18 p.m.7 views

FileBrowser Quantum has Username Enumeration via Authentication Timing Side-Channel

Summary The /api/auth/login authentication endpoint does not execute in constant time. When a non-existent username is supplied, the server returns a 401/403 response almost immediately. When a valid username is provided, the server performs a bcrypt password comparison, causing a measurable dela...

5.9AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.9 views

PT-2026-25723

Next Click Ventures RealtyScript 4.0.2 contains multiple time-based blind SQL injection vulnerabilities that allow unauthenticated attackers to extract database information by injecting SQL code into application parameters. Attackers can craft requests with time-delay payloads to infer database...

8.8CVSS6AI score0.00417EPSS
Exploits1References4
Oracle linux
Oracle linux
added 2026/03/08 12:0 a.m.6 views

Unbreakable Enterprise kernel security update

5.4.17-2136.353.3 - xfrm: flush all states in xfrmstatefini Sabrina Dubroca Orabug: 38934000 - xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added Sabrina Dubroca Orabug: 38934000 - Revert 'xfrm: destroy xfrmstate synchronously on net exit path' Sabrina Dubroca...

7.5AI score0.00517EPSS
Exploits3
Rows per page
Query Builder