Lucene search
K

16884 matches found

CVE
CVE
added 2026/06/26 7:40 p.m.11 views

CVE-2026-53292

Summary (CVE-2026-53292): The Linux kernel phonet subsystem contains a flaw in pn_socket_autobind() where, if pn_socket_bind() returns -EINVAL while the socket was never bound (pn_port() == 0) and sk states are not TCP_CLOSE, a BUG_ON() triggers a kernel panic from a user-triggerable path. The pa...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/26 5:51 p.m.10 views

EUVD-2026-36190

ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments...

4.3CVSS5.8AI score0.00187EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 8:45 a.m.5 views

CVE-2026-53227

A flaw was found in the Linux kernel's Open vSwitch OVS component. This issue occurs due to incorrect error handling during the allocation of a 'reply' skb socket buffer after locking the ovsmutex. If the allocation fails, an invalid pointer may be passed to kfreeskb, leading to a system crash an...

5.5CVSS5.7AI score0.00136EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52971

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description The TIFF decoder can panic when processing an invalid image that contains an out-of-bounds strip offset. A panic is a critical error that causes a program to cra...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.8 views

PT-2026-52931

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the phonet network component where the pn socket autobind function incorrectly handles a failed bind operation. When pn socket bind returns an -EINVAL error, the syste...

5.8AI score0.00107EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES15 Security Update : bind (SUSE-SU-2026:2616-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2616-1 advisory. - CVE-2026-3592: Amplification vulnerabilities via self-pointed glue records bsc1265592. - CVE-2026-3039: BIND 9 server memory...

7.5CVSS5.9AI score0.0181EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.11 views

SUSE SLES16: bind / bind-doc / bind-modules-generic / bind-modules-ldap / etc (SUSE-SU-2026:22198-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22198-1 advisory. This update for bind fixes the following issues Upgrade to release 9.20.23: - CVE-2026-3039: BIND 9 server memory exhaustion durin...

9.8CVSS5.8AI score0.01844EPSS
Exploits1References19
RedhatCVE
RedhatCVE
added 2026/06/25 11:56 p.m.5 views

CVE-2026-53246

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP implementation. A remote attacker could exploit this by sending a specially crafted COOKIEECHO chunk to a listening SCTP server. The server's failure to properly validate the length of a cached peer INIT chunk within...

9.8CVSS5.8AI score0.00481EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:52 p.m.1 views

GHSA-8PJ9-6897-74XC ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/25 9:52 p.m.7 views

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions

A missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operations...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References4Affected Software17
NVD
NVD
added 2026/06/25 8:17 p.m.8 views

CVE-2026-10592

Certificates with wildcard DNS SANs e.g. .example.com bypassed CA name-constraint checks. A certificate with a wildcard DNS SAN that should be rejected by the issuing CA's permitted/excluded DNS name constraints could be accepted...

6.3CVSS0.00124EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 8:8 p.m.6 views

EUVD-2026-39555

X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted...

6CVSS5.8AI score0.00124EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 7:28 p.m.7 views

CVE-2026-42055

A flaw was found in NGINX. When NGINX is configured to proxy HTTP/2 traffic using the ngxhttpproxyv2module or ngxhttpgrpcmodule with specific settings, a remote, unauthenticated attacker can send specially crafted large headers. This can trigger a heap-based buffer overflow, leading to a restart ...

9.2CVSS6.5AI score0.02838EPSS
Exploits1References4
NVD
NVD
added 2026/06/25 7:16 p.m.11 views

CVE-2026-56770

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS0.00339EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 6:19 p.m.6 views

CVE-2026-52959

A flaw was found in the Linux kernel's Secure Encrypted Virtualization SEV guest module. This vulnerability allows a malicious host to provide an invalid buffer size during an extended guest request. This incorrect handling of host-controlled page order during the cleanup process can lead to a...

7.8CVSS6AI score0.00093EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.5 views

CVE-2026-53080

A flaw was found in the Linux kernel's traffic control firewall classifier clsfw module. An attacker with the ability to create traffic control filters could exploit a vulnerability where an invalid filter, created using an older method, is processed before proper validation. This can lead to a...

5.5CVSS5.8AI score0.00172EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 6:16 p.m.9 views

CVE-2026-49839

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS0.00165EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 5:17 p.m.28 views

CVE-2026-49839

Summary: CVE-2026-49839 affects jq prior to 1.8.2, where in the --rawfile path an oversized string can trigger invalid-state reuse and heap-buffer-overflow writes. In detail, when jv_load_file(raw=1) reads attacker-controlled data, file chunks are appended to a single jv string accumulator; after...

7.1CVSS5.8AI score0.00165EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/25 5:17 p.m.36 views

CVE-2026-49839 jq --rawfile invalid-state reuse after String too long causes heap-buffer-overflow

jq is a command-line JSON processor. Prior to 1.8.2, jq --rawfile can turn a handled oversized-string error into invalid-state reuse and a real heap out-of-bounds write in assertion-disabled builds. When jvloadfileraw=1 reads an attacker-controlled file, it repeatedly appends file chunks to the...

7.1CVSS0.00165EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/25 5:1 p.m.6 views

CVE-2026-57236

A flaw was found in Nokogiri, an XML and HTML library for Ruby. When an attacker provides an invalid encoding to the Documentencoding= function, the library frees the document's current encoding string without replacing it. This leaves the document referencing freed memory, which can lead to a...

8.2CVSS5.7AI score0.00331EPSS
Exploits0References4
Rows per page
Query Builder