Lucene search
K

899 matches found

EUVD
EUVD
added 5 days ago6 views

EUVD-2026-43032

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause an integer overflow and map two GPU virtual addresses to the same physical address. One of these virutal mappings can be freed along with the physical page, allowing for a read/write UAF via the...

6.1AI score0.00118EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 8:26 p.m.2 views

GHSA-63WG-WJJJ-7CP8 Zebra Address Book Aborted by IPv4-Mapped Mempool Misbehavior Update

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node listens on the default :: address on a Linux host the standard deployment configuration — net.ipv6.bindv6only=0 is the default on all common Linux distributions. 3. Your node is synced near the chain tip...

7.5CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.13 views

CVE-2026-47684

Sync-in Server is a secure, open-source platform for file storage, sharing, collaboration, and syncing. Prior to version 2.3.0, the private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed ...

7.7CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 2:20 p.m.38 views

CVE-2026-0647 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

An improper authentication security issue exists within the 1794-AENTR adapter's embedded web server. The vulnerability allows an unauthenticated attacker to change the device's web interface password by sending a crafted HTTP GET request to a specific endpoint, without any prior authentication...

8.8CVSS0.00435EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 2:19 p.m.34 views

CVE-2026-0646 Rockwell Automation FLEX I/O Dual-port EtherNet/IP Adapters – Multiple Vulnerabilities

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS0.00343EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/11 12:0 a.m.20 views

ViPER: Vision-Based Packing-Aware Encoder for Robust Malware Detection

Visualization-based malware detection maps raw binary bytes to grayscale images and applies learned visual classifiers, providing an evasion-resistant and disassembly-free alternative to conventional analysis pipelines. However, executable packing remains a critical failure mode: packed binaries...

5.4AI score
Exploits0
GithubExploit
GithubExploit
added 2026/06/09 11:0 a.m.60 views

openshell-sandbox-poc

OpenShell + Kata Containers: Dual-Protection PoC A proof-of-c...

7.8CVSS7.8AI score0.96267EPSS
Exploits230
EUVD
EUVD
added 2026/06/08 3:46 p.m.18 views

EUVD-2026-35159

In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during registration of the last two outputs. This out of bounds access occurs because space is only allocated in...

5.4AI score0.00126EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-5393

Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL...

9.1CVSS5.4AI score0.00194EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 4:34 p.m.24 views

GHSA-Q4X5-8CJ6-52WG Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...

7.7CVSS5.4AI score0.00221EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/05 4:34 p.m.16 views

Sync-in Server: SSRF protection bypass via IPv4-mapped IPv6 addresses in regExpPrivateIP

Summary: The private IP blocklist regex used in the URL download feature does not match IPv4-mapped IPv6 addresses e.g. ::ffff:127.0.0.1, allowing SSRF protection to be bypassed on dual-stack systems. Affected components backend/src/applications/files/services/files-manager.service.ts –...

7.7CVSS5.4AI score0.00221EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-46192

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself...

5.5CVSS6.2AI score0.00121EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.9 views

Don't Trust Us: A Privacy-By-Design Android Malware Detection Pipeline

Android malware detection increasingly relies on collecting and processing sensitive user data, including device identifiers, network artifacts, and runtime traces, while privacy is too often treated as a secondary concern. Existing privacy-aware approaches typically enforce privacy after data...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/31 12:0 a.m.11 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by the TRENDnet company. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability arises from the operation of the formPortFw function in the file/goform/formPortFw, where the parameter servername caus...

9CVSS7.7AI score0.00463EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.11 views

SUSE CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 9:9 p.m.11 views

CVE-2026-46192

A flaw was found in the Linux kernel's spi: microchip-core-qspi driver. This vulnerability allows the driver to transmit data during emulated read-only dual or quad operations, which are specific modes for communicating with Quad Serial Peripheral Interface QSPI devices. This unintended data...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 10:16 a.m.13 views

CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 10:16 a.m.8 views

UBUNTU-CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.11 views

CVE-2026-46192

In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads by creating clock cycles itself, there's no need to generate clock cycles by transmitting garbage da...

5.5CVSS5.7AI score0.00121EPSS
Exploits0
CVE
CVE
added 2026/05/28 9:36 a.m.24 views

CVE-2026-46192

CVE-2026-46192 concerns the Linux kernel spi: microchip-core-qspi driver, where transmitting garbage data during emulated read-only dual/quad operations could brick the QSPI transfer. The issue was resolved in the kernel, with reads handled by the core via clock cycles, removing the need to emit ...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder