Lucene search
K

496 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-54904

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current...

8.2CVSS6AI score0.00278EPSS
Exploits1References3
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-54904

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...

8.2CVSS0.00278EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 3:44 p.m.7 views

CVE-2026-54904

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 3:44 p.m.33 views

CVE-2026-54904 concurrent-ruby: `AtomicReference#update` livelocks when the stored value is `Float::NAN`

concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between AtomicReferenceupdate, which retries until compareandsetoldvalue,...

8.2CVSS0.00278EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 3:44 p.m.68 views

CVE-2026-54904

Technical details for CVE-2026-54904 are not publicly available in the provided documents. No affected versions, root cause, or fixes are described beyond the initial entry. Monitor for updates.

8.2CVSS5.9AI score0.00278EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/06/19 8:47 p.m.6 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the AtomicReferenceupdate function when the current value is Float::NAN. An attacker can cause indefinite busy retry loops and CPU exhaustion by supplying malicious numeric data. Remediation Upgrade concurrent-ruby to...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References2
OSV
OSV
added 2026/06/19 8:47 p.m.10 views

GHSA-H8W8-99G7-QMVJ Concurrent Ruby : `AtomicReference#update` livelocks when the stored value is `Float::NAN`

Summary Concurrent::AtomicReferenceupdate can enter a permanent busy retry loop when the current value is Float::NAN. The issue is caused by the interaction between: - AtomicReferenceupdate, which retries until compareandsetoldvalue, newvalue succeeds. - Numeric compareandset, which checks old ==...

8.2CVSS5.9AI score0.00278EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.13 views

PT-2026-51090

Name of the Vulnerable Software and Affected Versions concurrent-ruby versions prior to 1.3.7 Description The Concurrent::AtomicReferenceupdate function can enter a permanent busy retry loop when the current value is Float::NAN. This occurs due to the interaction between AtomicReferenceupdate,...

8.2CVSS5.8AI score0.00278EPSS
Exploits1References7
Packet Storm News
Packet Storm News
added 2026/06/06 12:0 a.m.12 views

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...

5.5AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 7:6 a.m.11 views

Malicious code in chai-as-float (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57fa3a7c5d47c518f43c819b91f8ae0bbdffbcf6fce42a1ebbce89e7d9c29199 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Snyk
Snyk
added 2026/05/25 7:6 a.m.12 views

Malicious Package

Overview chai-as-float is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/25 7:6 a.m.12 views

MAL-2026-4293 Malicious code in chai-as-float (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 57fa3a7c5d47c518f43c819b91f8ae0bbdffbcf6fce42a1ebbce89e7d9c29199 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby 2.5

There is a buffer over-read issue in Ruby before version 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. This issue occurs during the conversion from strings to floats, including in methods like KernelFloat and Stringtof...

7.5CVSS7AI score0.04127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: hwmon: macsmc Fixed regressions in the Apple Silicon SMC hwmon driver. The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The...

7.8CVSS5.9AI score0.00134EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in imagemagick

In ImageMagick versions before 7.0.9-0, there are values that are outside the representable range for the 'float' type, located in MagickCore/quantize.c...

4.3CVSS6.5AI score0.01056EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 6:53 a.m.8 views

CLSA-2026-1777444043 ruby: Fix of 2 CVEs

CVE-2021-28965: fix REXML XML round-trip vulnerability - CVE-2022-28739: fix buffer over-read in String-to-Float conversion...

7.5CVSS7.2AI score0.05061EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-33907

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.0 Description OpenEXR provides the specification and reference implementation of the EXR file format, which is an image storage format used in the motion picture industry. Recommendations At the moment, there...

5.3CVSS5.8AI score0.00302EPSS
Exploits1References13
OSV
OSV
added 2026/04/17 3:19 p.m.7 views

JLSEC-2026-143

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS5.9AI score0.00283EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/14 6:50 p.m.4 views

EUVD-2026-22114

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float...

5.5CVSS6.1AI score0.00187EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/14 6:50 p.m.9 views

ImageMagick has a heap buffer overflow when encoding JXL image with a 16-bit float

The JXL encoder has an heap write overflow when a user specifies that the image should be encoded as 16 bit floats...

5.5CVSS5.8AI score0.00187EPSS
Exploits0References6Affected Software17
Rows per page
Query Builder