Lucene search
K

3599 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ext4: Regenerate the buddy structure after block freeing fails when under fc replay. This fix primarily reverts to commit 6bd97bf273bd “ext4: Remove redundant mbregeneratebuddy”, and reintroduces the function mbregeneratebuddy...

5.5CVSS6.2AI score0.00278EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: ext4: Fixed error handling in ext4fcrecordmodified inode. The current code does not properly handle the krealloc error case, which could lead to silent memory corruption or a kernel bug. This patch addresses this issue...

7.8CVSS5.6AI score0.00228EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Fix for accessing an uninitialized lock in the fc replay path. The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with the fast-commit feature enabled: INFO: Trying to...

5.5CVSS6.2AI score0.00221EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/18 2:27 p.m.13 views

CVE-2026-41650

A flaw was found in fast-xml-parser. The XMLBuilder component does not properly escape specific sequences "--" in comments and "" in CDATA sections when constructing XML from JavaScript objects. This vulnerability allows an attacker to perform XML injection if user-controlled data is processed...

6.1CVSS5.7AI score0.00238EPSS
Exploits1References5
Fedora
Fedora
added 2026/05/18 12:59 a.m.14 views

[SECURITY] Fedora 43 Update: uv-0.11.11-1.fc43

An extremely fast Python package and project manager, written in Rust. Highlights: =E2=80=A2 A single tool to replace pip, pip-tools, pipx, poetry, pyenv, twi ne, virtualenv, and more. =E2=80=A2 10-100x faster than pip. =E2=80=A2 Provides comprehensive project management, with a universal lockf...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.7 views

CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.42 views

CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 Stack Based Buffer Overflow

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS0.00148EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/17 12:11 p.m.11 views

EUVD-2018-21843

Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious license name string. Attackers can craft a payload with 780 bytes of junk data followed by structured shellcode and place it in the...

8.6CVSS6.4AI score0.00148EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.13 views

Fedora 42 : python-jupytext (2026-793b55138d)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-793b55138d advisory. This update contains upgrades to various npm packages used during the build to address CVEs, namely: - CVE-2025-69873 ajv - CVE-2026-0540 DOMPurify ...

9.8CVSS6.5AI score0.01735EPSS
Exploits2References7
Fedora
Fedora
added 2026/05/15 8:57 p.m.15 views

[SECURITY] Fedora 44 Update: rsync-3.4.1-7.fc44

Rsync uses a reliable algorithm to bring remote and host files into sync very quickly. Rsync is fast because it just sends the differences in the files over the network instead of sending the complete files. Rsync is often used as a very powerful mirroring process or just as a more capable...

7.8CVSS7.2AI score0.01761EPSS
Exploits2
EUVD
EUVD
added 2026/05/15 4:51 p.m.12 views

EUVD-2026-30571

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

7.5CVSS5.9AI score0.0027EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.12 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 8:16 p.m.32 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 7:12 p.m.50 views

CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 7:12 p.m.9 views

CVE-2026-44351

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/13 7:12 p.m.7 views

CVE-2026-44351 fast-jwt: Empty HMAC secret accepted via async key resolver - JWT auth bypass

fast-jwt provides fast JSON Web Token JWT implementation. Prior to 6.2.4, a critical authentication-bypass vulnerability in fast-jwt's async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that are accepted as authentic. When the application's key resolver returns an...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 7:12 p.m.41 views

CVE-2026-44351

CVE-2026-44351 — fast-jwt auth bypass (pre-6.2.4) : The vulnerability exists in fast-jwt’s async key-resolver flow when the resolver returns an empty string or zero-length Buffer. The library may treat this as a valid secret and derive allowedAlgorithms as HS256/HS384/HS512, then verify a JWT aga...

9.1CVSS6AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 5:30 p.m.32 views

CVE-2026-44003

vm2 (Node.js sandbox) prior to version 3.11.0 includes a transformer fast-path that bypasses AST analysis when code does not contain catch, import, or async, allowing sandboxed code to access internal state VM2_INTERNAL_STATE_DO_NOT_USE_OR_PROGRAM_WILL_FAIL and its security helpers (handleExcepti...

5.8CVSS5.8AI score0.00248EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/05/13 5:30 p.m.52 views

CVE-2026-44003 vm2: Transformer Fast-Path Bypass Exposes Internal State Variable

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain catch, import, or async keywords. This fast-path bypass allows sandboxed code to directly access the internal...

5.3CVSS0.00248EPSS
Exploits1References1
NVD
NVD
added 2026/05/13 4:16 p.m.44 views

CVE-2026-44665

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.00209EPSS
Exploits0References1
Rows per page
Query Builder