Lucene search
+L

154 matches found

osv
osv
added 2026/07/03 6:18 a.m.4 views

CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result the previous referrer string was erroneously...

7.5CVSS6.1AI score0.00652EPSS
Exploits1References5
attackerkb
attackerkb
added 2026/06/23 12:13 p.m.6 views

CVE-2026-56371

ImageMagick before 7.1.2-15 and 6.9.13-40 contains a memory leak in coders/txt.c when processing TXT files with texture attributes: the texture object allocated via ReadImage is not released when GetTypeMetrics fails, leaking memory each time a crafted TXT file with a texture attribute is process...

5.8AI score0.00257EPSS
Exploits0References3
mscve
mscve
added 2026/05/29 8:7 a.m.14 views

wifi: mac80211: remove station if connection prep fails

...

8.8CVSS5.4AI score0.00302EPSS
Exploits0
attackerkb
attackerkb
added 2026/05/28 3:7 p.m.9 views

CVE-2026-48524

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient.getsigningkey forces a fresh HTTP request to the JWKS endpoint for every JWT with an unknown kid value, with no rate limiting. Since kid comes from the unverified token header, an attacker can trigger unlimited...

3.7CVSS5.8AI score0.00222EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/05/28 10:16 a.m.22 views

CVE-2026-46125

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: remove station if connection prep fails If connection preparation fails for MLO connections, then the interface is completely reset to non-MLD. In this case, we must not keep the station since it's related to the...

8.8CVSS0.00302EPSS
Exploits0References19
euvd
euvd
added 2026/05/27 3:33 p.m.15 views

EUVD-2026-32354

In the Linux kernel, the following vulnerability has been resolved: md/raid1: fix memory leak in raid1run raid1run calls setupconf which registers a thread via mdregisterthread. If raid1setlimits fails, the previously registered thread is not unregistered, resulting in a memory leak of the mdthre...

5.8AI score0.00155EPSS
Exploits0References5
ubuntucve
ubuntucve
added 2026/05/27 12:0 a.m.15 views

CVE-2026-45899

In the Linux kernel, the following vulnerability has been resolved: ext4: drop extent cache when splitting extent fails When the split extent fails, we might leave some extents still being processed and return an error directly, which will result in stale extent entries remaining in the extent...

5.5CVSS6.1AI score0.0016EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ASoC: samsung: Fixed a refcount leak in ariesaudioprobe. The ofparsephandle function returns a node pointer with the refcount incremented; we should use ofnodeput on it when necessary. If extconfindedevbynode fails, it does not...

5.5CVSS6.1AI score0.00245EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/01 2:14 p.m.35 views

CVE-2026-31751 comedi: dt2815: add hardware detection to prevent crash

In the Linux kernel, the following vulnerability has been resolved: comedi: dt2815: add hardware detection to prevent crash The dt2815 driver crashes when attached to I/O ports without actual hardware present. This occurs because syzkaller or users can attach the driver to arbitrary I/O addresses...

0.00089EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/04/22 12:0 a.m.9 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the cp utility’s failure to properly handle the setuid and setgid bits when ownership retention fails. When copyin...

6.6CVSS5.8AI score0.00125EPSS
Exploits1References1
ubuntucve
ubuntucve
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23314

In the Linux kernel, the following vulnerability has been resolved: regulator: bq257xx: Fix device node reference leak in bq257xxregdtparsegpio In bq257xxregdtparsegpio, if fails to get subchild, it returns without calling ofnodeputchild, causing the device node reference leak...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References5
osv
osv
added 2026/03/12 8:39 a.m.4 views

BIT-ENVOY-2026-26330 Envoy global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly

Envoy is a high-performance edge/middle/service proxy. Prior to 1.37.1, 1.36.5, 1.35.8, and 1.34.13, At the rate limit filter, if the response phase limit with applyonstreamdone in the rate limit configuration is enabled and the response phase limit request fails directly, it may crash Envoy. Whe...

7.5CVSS5.7AI score0.00315EPSS
Exploits0References2
euvd
euvd
added 2026/03/10 6:31 p.m.5 views

EUVD-2026-10806

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
euvd
euvd
added 2026/03/10 6:31 p.m.8 views

EUVD-2026-10807

Envoy's global rate limit may crash when the response phase limit is enabled and the response phase request is failed directly...

5.3CVSS5.8AI score0.00315EPSS
Exploits0References1
osv
osv
added 2026/02/26 4:27 p.m.5 views

GO-2026-4539 Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2

Caddy mTLS authentication fails open in github.com/caddyserver/caddy/v2...

9.3CVSS5.4AI score0.00267EPSS
Exploits1References4
cvelist
cvelist
added 2026/02/14 4:27 p.m.29 views

CVE-2025-71220 smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe()

In the Linux kernel, the following vulnerability has been resolved: smb/server: call ksmbdsessionrpcclose on error path in createsmb2pipe When ksmbdiovpinrsp fails, we should call ksmbdsessionrpcclose...

0.0013EPSS
Exploits0References6
cvelist
cvelist
added 2025/12/30 12:8 p.m.25 views

CVE-2022-50825 usb: typec: wusb3801: fix fwnode refcount leak in wusb3801_probe()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: wusb3801: fix fwnode refcount leak in wusb3801probe I got the following report while doing fault injection test: OF: ERROR: memory leak, expected refcount 1 instead of 4, ofnodeget/ofnodeput unbalanced - destroy cset...

0.00222EPSS
Exploits0References3
debiancve
debiancve
added 2025/12/09 1:29 a.m.6 views

CVE-2022-50667

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix memory leak in vmwmksstataddioctl If the copy of the description string from userspace fails, then the page for the instance descriptor doesn't get freed before returning -EFAULT, which leads to a memleak...

5.1AI score0.00208EPSS
Exploits0
osv
osv
added 2025/10/14 9:6 p.m.4 views

MAL-2025-48427 Malicious code in batchw-test-common-config (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware af5e9b5b07a6f6f901ab96aa3b48d3b80dc1c0928d03c4cd4018422a15ced54b Any computer that has this package installed or running should be considered...

6.8AI score
Exploits0References1
nessus
nessus
added 2025/10/08 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53528

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix unsafe drain work queue code If createqp does not fully succeed it is possible...

5.5CVSS5.8AI score0.00134EPSS
Exploits0References3
Rows per page
Query Builder