Lucene search
K

563 matches found

Redos
Redos
added 2026/01/29 12:0 a.m.7 views

ROS-20260129-73-0074

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

7.5CVSS5.9AI score0.99999EPSS
Exploits19
UbuntuCve
UbuntuCve
added 2026/01/27 10:15 p.m.6 views

CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

7.8CVSS6.3AI score0.00343EPSS
Exploits0References8
OSV
OSV
added 2026/01/27 10:15 p.m.4 views

UBUNTU-CVE-2026-24765

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

7.8CVSS6.5AI score0.00343EPSS
Exploits0References9
NVD
NVD
added 2026/01/27 12:15 p.m.6 views

CVE-2025-12387

A vulnerability in the Pix-Link LV-WR21Q router's language module allows remote attackers to trigger a denial of service DoS by sending a specially crafted HTTP POST request containing non-existing language parameter. This renders the server unable to serve correct lang.js file, which causes...

6.9CVSS0.00659EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/01/26 12:24 a.m.6 views

SUSE CVE-2026-22999

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

7CVSS5.2AI score0.00204EPSS
Exploits0References125
UbuntuCve
UbuntuCve
added 2026/01/25 3:15 p.m.4 views

CVE-2026-22999

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

7.8CVSS5.9AI score0.00204EPSS
Exploits0References24
CVE
CVE
added 2026/01/25 2:36 p.m.53 views

CVE-2026-22999

CVE-2026-22999 is addressed by fixes in the Linux kernel's net/sched code: sch_qfq now avoids freeing an existing class in qfq_change_class() unless a new class and qdisc are allocated, preventing potential use-after-free (UAF). The Ubuntu/Ubuntu USN and SUSE SUSE-SU-2026:1305-1 advisories list t...

7.8CVSS5.2AI score0.00204EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/01/25 2:36 p.m.5 views

CVE-2026-22999 net/sched: sch_qfq: do not free existing class in qfq_change_class()

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

7.8CVSS5.2AI score0.00204EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2026/01/25 2:36 p.m.6 views

CVE-2026-22999

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: do not free existing class in qfqchangeclass Fixes qfqchangeclass error case. cl-qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF...

7.8CVSS5.2AI score0.00204EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/21 3:27 p.m.6 views

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 2:50 p.m.4 views

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.5AI score0.00235EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/20 2:50 p.m.4 views

CVE-2025-54778

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3600

A reflected cross-site scripting xss vulnerability exists in the existingUser functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/01/12 2:5 a.m.5 views

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

8.2CVSS5.7AI score0.0038EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.22 views

PT-2026-8168

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 156 Description The Linux kernel contained a flaw in the net/mlx5e module related to Traffic Control TC steering flows. Specifically, the issue occurred during the deletion of TC steering flows, where the...

5.5CVSS6.4AI score0.00114EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-4661

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s networking scheduler, specifically within the sch qfq Stochastic Fairness Queueing component. The qfq change class function contains an error that can...

7.8CVSS6.8AI score0.00204EPSS
Exploits0
NVD
NVD
added 2025/12/17 11:16 p.m.9 views

CVE-2025-68143

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

8.8CVSS0.07822EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 10:9 p.m.7 views

CVE-2025-68143 mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

Model Context Protocol Servers is a collection of reference implementations for the model context protocol MCP. In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other too...

6.5CVSS6.8AI score0.07822EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/12/17 7:49 p.m.9 views

mcp-server-git's unrestricted git_init tool allows repository creation at arbitrary filesystem locations

In mcp-server-git versions prior to 2025.9.25, the gitinit tool accepted arbitrary filesystem paths and created Git repositories without validating the target location. Unlike other tools which required an existing repository, gitinit could operate on any directory accessible to the server proces...

8.8CVSS7AI score0.07822EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2025/12/11 9:15 p.m.6 views

CVE-2025-13663

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

6.7CVSS0.0008EPSS
Exploits0References1
Rows per page
Query Builder