Lucene search
+L

929 matches found

osv
osv
added 3 days ago3 views

SUSE-SU-2026:2977-1 Security update for afterburn

This update for afterburn fixes the following issues Update to version 5.10.0.git73.b97f772. Security issues fixed: - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270175. - CVE-2026-41677: openssl: out-of-bounds read in PEM password...

9.8CVSS6.2AI score0.00559EPSS
Exploits1References19
cve
cve
added 4 days ago13 views

CVE-2026-15525

CVE-2026-15525 affects the kLOsk adloop package up to version 0.9.0. The vulnerability is in the function _validate_urls in src/adloop/ads/write.py, where manipulating the argument final_url can trigger a server-side request forgery (SSRF). The issue can be exploited remotely and the exploit is p...

6.5CVSS6.4AI score0.00214EPSS
Exploits0References8
nvd
nvd
added last week4 views

CVE-2026-57212

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.7CVSS0.00404EPSS
Exploits1References6
osv
osv
added last week3 views

UBUNTU-CVE-2026-57212

RabbitMQ is a messaging and streaming broker. Prior to 3.13.14, 4.0.19, 4.1.10, and 4.2.5, the rabbitmqmanagement HTTP API accepts oversized valid JSON bodies on withdecode and directrequest paths because readcompletebody checks the accumulated size before the final chunk but not the final combin...

7.7CVSS6.1AI score0.00404EPSS
Exploits1References8
osv
osv
added last week1 views

OPENSUSE-SU-2026:21294-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues - CVE-2026-41676: openssl: Deriver:derive and PkeyCtxRef:derive can overflow short buffers on OpenSSL 1.1.1 bsc1270208. - CVE-2026-41677: openssl: out-of-bounds read in PEM password callback when returning an oversized length...

9.8CVSS6.2AI score0.00359EPSS
Exploits0References16
nvd
nvd
added 2026/07/09 5:16 p.m.9 views

CVE-2026-15194

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amfcontextfinal of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and m...

4.8CVSS0.00121EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/09 5:0 p.m.31 views

CVE-2026-15194 Open5GS AMF context.c amf_context_final use after free

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amfcontextfinal of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and m...

4.8CVSS0.00121EPSS
Exploits0References6
euvd
euvd
added 2026/07/09 5:0 p.m.7 views

EUVD-2026-42632

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amfcontextfinal of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and m...

4.8CVSS5.6AI score0.00121EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/07/09 5:0 p.m.7 views

CVE-2026-15194

A security flaw has been discovered in Open5GS 2.7.7. This affects the function amfcontextfinal of the file src/amf/context.c of the component AMF. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit has been released to the public and m...

4.8CVSS5.6AI score0.00121EPSS
Exploits0References6
cve
cve
added 2026/07/09 5:0 p.m.8 views

CVE-2026-15194

Open5GS 2.7.7 has a use-after-free in AMF code via amf_context_final (src/amf/context.c). Exploitation requires local access, and public exploit code exists. Affects AMF component; no other details on vulnerable versions beyond 2.7.7 are provided. The provided documents do not specify a CVSS vect...

4.8CVSS5.6AI score0.00121EPSS
Exploits0References6
osv
osv
added 2026/07/06 8:3 a.m.3 views

PYSEC-2026-888 Uncontrolled Resource Consumption in asyncua and opcua

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service DoS due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited numb...

7.5CVSS7.1AI score0.01063EPSS
Exploits0References8
osv
osv
added 2026/07/02 7:44 p.m.5 views

GHSA-W834-CF6P-9M9W Zebra: Finalized address balance credit-first overflow on consensus-valid blocks

Am I affected You are affected if: 1. You run zebrad up to and including v4.4.1. 2. Your node processes blocks on any Zcash network. Summary The finalized transparent address balance writer processes all newly-created outputs credits before processing spent outputs debits within the same block. A...

6.9CVSS5.9AI score
Exploits0References2
nessus
nessus
added 2026/06/26 12:0 a.m.9 views

SUSE SLES12 Security Update : kernel (Live Patch 71 for SUSE Linux Enterprise 12 SP5) (SUSE-SU-2026:2549-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2549-1 advisory. This update for the SUSE Linux Enterprise Kernel 4.12.14-122.269 fixes various security issues The following security issues were fixed: -...

9.8CVSS6.7AI score0.0049EPSS
Exploits7References13
nvd
nvd
added 2026/06/25 10:17 p.m.10 views

CVE-2026-6331

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

7.5CVSS0.00147EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/25 8:56 p.m.26 views

CVE-2026-6331 HMAC zero-length tag forgery in EVP_DigestVerifyFinal

HMAC zero-length tag forgery in EVPDigestVerifyFinal, where a zero-length tag could be accepted as valid during HMAC verification. In the OpenSSL-compatibility HMAC verify path the supplied signature length was only checked as not exceeding the MAC length, so a zero-length or otherwise truncated...

2.1CVSS0.00147EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10097

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS0.00161EPSS
Exploits0References2
nvd
nvd
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS0.00263EPSS
Exploits0References2
osv
osv
added 2026/06/25 8:17 p.m.5 views

UBUNTU-CVE-2026-10512

The X25519 x8664 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19. This can leave the field element in a non-canonical form, producing an incorrect result from the...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/25 7:59 p.m.8 views

CVE-2026-10097 ML-KEM-1024 x64 AVX2 incomplete cipher text comparison enables IND-CCA2 break and static private-key recovery

wolfSSL's AVX2-optimized ML-KEM implementation mlkemcmpavx2 compares only 1536 of the 1568 ciphertext bytes during the Fujisaki-Okamoto re-encryption check in ML-KEM-1024 decapsulation. Ciphertexts that differ from the expected re-encryption solely in bytes 1536-1567 bypass implicit rejection and...

8.3CVSS5.8AI score0.00161EPSS
Exploits0References2
euvd
euvd
added 2026/06/25 7:59 p.m.6 views

EUVD-2026-39553

ML-KEM-1024 x64 AVX2 implicit rejection failure in the Fujisaki-Okamoto transform breaks IND-CCA2 security, allowing decapsulation to deviate from the implicit-rejection behavior required by the standard. The AVX2 constant-time ciphertext comparison used during decapsulation never compared the...

6.3CVSS5.9AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder