Lucene search
+L

111544 matches found

Nuclei
Nuclei
added 9 hours ago10 views

vLLM <= 0.23.0 - Anthropic Router Heap Address Information Leak

vLLM = 0.23.0 incompletely fixes CVE-2026-22778. The original fix added sanitizemessage to the OpenAI router but the Anthropic-compatible router /v1/messages echoes strexc directly. id: CVE-2026-54236 info: name: vLLM = 0.23.0 - Anthropic Router Heap Address Information Leak author: kenlacroix...

9.8CVSS6.6AI score0.03816EPSS
Exploits1References2
Nuclei
Nuclei
added 9 hours ago13 views

vLLM 0.8.3 - 0.14.0 - Information Disclosure

vLLM 0.8.3 to - 0.14.1 contains an information disclosure caused by leaking a heap address in error messages from the multimodal endpoint when processing invalid images, letting remote attackers reduce ASLR entropy, exploit requires sending invalid images. id: CVE-2026-22778 info: name: vLLM 0.8....

9.8CVSS6.7AI score0.03816EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 11 hours ago3 views

CVE-2026-57076

A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...

6.3CVSS6AI score
Exploits0References5
NVD
NVD
added 14 hours ago6 views

CVE-2026-34150

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 1.0.0 and above, prior to 4.14.5, a heap buffer overflow in wazuh-analysisd allows an unauthenticated remote attacker to crash the Wazuh manager's analysis engine, causing complete loss of SI...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-40106

Summary: CVE-2026-40106 affects the Windows agent of Wazuh (versions 4.6.0–pre-4.14.5). A heap-based buffer overflow occurs in the syscheck component during registry wildcard expansion. The code allocates a fixed 256-byte heap buffer (OS_SIZE_256); creating a registry subkey of maximum length (25...

4.7CVSS6.1AI score
Exploits0References1
Cvelist
Cvelist
added yesterday11 views

CVE-2026-34150 Wazuh: Heap buffer overflow in wazuh-analysisd via rootcheck event parsing

Wazuh is a free and open source platform used for threat prevention, detection, and response. In versions 1.0.0 and above, prior to 4.14.5, a heap buffer overflow in wazuh-analysisd allows an unauthenticated remote attacker to crash the Wazuh manager's analysis engine, causing complete loss of SI...

7.5CVSS
Exploits0References1
CVE
CVE
added yesterday3 views

CVE-2026-34150

CVE-2026-34150 describes a heap buffer overflow in wazuh-analysisd for Wazuh versions 1.0.0–4.14.4 that can be exploited by an unauthenticated remote attacker to crash the Wazuh manager’s analysis engine, leading to complete loss of SIEM alert processing. The attack leverages the default wazuh/wa...

7.5CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added yesterday14 views

CVE-2026-44452 h2o is vulnerable to heap overrun

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 8dc37cb, when h2o receives a ClientHello message over TLS or QUIC and it contains a zero-length SNI extension, the h2o server runs over the zero-length hostname while trying to copy the hostname, assuming that it ...

5.9CVSS0.00052EPSS
Exploits0References2
CVE
CVE
added yesterday13 views

CVE-2026-44452

CVE-2026-44452 affects the h2o HTTP server (supports HTTP/1.x, 2, 3). Affected behavior occurs when a TLS/QUIC ClientHello contains a zero-length SNI extension; h2o can attempt to copy the hostname assuming NULL-termination, causing a heap/segmentation fault that may enable a denial-of-service. T...

5.9CVSS6AI score0.00052EPSS
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-45011

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is heap exposure in nested MIME comment parsing. An authenticated IMAP user could craft an email message containing an RFC 822 comment ending with a backslash. When parsing the message, the server would read past the...

3.1CVSS6.1AI score
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-44981

CrowdSec offers crowdsourced protection against malicious IPs. From 1.7.0 until 1.7.8, the LAPI router used gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing /v1/watchers and /v1/watchers/login to decompress unauthenticated gzip-compressed...

8.2CVSS0.00115EPSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-15422

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...

10CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-15449

A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...

5.8CVSS
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-45014

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...

10CVSS6.3AI score
Exploits0References3
Cvelist
Cvelist
added yesterday19 views

CVE-2026-15422 SCTP needs to better-check INIT ACK chunk parameters

The illumos SCTP inbound path performs association lookup for INIT ACK chunks without adequately validating the address parameters carried in the chunk. Since this lookup runs during packet classification i.e. before SCTP integrity checks or IPsec policy are applied a remote, unauthenticated...

10CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-15422

CVE-2026-15422 concerns illumos SCTP where the inbound path performs association lookups for INIT ACK chunks without validating the address parameters. The vulnerability is triggered during packet classification, before SCTP integrity checks or IPsec policies, allowing a remote, unauthenticated a...

10CVSS6.3AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-45034

A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...

5.8CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday20 views

CVE-2026-15449 TOCTOU double copyin in illumos dld ioctl handling causes kernel heap corruption

A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...

5.8CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-15449

CVE-2026-15449 describes a TOCTOU vulnerability in the illumos data-link pseudo-driver (dld) regarding handling of DLDIOC_GETMACPROP and DLDIOC_SETMACPROP ioctls on /dev/dld. In drv_ioc_prop_common(), the header is read once to obtain pr_valsize, a kernel heap buffer is allocated, and then the fu...

5.8CVSS6.2AI score
Exploits0References3
Rows per page
Query Builder