Lucene search
+L

2139 matches found

OSV
OSV
added 2026/05/27 12:18 p.m.2 views

CVE-2026-45976 drm/amdgpu: Fix memory leak in amdgpu_ras_init()

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix memory leak in amdgpurasinit When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, leading to a memory leak. Fix this by jumping to the...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/27 12:15 p.m.49 views

CVE-2026-45872 scsi: smartpqi: Fix memory leak in pqi_report_phys_luns()

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix memory leak in pqireportphysluns pqireportphysluns fails to release the rpllist buffer when encountering an unsupported data format or when the allocation for rpl16bytewwidlist fails. These early returns bypas...

0.00166EPSS
Exploits0References6
OSV
OSV
added 2026/05/27 12:15 p.m.3 views

CVE-2026-45857 scsi: csiostor: Fix dereference of null pointer rn

In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn via the use of the macro CSIOINCSTATS. Fix this by adding a new error return path label after the use ...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.10 views

CVE-2026-8708 Genzel breadcrumbs <= 1.2 - Cross-Site Request Forgery to Settings Update via Plugin Settings Page

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 5:31 a.m.17 views

EUVD-2026-32090

The Genzel breadcrumbs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the optionspage function. This makes it possible for unauthenticated attackers to update the plugin's breadcru...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.21 views

PT-2026-43815

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the ext4 ext shift extents function. When the extent is NULL within the while loop, the function returns immediately without releasing the path acquired through t...

5.5CVSS5.4AI score0.0016EPSS
Exploits0
NVD
NVD
added 2026/05/25 3:16 p.m.20 views

CVE-2018-25366

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS0.00183EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:15 p.m.8 views

CVE-2018-25366

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS6.5AI score0.00183EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/25 2:15 p.m.25 views

CVE-2018-25366

CVE-2018-25366 affects CuteFTP 5.0 XP. A buffer overflow in the Site Manager label field allows a local attacker to execute arbitrary code by crafting a payload exceeding 520 bytes, which overwrites the return address and runs shellcode when a shortcut is created and launched. The connected docum...

8.6CVSS6.5AI score0.00183EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/25 2:15 p.m.16 views

EUVD-2018-21889

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS6.5AI score0.00183EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.29 views

CVE-2018-25366 CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS0.00183EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/25 2:15 p.m.8 views

CVE-2018-25366 CuteFTP 5.0 XP Buffer Overflow via Site Manager Label Field

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS6.5AI score0.00183EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43219

CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious payload into the Site Manager label field. Attackers can craft a payload exceeding 520 bytes that overwrites the return address and executes shellcode when a shortc...

8.6CVSS6.5AI score0.00183EPSS
Exploits0References4
OSV
OSV
added 2026/05/22 4:16 p.m.6 views

DEBIAN-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/22 4:16 p.m.13 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References7
OSV
OSV
added 2026/05/22 4:16 p.m.11 views

UBUNTU-CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0References8
OSV
OSV
added 2026/05/22 3:1 p.m.3 views

CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS6.6AI score0.00478EPSS
Exploits0References59
Debian CVE
Debian CVE
added 2026/05/22 3:1 p.m.9 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

9.6CVSS5.8AI score0.00478EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.10 views

CVE-2026-39821

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

10CVSS5.8AI score0.00478EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 3:1 p.m.12 views

EUVD-2026-31449

The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode"xn--example-.com" incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna...

10CVSS5.8AI score0.00478EPSS
Exploits0References4
Rows per page
Query Builder