Lucene search
K

280 matches found

OSV
OSV
added 2026/07/06 6:31 a.m.6 views

OESA-2026-2874 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...

5.3CVSS4.9AI score0.00388EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: scsi: core: There is a race condition where the error handler is only awakened when the last running command completes or times out. The order of execution of marking commands—either completed or failed—is not properly ordered...

4.7CVSS6AI score0.00096EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/12 12:0 a.m.6 views

CVE-2026-12893

gstreamer1-libav: gstreamer1-libav: NULL pointer dereference in gstavdemux.c error handler...

5.9AI score
Exploits0
OSV
OSV
added 2026/05/28 5:4 p.m.17 views

GHSA-5WRP-CWCJ-Q835 opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/28 5:4 p.m.15 views

opentelemetry-go's baggage parsing no longer caps raw header length

Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes Parse to process arbitrarily large/invalid baggage headers and log errors, enabling DoS via oversized inputs. Details The commit removes the upfront baggage-string length check and the...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References4Affected Software2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fixed improper pointer dereferencing when the error handler kthread is invalid. The commit 66a834d09293 “scsi: core: Fixed error handling of scsihostalloc” changed the allocation logic to call putdevice to perform hos...

5.5CVSS6AI score0.0024EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in cups-filters

“cups-filters” contains backends, filters, and other software necessary to enable the “cups” printing service on operating systems other than macOS. If you use the “Backend Error Handler” beh to create an accessible network printer, this security vulnerability could lead to remote code execution...

8.8CVSS7.3AI score0.03697EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: DCCP: Fixed an out-of-bounds access in the DCCP error handler. There was a previous attempt to fix an out-of-bounds access in the DCCP error handlers, but that fix assumed that the error handlers only wanted to access the first 8...

5.9AI score0.00207EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 12:31 a.m.14 views

@ai-sdk/provider-utils has an Uncontrolled Resource Consumption issue

A vulnerability was determined in Vercel AI up to 3.0.97. The impacted element is the function createJsonResponseHandler/createJsonErrorResponseHandler of the file packages/provider-utils/src/response-handler.ts of the component provider-utils. This manipulation causes resource consumption. The...

6.5CVSS5.4AI score0.00561EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:24 p.m.8 views

CVE-2026-42552

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 7:24 p.m.17 views

CVE-2026-42552

Flight PHP core prior to version 3.18.1 exposes verbose error information via the Engine::_error() handler, including the exception message, code, and full stack trace with absolute filesystem paths, in HTTP 500 responses. This leads to leakage of internal paths, secrets embedded in messages, and...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:24 p.m.38 views

CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

7.5CVSS0.00335EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 7:24 p.m.3 views

CVE-2026-42552 Flight: Sensitive information disclosure via default error handler in flightphp/core

Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 9:39 p.m.10 views

GHSA-QRCH-52M5-VV85 Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/06 9:39 p.m.13 views

Flight vulnerable to sensitive information disclosure via default error handler

Summary The default error handler Engine::error writes the full exception message, exception code, and stack trace including absolute filesystem paths directly into the HTTP 500 response, with no debug gating. Production deployments leak internal paths, any secret interpolated into an exception...

7.5CVSS5.8AI score0.00335EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013168)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013168 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...

5.6AI score0.00207EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-012996)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-012996 advisory. In the Linux kernel, the following vulnerability has been resolved: dccp: Fix out of bounds access in DCCP error handler There was a previous attempt to fix an...

5.6AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2026/03/27 2:7 p.m.7 views

OESA-2026-1773 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...

5.3CVSS4.8AI score0.00388EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 10:49 p.m.24 views

CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

7.1CVSS0.00101EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 10:49 p.m.2 views

CVE-2025-20068

Improper input validation in the UEFI ImcErrorHandler module for some IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via...

7.1CVSS5.7AI score0.00101EPSS
Exploits0References1
Rows per page
Query Builder