Lucene search
+L

600 matches found

CVE
CVE
added 2026/07/01 1:32 p.m.24 views

CVE-2026-53336

CVE-2026-53336 (nvmem: layouts: onie-tlv) : A Linux kernel vulnerability where the nvmem onie-tlv parser could hang when encountering an unknown vendor-specific entry type (example 0x41) in EEPROM. The root cause was an endless loop in the parser. The published fix increments the offset for unkno...

5.8AI score0.00156EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/11 6:59 p.m.11 views

CVE-2026-45802 FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

6CVSS5.3AI score0.00259EPSS
Exploits0References3
RubySec
RubySec
added 2026/06/04 12:0 a.m.4 views

Memory exhaustion in HTTP header parser

Impact If this library is used to implement a WebSocket server on top of a TCP server rather than an HTTP server or framework using the WebSocket::Driver.server method, or, if it is used to complement a WebSocket client, then a peer can make a single connection consume an unbounded amount of memo...

6.3CVSS6AI score
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:7 a.m.9 views

ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

...

7.1CVSS5.4AI score0.00128EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.10 views

SUSE CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46146

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to valida...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 9:9 p.m.11 views

CVE-2026-46177

A flaw was found in the Linux kernel's Intelligent Platform Management Interface IPMI driver. This vulnerability allows a malfunctioning Baseboard Management Controller BMC to cause the IPMI driver to continuously fetch events and messages, or become stuck if the attention bit remains active. Thi...

7.5CVSS5.8AI score0.00501EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 9:36 a.m.11 views

EUVD-2026-32773

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.8AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 9:36 a.m.28 views

CVE-2026-46146

CVE-2026-46146 affects the Linux kernel's ALSA USB audio stack, specifically the convert_chmap_v3() routine. A loop uses cs_desc->wLength for increment but this value isn’t validated, allowing a potential endless loop with malformed descriptors. The issue is resolved by adding a proper size ch...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.15 views

CVE-2026-46146

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.34 views

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 9:36 a.m.2 views

CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3()

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convertchmapv3 The convertchmapv3 has a loop with its increment size of csdesc-wLength, but we forgot to validate csdesc-wLength itself, which may lead to potential endless loop by...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.23 views

PT-2026-44269

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the ALSA usb-audio component within the convert chmap v3 function. The function contains a loop that uses the cs desc-wLength variable to determine the increment size...

9.8CVSS6AI score0.03663EPSS
Exploits11References293
NVD
NVD
added 2026/05/27 7:16 a.m.21 views

CVE-2026-8703

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 5:31 a.m.38 views

CVE-2026-8703 Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 5:31 a.m.31 views

CVE-2026-8703

The CVE-2026-8703 entry concerns the WordPress Endless Scroll plugin (versions up to and including 1.0.0). It describes a Stored Cross‑Site Scripting flaw caused by insufficient input sanitization and output escaping in Shortcode Attributes. The impact stated is that authenticated attackers with ...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.11 views

CVE-2026-8703 Endless Scroll <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')]

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS6AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

WordPress plugin Endless Scroll 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43503

The Endless Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access a...

6.4CVSS6AI score0.00187EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/05/26 5:21 p.m.14 views

WordPress Endless Scroll plugin <= 1.0.0 - [Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')] vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability discovered by MAJidox in WordPress Plugin Endless Scroll versions = 1.0.0...

6.4CVSS5.8AI score0.00187EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder