Lucene search
+L

3446 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/18 5:6 p.m.8 views

CVE-2026-48984

pamusb provides hardware authentication for Linux using ordinary removable media. In versions 0.9.1 and below, the xfree memory release helper in calls free without first zeroing the buffer contents, releasing heap-allocated buffers containing sensitive data — including one-time pad bytes read fr...

4.7CVSS5.5AI score0.00109EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/17 3:16 p.m.7 views

UBUNTU-CVE-2026-12528

A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...

5.4CVSS5.8AI score0.00226EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/15 4:21 p.m.9 views

CVE-2026-6040 Heap use-after-free in ODF number-format blank-width parsing

A heap use-after-free existed when importing the blank-width characters of an ODF number format. A position value read from the document was not checked against the length of the format-code string, so a malformed number format could be processed against memory outside that string. In fixed...

6.9CVSS5.2AI score0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/14 6:17 p.m.17 views

CVE-2026-54412

LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...

8.8CVSS0.00407EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/06/14 3:17 p.m.106 views

Exploit for Improper Handling of Length Parameter Inconsistency in Mongodb

CVE-2025-14847-mongobleed CVE-2025-14847 mongobleed python fil...

8.7CVSS6AI score0.83007EPSS
Exploits39
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : perl-XML-LibXML (SUSE-SU-2026:2324-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:2324-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing...

7.5CVSS5.5AI score0.00629EPSS
Exploits0References4
OSV
OSV
added 2026/06/12 12:27 p.m.16 views

OESA-2026-2672 perl-HTML-Parser security update

Objects of the HTML::Parser class will recognize markup and separate it from plain text alias data content in HTML documents. As different kinds of markup and text are recognized, the corresponding event handlers are invoked. Security Fixes: HTML::Entities versions before 3.84 for Perl read freed...

7.5CVSS5.5AI score0.0031EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.13 views

SUSE CVE-2026-11792

A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the createmaskedentrystring function in auditlog.c copies a fixed-length password mask into a precisely-sized heap buffer without checking available space. If a short cleartext password is logged requiri...

3.3CVSS5.7AI score0.00258EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.24 views

PT-2026-49341

Name of the Vulnerable Software and Affected Versions GStreamer affected versions not specified Description A flaw exists in the WavPack audio decoder within gst-plugins-good. An integer overflow occurs during the buffer size calculation 4 block samples channels inside the gst wavpack dec handle...

7.6CVSS6.1AI score0.0031EPSS
Exploits0References39
RedHat Linux
RedHat Linux
added 2026/06/11 1:24 p.m.16 views

openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption

A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax CMS data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key KEK cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leadin...

7.5CVSS5.4AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/11 9:49 a.m.10 views

CVE-2026-11850

An integer underflow vulnerability was found in MIT krb5 in the berval2tldata function in plugins/kdb/ldap/libkdbldap/ldapprincipal2.c. The function performs an unsigned subtraction bvlen - 2 without a prior bounds check. When bvlen is 0 or 1, the subtraction wraps to a large value which is then...

5CVSS4.8AI score0.00261EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 12:35 a.m.40 views

CVE-2026-46532 ESF-IDF: Heap Out-of-Bounds Read in Bluedroid AVRCP Target Parser

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser avrcparsvendorcmd in components/bt/host/bluedroid/stack/avrc/avrcparstg.c. This issue has been patched ...

4.6CVSS0.00228EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/10 12:26 a.m.11 views

EUVD-2026-35915

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser parseoptions in components/lwip/apps/dhcpserver/dhcpserver.c shipped with ESP-IDF's lwIP component. The pars...

6.5CVSS5.5AI score0.00246EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.21 views

ESP-IDF 缓冲区错误漏洞

ESP-IDF is an open-source development framework for Espressif’s SoCs, supported on Windows, Linux, and macOS. Versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1 of ESP-IDF contain buffer overflow vulnerabilities. These vulnerabilities stem from an out-of-bounds read issue in the DHCP server option...

6.5CVSS5.8AI score0.00246EPSS
Exploits0References2
OSV
OSV
added 2026/06/09 4:3 p.m.3 views

CVE-2026-35188 Double-free When Checking OCSP Stapled Response

Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the statusrequest extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a...

5CVSS7.5AI score0.00245EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/09 4:3 p.m.10 views

CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

7.5CVSS5.5AI score0.00511EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/06/09 4:3 p.m.15 views

CVE-2026-34183

Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATHCHALLENGE frames. Impact summary: A malicious remote peer can cause an unbounded memory allocation which can lead to an abnormal termination of the application acting as a QU...

7.5CVSS5.5AI score0.00511EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/09 2:59 p.m.16 views

CVE-2026-22164

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

7.5CVSS5.4AI score0.00338EPSS
Exploits0References1
OSV
OSV
added 2026/06/09 2:33 p.m.6 views

SUSE-SU-2026:2324-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.4AI score0.00629EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 9:16 p.m.22 views

CVE-2026-40215

A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS session promotion...

6.1CVSS0.00309EPSS
Exploits0References3
Rows per page
Query Builder