Lucene search
+L

1878 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2026-39572

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

2CVSS5.8AI score0.00175EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13318

A server-side request forgery SSRF flaw was found in KubeVirt's virt-api port-forward handler. When processing a port-forward request to a VirtualMachineInstance VMI, virt-api reads the target IP from vmi.Status.Interfaces0.IP and passes it directly to net.Dial without validation. For VMIs using...

6.4CVSS6AI score0.00149EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 10:17 p.m.9 views

CVE-2026-6325

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

7.5CVSS0.00175EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 10:14 p.m.11 views

EUVD-2026-31390

golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys...

9.1CVSS5.8AI score0.00525EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:14 p.m.5 views

GHSA-F5WC-C3C7-36MC golang.org/x/crypto doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS6AI score0.00525EPSS
Exploits0References30
Github Security Blog
Github Security Blog
added 2026/06/25 10:14 p.m.10 views

golang.org/x/crypto doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

9.1CVSS6AI score0.00525EPSS
Exploits0References30Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 9:4 p.m.9 views

CVE-2026-6325

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

7.5CVSS5.8AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 4:47 p.m.36 views

CVE-2026-55700 pnpm: stage download writes outside destination via manifest version traversal

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 4:47 p.m.21 views

CVE-2026-55700

pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/06/25 4:47 p.m.5 views

CVE-2026-55700 pnpm: stage download writes outside destination via manifest version traversal

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References4
EUVD
EUVD
added 2026/06/25 9:31 a.m.6 views

EUVD-2026-39188

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer before allowing the WooCommerce order parcel-locker destination to be updated, allowing unauthenticated attackers to silently redirect the shipping destination of any pending or...

7.5CVSS5.9AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.18 views

CVE-2026-53248

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airohametadatadstfree runs metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

8.8CVSS0.00391EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53247

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

9.8CVSS0.00507EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53212

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

7.8CVSS0.00125EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53247

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtkethsoc: Fix use-after-free in metadata dst teardown mtkfreedev calls metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

9.8CVSS5.7AI score0.00507EPSS
Exploits0References8
OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53212

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfttunnel: fix use-after-free on object destroy nfttunnelobjdestroy calls metadatadstfree which directly kfrees the metadatadst, ignoring the dstentry refcount. Packets that took a reference via dsthold in...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References11
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.8 views

CVE-2026-53248

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airohametadatadstfree runs metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

8.8CVSS5.7AI score0.00391EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:39 a.m.9 views

EUVD-2026-39199

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airohametadatadstfree runs metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

5.7AI score0.00391EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53248

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Fix use-after-free in metadata dst teardown airohametadatadstfree runs metadatadstfree which frees the metadatadst with kfree immediately, bypassing the RCU grace period. In the RX path, skbdstsetnoref sets a...

5.7AI score0.00391EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 8:39 a.m.13 views

CVE-2026-53248

In Linux kernel, the airoha net driver has a use-after-free in metadata_dst teardown (CVE-2026-53248). The airoha_metadata_dst_free() function frees the metadata_dst with kfree() immediately, bypassing the RCU grace period, while the RX path may hold a non-refcounted pointer from skb to the dst v...

8.8CVSS5.7AI score0.00391EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder