Lucene search
K

90 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: A buffer overflow has been fixed in the liootargetnaclinfoshow function. The function liootargetnaclinfoshow uses sprintf within a loop to print details for each iSCSI connection in a session, without checkin...

7.8CVSS5.5AI score0.00156EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 9:32 p.m.10 views

EUVD-2026-37177

In lwisdeviceexternaleventemit of lwisevent.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00073EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.10 views

PT-2026-49801

In lwis device external event emit of lwis event.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.00073EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 6:9 p.m.12 views

Malicious code in events-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...

5.5AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.12 views

CVE-2026-8336

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
MongoDB
MongoDB
added 2026/05/13 12:16 a.m.8 views

Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/13 12:16 a.m.16 views

CVE-2026-8336

CVE-2026-8336 describes a post-authentication use-after-free in MongoDB Server related to $_internalJsEmit and mapreduce map function usage. According to the provided documents, when an authenticated user invokes these elements (with server-side JavaScript engine features such as $where, $functio...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 12:16 a.m.8 views

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS5.8AI score0.00255EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 12:16 a.m.54 views

CVE-2026-8336 Post-authentication use-after-free error in $_internalJsEmit and mapreduce commands

After invoking $internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way, an authenticated user can subsequently crash mongod when the server-side JavaScript engine through $where, $function, mapreduce reduce stage, etc. is used also in...

7.7CVSS0.00255EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.12 views

PT-2026-34392

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Use-After-Free UAF issue exists in the SPI subsystem. When a driver is probed via the driver attach function, the bus match callback is executed without holding the device lock. This...

7.8CVSS5.7AI score0.00132EPSS
Exploits0References119
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.5 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-006988)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006988 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function...

7.8CVSS6.1AI score0.00156EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006700)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006700 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in liotargetnaclinfoshow The function...

7.8CVSS6AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/03/17 4:16 a.m.2 views

CVE-2026-0708

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS0.00387EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/17 2:28 a.m.1 views

CVE-2026-0708

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References4
CVE
CVE
added 2026/03/17 2:28 a.m.70 views

CVE-2026-0708

CVE-2026-0708 (Libucl) describes a denial-of-service in libucl caused by a crafted UCL input containing a key with an embedded null byte. This can trigger a segmentation fault in ucl_object_emit during parsing/emitting, leading to DoS on affected systems. The CVSS base score is 8.3 ( HIGH ) with ...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/03/17 2:28 a.m.35 views

CVE-2026-0708 Libucl: libucl: denial of service via embedded null byte in ucl input

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the uclobjectemit function when parsing and emitting the...

8.3CVSS0.00387EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.7 views

libucl 安全漏洞

Libucl is a C-language general configuration library parser developed by Vsevolod Stakhov. Libucl has a security vulnerability. This vulnerability arises from the uclobjectemit function during parsing and emitting UCL inputs containing embedded null-byte keys, which may lead to a denial-of-servic...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/17 12:0 a.m.22 views

PT-2026-25869

A flaw was found in libucl. A remote attacker could exploit this by providing a specially crafted Universal Configuration Language UCL input that contains a key with an embedded null byte. This can cause a segmentation fault SEGV fault in the ucl object emit function when parsing and emitting the...

8.3CVSS5.8AI score0.00387EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/03 2:31 p.m.4 views

EUVD-2025-206734

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects Efficiency Management System: through 03022026. NOTE...

9.8CVSS5.6AI score0.00421EPSS
Exploits0References1
CVE
CVE
added 2026/02/03 2:31 p.m.9 views

CVE-2025-5319

CVE-2025-5319 affects Emit Informatics’ DIGITA Efficiency Management System (DIGITA EMS). Multiple connected sources describe an improper neutralization of special elements in SQL commands (SQL injection) as the root cause, with the DIGITA EMS affected through 03022026. The NVD/Red Hat records co...

9.8CVSS5.6AI score0.00421EPSS
Exploits0References2
Rows per page
Query Builder