Lucene search
K

74049 matches found

NVD
NVD
added 2026/03/23 7:16 p.m.4 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS0.00417EPSS
Exploits1References4
NVD
NVD
added 2026/03/23 7:16 p.m.6 views

CVE-2025-15606

A Denial-of-Service DoS vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption,...

7.5CVSS0.00292EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/03/23 7:16 p.m.3 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS7.1AI score0.00417EPSS
Exploits1References5
OSV
OSV
added 2026/03/23 6:53 p.m.9 views

CVE-2026-26209 cbor2 has a Denial of Service via Uncontrolled Recursion in cbor2.loads

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS5.9AI score0.00417EPSS
Exploits1References6
Debian CVE
Debian CVE
added 2026/03/23 6:53 p.m.6 views

CVE-2026-26209

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Versions prior to 5.9.0 are vulnerable to a Denial of Service DoS attack caused by uncontrolled recursion when decoding deeply nested CBOR structures. This vulnerability affects both the...

7.5CVSS7.3AI score0.00417EPSS
Exploits1
OSV
OSV
added 2026/03/23 6:43 p.m.6 views

CVE-2026-33688 AVideo has Pre-Captcha User Enumeration and Account Status Disclosure in Password Recovery Endpoint

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the password recovery endpoint at objects/userRecoverPass.php performs user existence and account status checks before validating the captcha. This allows an unauthenticated attacker to enumerate valid usernames a...

5.3CVSS5.8AI score0.00278EPSS
Exploits1References4
OSV
OSV
added 2026/03/23 6:14 p.m.5 views

GO-2026-4763 free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error in github.com/free5gc/udm

free5GC UDM vulnerable to null byte injection in URL path parameters causing 500 Internal Server Error in github.com/free5gc/udm...

8.7CVSS5.8AI score0.00354EPSS
Exploits0References4
OSV
OSV
added 2026/03/23 6:14 p.m.5 views

GO-2026-4755 free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques in github.com/free5gc/udm

free5GC UDM incorrectly returns 500 for empty supi path parameter in PATCH sdm-subscriptions reques in github.com/free5gc/udm...

8.7CVSS5.8AI score0.00321EPSS
Exploits1References4
Snyk
Snyk
added 2026/03/23 6:14 p.m.3 views

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure in the supi path parameter handling process. An attacker can cause the service to return a 500 Internal Server Error by sending a PATCH request to the sdm-subscriptions endpoint with an empty supi path parameter...

8.7CVSS5.9AI score0.00321EPSS
Exploits1References3
Snyk
Snyk
added 2026/03/23 6:14 p.m.2 views

Improper Neutralization of Null Byte or NUL Character

Overview Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character via the URL path parameter handling process. An attacker can cause the application to return a 500 Internal Server Error by injecting a null byte into the URL path parameter...

8.7CVSS5.9AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2026/03/23 6:14 p.m.3 views

GO-2026-4728 Tillitis TKey Client has an Error in Protocol Implementation in github.com/tillitis/tkeyclient

Tillitis TKey Client has an Error in Protocol Implementation in github.com/tillitis/tkeyclient...

4.7CVSS5.8AI score0.00246EPSS
Exploits1References4
OSV
OSV
added 2026/03/23 6:14 p.m.4 views

GO-2026-4744 Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server

Mattermost fails to use consistent error responses when handling the /mute command in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/03/23 5:49 p.m.4 views

Valkey: Valkey: Data tampering and denial of service via improper null character handling in Lua scripts

A flaw was found in Valkey, a distributed key-value database. A malicious user can exploit this vulnerability by using scripting commands to inject arbitrary information into the response stream. This is caused by improper handling of null characters in the error handling code for Lua scripts...

8.5CVSS6AI score0.00586EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/23 5:44 p.m.5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7AI score0.00459EPSS
Exploits2References8
SUSE Linux
SUSE Linux
added 2026/03/23 5:8 p.m.8 views

Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2023-53781: smc: Fix use-after-free in tcpwritetimerhandl...

8.7CVSS6AI score0.00278EPSS
Exploits0References40
OSV
OSV
added 2026/03/23 5:8 p.m.3 views

SUSE-SU-2026:0983-1 Security update for the Linux Kernel (Live Patch 37 for SUSE Linux Enterprise 15 SP4)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.153 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2023-53781: smc: Fix use-after-free in...

7.8CVSS7AI score0.00278EPSS
Exploits0References21
SUSE Linux
SUSE Linux
added 2026/03/23 2:4 p.m.2 views

Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. CVE-2022-50756: nvme-pci: fix mempool alloc size bsc1256217...

8.7CVSS6.7AI score0.00206EPSS
Exploits0References24
OSV
OSV
added 2026/03/23 2:4 p.m.2 views

SUSE-SU-2026:0967-1 Security update for the Linux Kernel (Live Patch 76 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.290 fixes various security issues The following security issues were fixed: - CVE-2022-50697: mrp: introduce active flags to prevent UAF when applicant uninit bsc1255595. - CVE-2022-50756: nvme-pci: fix mempool alloc size bsc1256217. -...

5.5CVSS6.7AI score0.00206EPSS
Exploits0References13
OSV
OSV
added 2026/03/23 1:8 p.m.4 views

USN-8115-1 pyopenssl vulnerabilities

It was discovered that pyOpenSSL incorrectly handled exceptions in the tlsextservername callback. This could result in connections being accepted after an exception, contrary to expectations. CVE-2026-27448 It was discovered that pyOpenSSL incorrectly handled the DTLS cookie generation callback. ...

9.8CVSS6AI score0.00704EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/23 12:30 p.m.2 views

Information Exposure

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Information Exposure in the identity-first login flow when Organizations are enabled. An attacker can obtain...

6.3CVSS5.3AI score0.00318EPSS
Exploits1References2
Rows per page
Query Builder