Lucene search
+L

15 matches found

cve
cve
added 2026/06/25 9:6 p.m.19 views

CVE-2026-6092

CVE-2026-6092 describes a behavioural fallback issue when HAVE_ENCRYPT_THEN_MAC is configured: the implementation could fall back to MAC-then-Encrypt instead of Encrypt-then-MAC. The connected documents reiterate this description across multiple sources (NVD, ENISA EUVD, Debian security tracker, ...

5.3CVSS5.8AI score0.00209EPSS
Exploits0References2Affected Software1
susecve
susecve
added 2026/05/28 3:53 a.m.11 views

SUSE CVE-2026-46049

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Add fallback to default RSR for S/PDIF spdifpassthruplaybackgetresources uses atc-pllrate as the RSR for the MSR calculation loop. However, pllrate is only updated in atcpllinit and not in hwpllinit, so it remains 0...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/26 8:0 p.m.8 views

CVE-2026-44449

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...

9.1CVSS6AI score0.00451EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/03/03 11:19 p.m.2 views

GHSA-2CH6-X3G4-7759 OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From

Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...

7.1CVSS5.9AI score
Exploits0References3
github
github
added 2026/03/03 11:19 p.m.18 views

OpenClaw's commands.allowFrom sender authorization accepted conversation identifiers via ctx.From

Summary commands.allowFrom is documented as a sender authorization allowlist for commands/directives, but command authorization could include ctx.From conversation identity as a sender candidate. When commands.allowFrom contained conversation-like identifiers for example Discord channel: or...

5.9AI score
Exploits0References3Affected Software1
euvd
euvd
added 2025/10/31 12:30 a.m.7 views

EUVD-2025-37219

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

5.3CVSS6.1AI score0.00783EPSS
Exploits0References4
cvelist
cvelist
added 2025/10/30 9:25 p.m.12 views

CVE-2025-34272 Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashboard Fallback

In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view...

5.3CVSS0.00783EPSS
Exploits0References3
osv
osv
added 2025/10/07 7:46 a.m.2 views

SUSE-SU-2025:03462-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.3.1 ESR bsc1250452. - Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on...

6.9AI score
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-27933

Malicious code in bioql PyPI...

6.3AI score0.00146EPSS
Exploits0References6
osv
osv
added 2025/08/19 5:15 p.m.7 views

AZL-66455 CVE-2025-38610 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

5.5CVSS5.6AI score0.00146EPSS
Exploits0References1
osv
osv
added 2025/08/19 5:15 p.m.4 views

UBUNTU-CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

5.5CVSS5.9AI score0.00146EPSS
Exploits0References31
debiancve
debiancve
added 2025/08/19 5:3 p.m.10 views

CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

5.5CVSS5.3AI score0.00146EPSS
Exploits0
osv
osv
added 2025/08/19 5:3 p.m.12 views

CVE-2025-38610 powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

5.5CVSS6.1AI score0.00146EPSS
Exploits0References10
ptsecurity
ptsecurity
added 2025/07/02 12:0 a.m.4 views

PT-2025-33808

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The get pd power uw function may experience a NULL pointer dereference when em cpu get returns NULL. This can occur when a CPU becomes unavailable during runtime, leading to a crash wh...

5.5CVSS5.8AI score0.00146EPSS
Exploits0
ptsecurity
ptsecurity
added 2024/02/19 12:0 a.m.16 views

PT-2024-7687 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds access in the crypto: arm64/neonbs component of the Linux kernel, specifically in the bit-sliced implementation of AES-CTR. This implementation...

8CVSS6.5AI score0.08555EPSS
Exploits4References551
Rows per page
Query Builder