Lucene search
K

1159 matches found

EUVD
EUVD
added last week5 views

EUVD-2026-42275

App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...

7.5CVSS5.9AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 3:40 p.m.8 views

CVE-2026-52997

A flaw was found in the Linux kernel's schdualpi2 qdisc queueing discipline component. When dualpi2change attempts to enforce updated limit and memory limit values, it may incorrectly try to dequeue packets from an empty C-queue while packets are present in the L-queue. This can lead to a NULL sk...

5.7AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38865

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.7AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52997

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

0.00173EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-52997

The CVE-2026-52997 entry documents a Linux kernel net/sched vulnerability in sch_dualpi2 (dualpi2_change) where the code could dereference a NULL skb when switching backlog/memlimit if packets were queued in the L-queue while the C-queue was empty. The fix enforces correct queue draining by: (1) ...

5.7AI score0.00173EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:29 p.m.2 views

CVE-2026-52997 net/sched: sch_dualpi2: drain both C-queue and L-queue in dualpi2_change()

In the Linux kernel, the following vulnerability has been resolved: net/sched: schdualpi2: drain both C-queue and L-queue in dualpi2change Fix dualpi2change to correctly enforce updated limit and memlimit values after a configuration change of the dualpi2 qdisc. Before this patch, dualpi2change...

5.8AI score0.00173EPSS
Exploits0References6
OSV
OSV
added 2026/06/15 9:19 a.m.5 views

SUSE-SU-2026:22125-1 Security update for editorconfig-core-c

This update for editorconfig-core-c fixes the following issue: - CVE-2026-40489: lpattern buffer overflow bsc1262131...

8.6CVSS5.7AI score0.00151EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/11 1:9 p.m.9 views

openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate

A flaw was found in the Certificate Management Protocol CMP implementation within OpenSSL. An attacker with existing Registration Authority RA level credentials could exploit an error in the certificate verification process during a Root Certificate Authority CA key update. This vulnerability...

5.3CVSS5.5AI score0.00262EPSS
Exploits0References4
CVE
CVE
added 2026/06/11 5:4 a.m.49 views

CVE-2026-41700

Spring for GraphQL with WebSocket transport is affected by Cross-Site WebSocket Hijacking. Affected versions: Spring for GraphQL 2.0.0–2.0.3; 1.4.0–1.4.5; 1.3.0–1.3.8; 1.0.0–1.0.6. Description confirms the issue: an attacker can lure an authenticated user to a malicious page to execute arbitrary ...

8.1CVSS5.9AI score0.00182EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.15 views

PT-2026-41266

Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a user views a malicious page while logged-in to the affected product, unexpected operations may be done...

8.5CVSS7.2AI score0.00131EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 5:38 p.m.5 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the aggregate API endpoint when unvalidated user input is passed to the goqu.L function. An attacker can execute arbitrary SQL commands and access sensitive database information by supplying crafted values to the colum...

8.7CVSS6.1AI score0.00345EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.24 views

GitLab 17.0 < 18.9.6 / 18.10 < 18.10.4 / 18.11 < 18.11.1 (CVE-2026-4922)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute...

8.1CVSS5.5AI score0.00178EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/04/20 12:0 a.m.7 views

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

8.6CVSS6AI score0.00151EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

WordPress plugin LTL Freight Quotes – R+L Carriers Edition 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

5.3CVSS5.8AI score0.00385EPSS
Exploits0References14
Patchstack
Patchstack
added 2026/04/07 11:13 p.m.5 views

WordPress LTL Freight Quotes - R+L Carriers Edition plugin <= 3.3.13 - Missing Authorization to Unauthenticated Settings Update vulnerability

WordPress LTL Freight Quotes - R+L Carriers Edition plugin = 3.3.13 - Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Poli - CMC Global in WordPress Plugin LTL Freight Quotes – R+L Carriers Edition versions = 3.3.13...

5.3CVSS5.9AI score0.00385EPSS
Exploits0References1Affected Software1
Packet Storm News
Packet Storm News
added 2026/04/05 12:0 a.m.2 views

Evaluating Future Air Traffic Management Security

The L-Band Digital Aviation Communication System LDACS aims to modernize communications between the aircraft and the tower. Besides digitizing this type of communication, the contributors also focus on protecting them against cyberattacks. There are several proposals regarding LDACS security, and...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/03 12:0 a.m.10 views

Oracle Linux 8 : mysql:8.4 (ELSA-2026-6391)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-6391 advisory. mecab mecab-ipadic mysql 8.4.8-1 - Rebase to 8.4.8 Tenable has extracted the preceding description block directly from the Oracle Linux security...

6.5CVSS7.1AI score0.00337EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/27 8:47 p.m.9 views

CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant...

7.5CVSS5.7AI score0.00348EPSS
Exploits0References3
CVE
CVE
added 2026/03/27 8:47 p.m.81 views

CVE-2026-33895

Summary: CVE-2026-33895 affects Forge (node-forge) prior to 1.4.0, where Ed25519 signature verification does not enforce S

7.5CVSS6.6AI score0.00348EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/03/26 10:4 p.m.3 views

GHSA-Q67F-28XG-22RW Forge has signature forgery in Ed25519 due to missing S > L check

Summary Ed25519 signature verification accepts forged non-canonical signatures where the scalar S is not reduced modulo the group order S = L. A valid signature and its S + L variant both verify in forge, while Node.js crypto.verify OpenSSL-backed rejects the S + L variant, as defined by the...

7.5CVSS6.7AI score0.00348EPSS
Exploits0References7
Rows per page
Query Builder