Lucene search
K

121 matches found

OSV
OSV
added 4 days ago3 views

DEBIAN-CVE-2026-13923

Uninitialized Use in GPU in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 7:53 p.m.31 views

CVE-2026-12891 Gstreamer1-plugins-bad: gstreamer1-plugins-bad: global buffer overflow (oob read) in h.266/vvc vui parameter parser

A flaw was found in the GStreamer gst-plugins-bad package. When processing a malformed H.266/VVC video stream with a crafted aspect ratio indicator value, the H.266 parser performs an out-of-bounds read of up to 8 bytes from adjacent memory. This flaw allows an attacker to craft a malicious H.266...

4.3CVSS0.00276EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Fixed the issue where the sevreceivestart command failed due to the absence of the sevdecommission command. The current SEV context must be decommissioned if binding an ASID fails after a RECEIVESTART operation. Accordi...

5.1CVSS5.3AI score0.00213EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/12 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-12015

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Autofill in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially...

5.3CVSS5.4AI score0.00227EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 2:35 p.m.8 views

EUVD-2026-36053

Stack-based Buffer Overflow vulnerability in Erlang OTP erts inetdrv allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctpparseerrorchunk function in erts/emulator/drivers/common/inetdrv.c parses SCTP ERROR chunks and writes cause codes int...

8.8CVSS5.6AI score0.00497EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-46303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - isofs: validate Rock Ridge CE continuation extent against volume size rockcontinue reads rs-contextent verbatim from the Rock Ridge CE record and passes it to...

8.2CVSS6AI score0.00278EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6575

A flaw was found in PostgreSQL. This buffer over-read vulnerability in the pgrestoreattributestats function allows a table maintainer to infer memory values. By providing array values of unmatched length, a malicious table maintainer can cause query planning to read past the end of an array,...

4.3CVSS5.6AI score0.00208EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/02 6:32 p.m.30 views

CVE-2026-47265 AIOHTTP vulnerable to cross-origin redirect with per-request cookies

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.14.0, cookies set with the cookies parameter on requests are sent after following a cross-origin redirect. If a developer uses the cookies parameter on a per-request basis then sensitive data might ...

8.7CVSS0.0015EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.32 views

SUSE CVE-2026-46155

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix out-of-bounds read in smb2compoundop If a server sends a truncated response but a large OutputBufferLength, and terminates the EA list early, checkwsleas returns success without validating that the entire...

7CVSS5.8AI score0.00478EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 10:25 p.m.33 views

CVE-2026-10008

CVE-2026-10008 concerns an uninitialized use flaw in the GPU component of the Chromium-based Google Chrome on Android. The issue allows a remote attacker to potentially read sensitive information from a process’s memory via a crafted HTML page. The public description cites the root cause as an un...

6.5CVSS5.8AI score0.00224EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/19 9:16 p.m.10 views

DEBIAN-CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.9 views

PT-2026-39823

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions...

7.5CVSS5.8AI score0.0044EPSS
Exploits0References10
CNVD
CNVD
added 2026/05/06 12:0 a.m.12 views

Ollama GGUF Model Loader Heap Out-of-Bounds Read Vulnerability

Ollama is an open source large language model deployment and inference tool, mainly providing model loading, quantization and API interface services. The Ollama GGUF model loader suffers from a heap out-of-bounds read vulnerability that stems from the /api/create interface failing to properly...

9.1CVSS5.8AI score0.01001EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.2.22 runc (RHSA-2020:0688)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0688 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation CVE-2019-19921 Note that Nessus has n...

7CVSS5.8AI score0.00457EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-31697

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if t...

7.1CVSS7.3AI score0.00126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-31699

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmwa...

7.1CVSS7.3AI score0.00126EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-013846)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013846 advisory. In the Linux kernel, the following vulnerability has been resolved: Input: uinput - zero-initialize uinputffuploadcompat to avoid info leak Struct ffeffectcompat is...

5.3AI score0.00211EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/15 10:42 a.m.5 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-5885

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebML in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive...

6.5CVSS7.3AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder