Lucene search
+L

1820 matches found

NVD
NVD
added 2 hours ago3 views

CVE-2026-63890

In the Linux kernel, the following vulnerability has been resolved: scsi: fcoe: Reject FIP descriptors with zero fipdlen in CVL walker drivers/scsi/fcoe/fcoectlr.c::fcoectlrrecvclrvlink advanced the descriptor cursor by an attacker-supplied fipdlen without ever requiring dlen = sizeofstruct fipde...

Exploits0References8
EUVD
EUVD
added 2 hours ago6 views

EUVD-2026-45543

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add missing bits in airohaqdmacleanuptxqueue Similar to airohaqdmacleanuprxqueue, reset DMA TX descriptors in airohaqdmacleanuptxqueue routine. Moreover, reset TXDMAIDX to TXCPUIDX to notify the NIC the QDMA TX ring ...

5.3AI score
Exploits0References4
Cvelist
Cvelist
added 3 hours ago4 views

CVE-2026-63962 usb: typec: tcpm: bound altmode_desc[] per iteration in svdm_consume_modes()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: bound altmodedesc per iteration in svdmconsumemodes svdmconsumemodes checks pmdata-altmodes against the array size once before the loop over the count, but forgot to check the bound at every point in the loop. I...

Exploits0References4
CVE
CVE
added 3 hours ago4 views

CVE-2026-63890

The CVE-2026-63890 entry describes a Linux kernel vulnerability in the SCSI FCoE CVL walker where an unauthenticated L2 peer can hang fcoe_ctlr_recv_work on fcoe, qedf, or bnx2fc initiators by sending a CVL frame with a non‑critical descriptor (fip_dtype >= 128) and fip_dlen == 0. The issue ar...

5.4AI score
Exploits0References8
Cvelist
Cvelist
added 4 hours ago6 views

CVE-2026-63859 net: airoha: Add missing bits in airoha_qdma_cleanup_tx_queue()

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add missing bits in airohaqdmacleanuptxqueue Similar to airohaqdmacleanuprxqueue, reset DMA TX descriptors in airohaqdmacleanuptxqueue routine. Moreover, reset TXDMAIDX to TXCPUIDX to notify the NIC the QDMA TX ring ...

Exploits0References3
CVE
CVE
added 4 hours ago7 views

CVE-2026-63859

CVE-2026-63859 pertains to the Linux kernel driver for the airoha QDMA path. The fix adds missing steps in the airoha_qdma_cleanup_tx_queue() routine: it now resets DMA TX descriptors and sets TX_DMA_IDX to TX_CPU_IDX to signal that the QDMA TX ring is empty, mirroring the existing airoha_qdma_cl...

5.3AI score
Exploits0References3
NVD
NVD
added 5 days ago5 views

CVE-2026-47478

NVIDIA Triton Inference Server for Linux contains a vulnerability where an attacker can cause the use of an expired file descriptor. A successful exploit of this vulnerability might lead to denial of service...

7.5CVSS0.00301EPSS
Exploits0References2
OSV
OSV
added 5 days ago3 views

JLSEC-2026-666 libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in...

libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parseiadarray in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed USB descriptor whose bLength equals size minus one, causing the bounds check to use the original buffer...

5.5CVSS6.2AI score0.0013EPSS
Exploits0References7
NVD
NVD
added 2026/07/09 4:16 p.m.6 views

CVE-2025-27464

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/09 2:49 p.m.6 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 2:35 p.m.55 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/09 2:29 p.m.36 views

CVE-2025-27463 WinPVDrivers: Excessive permissions on user-exposed devices

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/08 7:30 a.m.7 views

CVE-2026-54786

A flaw was found in Wasmtime, a runtime for WebAssembly. Its native implementation of WASIp1, a system interface for WebAssembly, contains a resource leak in the fdrenumber function. A malicious guest program can repeatedly call this function, causing the host system to exhaust its file descripto...

5CVSS5.9AI score0.00217EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 6:28 a.m.5 views

OESA-2026-2861 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A vulnerability, which was classified as critical, has been found in QEMU Virtualization Software version unknown.Using CWE to declare the problem leads to CWE-190. The product performs a...

6.7CVSS6AI score0.00122EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-45740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding...

7.5CVSS6AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 9:17 p.m.10 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

5CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 8:12 p.m.42 views

CVE-2026-54786 Wasmtime: Leak in WASIp1 `fd_renumber` implementation

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

2.3CVSS0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 8:12 p.m.6 views

CVE-2026-54786

Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...

2.3CVSS5.7AI score0.00217EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54848

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.10 Wasmtime versions 25.0.0 through 36.0.10 Wasmtime versions 37.0.0 through 44.0.2 Wasmtime versions 45.0.0 through 45.1 Description A resource leak exists in the native implementation of WASIp1 within the fd...

5CVSS5.8AI score0.00217EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-53087

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not adde...

7.5CVSS6.1AI score0.00376EPSS
Exploits0References2
Rows per page
Query Builder