Lucene search
+L

226 matches found

Cvelist
Cvelist
added 2026/07/08 1:48 p.m.30 views

CVE-2026-56250 Capgo - Arbitrary R2 Object Deletion via Mutable r2_path in app_versions

Capgo before 12.128.2 allows upload-scoped API keys to modify the mutable appversions.r2path field through PostgREST, enabling retargeting to arbitrary R2 bundle objects. Attackers can patch r2path to point to victim objects, soft-delete the attacker-controlled version, and trigger the...

8.7CVSS0.00258EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.16 views

The vulnerability of the ib_nl_handle_ip_res_resp() function in the drivers/infiniband/core/addr.c module of the Linux operating system’s kernel driver allows a attacker to cause a service failure.

The vulnerability of the ibnlhandleipresresp function in the drivers/infiniband/core/addr.c module of the Linux operating system’s kernel driver relates to access to an uninitialized pointer. Exploiting this vulnerability could allow a attacker to cause a service failure...

5.5CVSS6AI score0.00114EPSS
Exploits0References11Affected Software3
RedHat Linux
RedHat Linux
added 2026/07/07 9:25 p.m.4 views

kernel: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath

A flaw was found in the Linux kernel's CIFS Common Internet File System client. When the cifssanitizeprepath function processes specially crafted input, such as an empty string or a string containing only delimiters, it can attempt to read data beyond its allocated memory buffer. This out-of-boun...

8.8CVSS5.9AI score0.00352EPSS
Exploits0References5
OSV
OSV
added 2026/07/07 12:32 p.m.2 views

OPENSUSE-SU-2026:21248-1 Security update for jq

This update for jq fixes the following issues: - CVE-2025-48060: improper handling of string data in jvstringempty can lead to heap buffer overflow and a crash when processing crafted input bsc1244116. - CVE-2026-32316: integer overflow within the jvpstringappend and jvpstringcopyreplacebad...

8.7CVSS6.9AI score0.00559EPSS
Exploits10References22
OSV
OSV
added 2026/07/06 8:3 a.m.4 views

PYSEC-2026-946 TensorFlow vulnerable to `CHECK` fail in `Conv2DBackpropInput`

Impact When Conv2DBackpropInput receives empty outbackprop inputs e.g. 3, 1, 0, 1, the current CPU/GPU kernels CHECK fail one with dnnl, the other with cudnn. This can be used to trigger a denial of service attack. python import tensorflow as tf import numpy as np inputsizes = 3, 1, 1, 2 filter =...

5.9CVSS7.1AI score0.00411EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/07/02 4:6 p.m.36 views

CVE-2026-54886 SSH SFTP server denial of service via extended channel data infinite loop

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user to render an SFTP channel permanently unresponsive. The handledata/4 function in sshsftpd contains a catch-all clause that accepts channel data of any type. When...

5.3CVSS0.0033EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/07/01 8:5 a.m.7 views

Security update for apache2

This update for apache2 fixes the following issues CVE-2026-29167: modldap per-dir use-after-free bsc1267976. CVE-2026-29170: modproxyftp XSS bsc1267977. CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. CVE-2026-34356: malicious backend servers can lead to a heap-based buffer overflow...

9.2CVSS7.3AI score0.11471EPSS
Exploits8References52
Cvelist
Cvelist
added 2026/06/29 8:10 a.m.38 views

CVE-2026-9267

Eclipse tinydtls before commit b3efd41ad111a4920f599f51ffa4f5e9f1e72221 contains an out-of-bounds read vulnerability in the checkservercertificate function that allows unauthenticated attackers to trigger reads beyond valid buffer boundaries by crafting a Certificate handshake message with a...

6.9CVSS0.00173EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 4:35 p.m.3 views

GHSA-J9CW-HWQF-85W7 Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`

Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...

7.5CVSS5.8AI score0.0062EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:50 p.m.7 views

CVE-2026-54297

Faraday is an HTTP client library abstraction layer that provides a common interface over many adapters. From 1.0.0 until 1.10.6 and 2.14.3, Faraday::NestedParamsEncoder, the default nested query parameter encoder/decoder in Faraday, decodes nested query strings without enforcing a maximum nestin...

7.5CVSS5.9AI score0.00391EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/24 12:3 p.m.5 views

RLSA-2026:28256 Moderate: opencryptoki security update

The opencryptoki packages contain version 2.11 of the PKCS11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor with the PKCS11 firmware loaded, the IBM eServer Cryptographic Accelerator FC 4960 ...

6.8CVSS5.9AI score0.0016EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.10 views

CVE-2026-48142

A flaw was found in NGINX. Remote, unauthenticated attackers can exploit a vulnerability in the ngxhttpcharsetmodule when specific charset configurations are present. This can lead to a heap buffer over-read, potentially causing limited disclosure of memory or a denial of service by restarting th...

6.3CVSS6AI score0.00398EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 6:17 p.m.9 views

CVE-2025-61024

An issue in the sqlotryinloop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

7.5CVSS0.0035EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 8:51 a.m.4 views

SUSE-SU-2026:2444-1 Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues Update to version 4.4.7: - CVE-2023-6601: HLS Unsafe File Extension Bypass bsc1220545. - CVE-2024-35366: FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parseoptions function of sbgdec.c within the libavformat module. When...

9.8CVSS6.3AI score0.00715EPSS
Exploits3References20
OSV
OSV
added 2026/06/17 8:37 a.m.3 views

OPENSUSE-SU-2026:20974-1 Security update for libheif

This update for libheif fixes the following issues Update to 1.23.0: - CVE-2025-68431: heap buffer over-read in HeifPixelImage: overlay via crafted HEIF that exercises the overlay image item bsc1255735. - CVE-2026-3949: manipulation of the argument size of a malicious frame can lead to...

8.8CVSS7.4AI score0.00514EPSS
Exploits6References45
RedHat Linux
RedHat Linux
added 2026/06/16 12:18 p.m.7 views

postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write

A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...

8.8CVSS6AI score0.00668EPSS
Exploits0References5
AlmaLinux
AlmaLinux
added 2026/06/10 12:0 a.m.12 views

Important: mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: httpd: HTTP/2: Remote Denial of Service via compression bomb and Slowloris-style attack CVE-2026-49975 For more details about the security issues, including the impact, a...

7.5CVSS5.5AI score0.11471EPSS
Exploits8References4
Cvelist
Cvelist
added 2026/06/08 3:26 p.m.145 views

CVE-2026-49975 Apache HTTP Server: mod_http2 denial of service

Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's modhttp leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 through 2.4.67...

0.11471EPSS
Exploits8References1
OSV
OSV
added 2026/05/26 1:55 a.m.11 views

MGASA-2026-0153 Updated ffmpeg packages fix security vulnerabilities

An out-of-bounds read in the readglobalparam function libavcodec/av1dec.c of FFmpeg v8.0.1 allows attackers to cause a Denial of Service DoS via a crafted input. CVE-2026-30997 FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC Common Encryption subsample data to...

9.8CVSS5.9AI score0.00337EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/05/25 6:4 p.m.17 views

CVE-2026-9256

A flaw was found in the ngxhttprewritemodule module of NGINX. When a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures and a replacement string that references multiple such captures in a redirect or arguments context, an...

9.2CVSS6.3AI score0.04261EPSS
Exploits3References4
Rows per page
Query Builder