Lucene search
K

158 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53174

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ovl: keep err zero after successful ovlcacheget ovliteratemerged stores PTRERRcache in err before checking ISERRcache. On success err holds the truncated cache...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:16 p.m.4 views

CVE-2026-54289

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda@Edge, CloudFront delivers a request header that appears more than once as several separate entries. The adapter writes each value with Headers.set instead of Headers.append, so...

4.8CVSS5.9AI score0.00114EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 10:59 a.m.4 views

kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result

A flaw was found in the Linux kernel's Wi-Fi mac80211 subsystem. The ieee80211invokefastrx function uses a static variable for rxresult, which is shared across concurrent calls. This can lead to incorrect processing of Wi-Fi packets, where a packet might be mishandled or its status incorrectly...

8.8CVSS5.8AI score0.00161EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: sctp: A potential overflow issue in sctpifwdtsnskip has been fixed. Currently, when using sctpwalkifwdtsn to traverse ifwdtsnskip, it only checks the position pos against the end of the chunk. However, the data remaining at the...

7.8CVSS5.8AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ice: fixed the Rx page leak in multi-buffer frames. The iceputrxmbuf function handles calling iceputrxbuf for each buffer in the current frame. This function was introduced as part of handling multi-buffer XDP support in the ice...

5.5CVSS6AI score0.00135EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 3:16 p.m.8 views

CVE-2026-0646

A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability can result in the adapter faulting and losing connection to its associated I/O modules, requiring a manual reset to recover...

8.7CVSS0.00343EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 12:28 p.m.9 views

OESA-2026-2681 xorg-x11-server security update

X.Org X11 X server Security Fixes: 'Hi all,\n\nCVEs have been issued now, please see inline below\n\nOn Tue, Jun 02, 2026 at 10:01:46AM +1000, Peter Hutterer wrote:', "=======================================================================\nX.Org Security Advisory: June 2, 2026 \n\nIssues in X.Or...

7.8CVSS5.9AI score0.00165EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2026/06/10 3:34 p.m.7 views

CVE-2026-45565 Roxy-WI: EscapedString validator skips its '..' block when stripping (root cause for several path-traversal/RCE vectors)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS5.5AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-33807

@fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time,...

9.1CVSS5.4AI score0.0043EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.7 views

SUSE CVE-2026-28904

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-46170

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: pm: ADDADDR rtx: free sk if last When an ADDADDR is retransmitted, the sk is held in skresettimer, and released at the end. If at that moment, it was the...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44416

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description In the app.mount function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/05/17 6:51 p.m.7 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

5.9AI score0.00447EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 1:59 p.m.10 views

USN-8252-1 openjpeg2 vulnerability

It was discovered that OpenJPEG did not properly handle memory when encoding image files. An attacker could use this issue to cause OpenJPEG to crash, resulting in a denial of service, or possibly execute arbitrary code...

4.8CVSS5.9AI score0.00112EPSS
Exploits0References2
Redos
Redos
added 2026/05/06 12:0 a.m.5 views

ROS-20260506-73-0003

Vulnerability in golang-github-jose related to an exception handling bug. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

7.5CVSS6.4AI score0.00651EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:52 a.m.6 views

CVE-2026-43861

mutt before 2.3.2 does not check for '\0' in urlpctdecode...

3.7CVSS5.8AI score0.00162EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mptcp: fix soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with MSGPEEK | MSGWAITALL flags, the skb is not...

7.5CVSS7.1AI score0.00329EPSS
Exploits0References4
OSV
OSV
added 2026/04/22 8:25 p.m.9 views

GHSA-C3H8-G69V-PJRG i18next-http-middleware: HTTP response splitting and DoS via unsanitised Content-Language header

Summary Versions of i18next-http-middleware prior to 3.9.3 wrote user-controlled language values into the Content-Language response header after passing them through utils.escape, which is an HTML-entity encoder that does not strip carriage return, line feed, or other control characters. When the...

8.6CVSS5.9AI score0.00327EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/20 2:55 p.m.6 views

CVE-2026-3219

pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing "incorrect" files according to the filename of the archive. New behavior only proceeds wit...

4.6CVSS5.2AI score0.00144EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/17 5:47 p.m.7 views

CVE-2025-65104

Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher servers, resulting in an information leak. This issue is fixed by upgrading to the FB4 client or...

7.9CVSS5.8AI score0.00185EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder