Lucene search
K

1880 matches found

Xen Project
Xen Project
added 2026/04/17 5:2 p.m.11 views

x86: Floating Point Divider State Sampling

ISSUE DESCRIPTION Researchers from the CISPA Helmholtz Center for Information Security have discovered Floating Point Divider State Sampling. It is detailed in a paper titled "TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities" For more information, see:...

2CVSS5.7AI score0.00191EPSS
Exploits0
OSV
OSV
added 2026/04/17 1:2 p.m.8 views

OESA-2026-1968 llvm security update

LLVM is a compiler infrastructure designed for compile-time, link-time, runtime, and idle-time optimization of programs from arbitrary programming languages. Security Fixes: When using Arm Cortex-M Security Extensions CMSE, Secure stack contents can be leaked to Non-secure state via floating-poin...

3.7CVSS5.9AI score0.00478EPSS
Exploits1References2
Amd
Amd
added 2026/04/17 12:0 a.m.10 views

Floating Point Value Injection (FPVI) Variant in AMD CPUs

Summary Researchers shared with AMD a report titled “TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities.” The researchers' paper introduced a Floating-Point Value Injection FPVI variant, which could allow an attacker with a deep understanding of...

5.5CVSS6.1AI score0.00607EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007353)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007353 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: Restrict CPUBIGENDIAN to GNU as or LLVM IAS 15.x or newer Prior to LLVM 15.0.0, LLVM's...

5.5CVSS5.8AI score0.0024EPSS
Exploits0References4
Amd
Amd
added 2026/04/17 12:0 a.m.9 views

Floating Point Divider State Sampling on AMD CPUs

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54505| A transient execution vulnerability within AMD CPUs may allow a local, user-privileged attacker to leak data via the floating-point divisor unit, potentially resulting in a loss of...

2CVSS5.9AI score0.00191EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.13 views

PT-2026-33582

Name of the Vulnerable Software and Affected Versions AMD CPUs affected versions not specified Description A transient execution vulnerability exists within AMD CPUs that allows a local user-privileged attacker to leak data via the floating point divisor unit. This issue, known as Floating Point...

9.8CVSS5.7AI score0.00501EPSS
Exploits2References261
OSV
OSV
added 2026/04/13 1:20 p.m.5 views

JLSEC-2026-85 A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an...

A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INTMIN...

4CVSS6.7AI score0.00216EPSS
Exploits1References5
Talos
Talos
added 2026/04/07 12:0 a.m.9 views

LibRaw uncompressed_fp_dng_load_raw integer overflow vulnerability

Talos Vulnerability Report TALOS-2026-2363 LibRaw uncompressedfpdngloadraw integer overflow vulnerability April 7, 2026 CVE Number CVE-2026-24450 SUMMARY An integer overflow vulnerability exists in the uncompressedfpdngloadraw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious...

9.8CVSS6.4AI score0.00454EPSS
Exploits1
Snyk
Snyk
added 2026/04/06 4:9 p.m.4 views

Incorrect Type Conversion or Cast

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast in the LossyDctDecoderexecute process when decoding DWA or DWAB-compressed files containing FLOAT-type channels. An attacker can cause...

7.1CVSS5.8AI score0.00283EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/30 5:52 a.m.6 views

Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to rhino

Summary IBM webMethods BPM uses rhino to embed a JavaScript engine for executing internal scripts related to business logic and configuration. Vulnerability Details CVEID:CVE-2025-66453 DESCRIPTION: Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1,...

7.5CVSS6.8AI score0.00235EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, stemming from defects in the sensor filling logic and floating-point conversion routines. These vulnerabilities m...

7.8CVSS7AI score0.00134EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/22 5:11 p.m.14 views

Malicious code in @pypestream/floating-ui-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c054f1bdbe451e796bb0623296f4240c654e72b4ef794089dad3428bfed98fd2 The package @pypestream/floating-ui-dom was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/03/22 5:11 p.m.6 views

MAL-2026-2030 Malicious code in @pypestream/floating-ui-dom (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c054f1bdbe451e796bb0623296f4240c654e72b4ef794089dad3428bfed98fd2 The package @pypestream/floating-ui-dom was found to contain malicious code. Source: ghsa-malware...

5.8AI score
Exploits0References4
Snyk
Snyk
added 2026/03/19 11:0 p.m.6 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised as the result of Trivy's GitHub Actions compromise and a malicious versions were released on NPM. They contain malicious code, and its content was NOT yet...

9.8CVSS5.8AI score
Exploits0References2
Fedora
Fedora
added 2026/03/19 12:54 a.m.7 views

[SECURITY] Fedora 43 Update: kiss-fft-131.2.0-1.fc43

KISS FFT - A mixed-radix Fast Fourier Transform based on the principle, "Keep It Simple, Stupid." There are many great fft libraries already around. Kiss FFT is not trying to be better than any of them. It only attempts to be a reasonably efficient, moderately useful FFT that can use fixed or...

8.6CVSS5.8AI score0.00144EPSS
Exploits0
Fedora
Fedora
added 2026/03/19 12:18 a.m.10 views

[SECURITY] Fedora 44 Update: kiss-fft-131.2.0-1.fc44

KISS FFT - A mixed-radix Fast Fourier Transform based on the principle, "Keep It Simple, Stupid." There are many great fft libraries already around. Kiss FFT is not trying to be better than any of them. It only attempts to be a reasonably efficient, moderately useful FFT that can use fixed or...

8.6CVSS5.8AI score0.00144EPSS
Exploits0
NVD
NVD
added 2026/03/17 7:16 p.m.13 views

CVE-2026-25790

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

7.2CVSS0.00389EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/17 6:41 p.m.2 views

CVE-2026-25790

Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, multiple stack-based buffer overflows exist in the Security Configuration Assessment SCA decoder wazuh-analysisd. The use of sprintf with a...

4.9CVSS6.3AI score0.00389EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/17 6:41 p.m.14 views

CVE-2026-25790

Wazuh CVE-2026-25790 affects the Security Configuration Assessment (SCA) decoder in wazuh-analysisd, with stack-based buffer overflows from using sprintf(value, "%lf", …) into a fixed 128-byte buffer. The vulnerability exists in multiple locations within /src/analysisd/decoders/security_configura...

7.2CVSS6.3AI score0.00389EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/13 7:54 p.m.5 views

UBUNTU-CVE-2026-31884

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, division by zero in MS-ADPCM and IMA-ADPCM decoders when nBlockAlign is 0, leading to a crash. In libfreerdp/codec/dsp.c, both ADPCM decoders use size % blocksize where blocksize = context-common.format.nBlockAlign...

7.5CVSS5.8AI score0.00303EPSS
Exploits1References5
Rows per page
Query Builder