Lucene search
K

8492 matches found

NVD
NVD
added 2026/06/25 9:16 a.m.14 views

CVE-2026-53132

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...

7.1CVSS0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53244

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39195

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

5.7AI score0.00359EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:39 a.m.12 views

CVE-2026-53244

CVE-2026-53244 concerns the Linux kernel NFSD component. When exporting a filesystem with the atomic_create hook, an error from atomic_create() could cause nfsd4_create_file() to fail unlocking the parent directory, risking resource exhaustion and potential DoS. The root cause is that dentry hand...

7.5CVSS5.7AI score0.00359EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.26 views

CVE-2026-53244 VFS: fix possible failure to unlock in nfsd4_create_file()

In the Linux kernel, the following vulnerability has been resolved: VFS: fix possible failure to unlock in nfsd4createfile atomiccreate in fs/namei.c drops the reference to the dentry when it returns an error. This behaviour was imported into dentrycreate so that it will drop the reference if an...

7.5CVSS0.00359EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53132

CVE-2026-53132 affects the Linux kernel vsock/virtio, where receiving zero-length packets with VIRTIO_VSOCK_SEQ_EOM could cause an unbounded skb queue growth, exhausting memory. The root cause is a miscalculation of backlog: vvs->rx_bytes + len > vvs->buf_alloc allows large queues when l...

7.1CVSS5.7AI score0.0014EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.33 views

CVE-2026-53132 vsock/virtio: fix potential unbounded skb queue

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...

7.1CVSS0.0014EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 7:40 a.m.3 views

BIT-PYTHON-MIN-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.2AI score0.00229EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52228

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock/virtio component where a potential unbounded skb socket buffer queue can occur. The virtio transport inc rx pkt function checks if vvs-rx bytes plus the pack...

7.1CVSS5.9AI score0.0014EPSS
Exploits0References13
OSV
OSV
added 2026/06/24 9:16 p.m.6 views

DEBIAN-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 9:16 p.m.4 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 8:29 p.m.10 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 8:29 p.m.19 views

CVE-2026-11998

CVE-2026-11998 affects AngularJS SCE (Strict Contextual Escaping) resource URLs. The flaw stems from the URL-matching logic using regular expressions, which can yield partial matches and bypass SCE policies, allowing unsafe values as resource URLs and potentially arbitrary JavaScript execution wi...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38879

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

5.7AI score0.00125EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53011

In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix use-after-free in advancesched on schedule switch In advancesched, when shouldchangeschedules returns true, switchschedules is called to promote the admin schedule to oper. switchschedules queues the old op...

7.8CVSS0.00125EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38947

In the Linux kernel, the following vulnerability has been resolved: netsched: fix skb memory leak in deferred qdisc drops When the network stack cleans up the deferred list via qdiscrunend, it operates on the root qdisc. If the root qdisc do not implement the TCQFDEQUEUEDROPS flag the packets que...

5.7AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53011

The CVE-2026-53011 issue affects the Linux kernel net/sched taprio code. In advance_sched(), when should_change_schedules() is true, switch_schedules() promotes the admin schedule to oper and queues the old oper for RCU freeing, but next may still point into the old oper. The subsequent end_time ...

7.8CVSS5.7AI score0.00125EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:28 p.m.10 views

CVE-2026-52964

The CVE-2026-52964 issue affects the Linux kernel ALSA usb-audio MIDI 2.0 endpoint parsing. The endpoint-descriptor walking logic validates bLength against bNumGrpTrmBlock but not the remaining bytes, allowing a malformed device to cause baAssoGrpTrmBlkID[] reads to read past the descriptor. The ...

5.7AI score0.00175EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: erofs: Proper handling of the end of the filesystem is required for file-backed mounts. I/O requests that extend beyond the end of the filesystem should be set to zero, similar to the behavior of loopback devices. This is what we...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ublk: Fix for deadlock when reading the partition table When a process such as udev opens the ublk block device to read the partition table using bdevopen, a deadlock can occur: 1. bdevopen grabs the disk-openmutex. 2. The proces...

5.5CVSS5.7AI score0.0012EPSS
Exploits0References2
Rows per page
Query Builder