Lucene search
K

8087 matches found

The Hacker News
The Hacker News
added 4 days ago7 views

Study of 281 Free Android VPN Apps Finds Traffic Leaks, Unencrypted Data, and Tracking

Researchers ran 281 of the most popular free VPN apps on the Google Play Store through a new testing system and found that many fail at the basics people install a VPN for, i.e., keeping their traffic private and secure. The apps flagged with at least one problem have been installed more than 2.4...

6.1AI score
Exploits0
Mageia
Mageia
added 6 days ago4 views

Updated openvpn packages fix security vulnerabilities

The updated packages fix security vulnerabilities: Possible 1-byte buffer overrun on NTLMv2 proxy responses. CVE-2026-11771 Memory-leak in tls-crypt-v2 client key handling that could lead to out-of-memory situations and subsequent server crashes. CVE-2026-12932 Use-after-free bug in ackwritebuf,...

7.5CVSS7.3AI score0.00549EPSS
Exploits0References4
Amazon
Amazon
added 6 days ago5 views

Medium: ImageMagick

Issue Overview: ImageMagick before 7.1.2-15 contains a memory leak vulnerability in multiple coders that write raw pixel data where allocated objects are not properly freed. Attackers can trigger this leak by processing specially crafted images, causing memory exhaustion and denial of service...

9.2CVSS6.2AI score0.00895EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/07/06 12:0 a.m.11 views

Debian dsa-6381 : ata-modules-6.12.90+deb13-armmp-di - security update

The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6381 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6381-1 [email protected] https://www.debian.org/securit...

9.8CVSS6.6AI score0.00497EPSS
Exploits5References52
F5 Networks
F5 Networks
added 2026/07/01 4:15 p.m.12 views

K000162026: Multiple Go vulnerabilities

Security Advisory Description CVE-2026-33811 When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-39820 Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU...

7.5CVSS7AI score0.00813EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.9 views

EUVD-2026-40691

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. Chromium security severity: Medium...

5.8AI score0.00148EPSS
Exploits0References3
NCSC
NCSC
added 2026/06/30 11:47 a.m.6 views

vulnerabilities found in Apple MacOS

Apple has addressed several vulnerabilities in macOS Tahoe. These vulnerabilities included out-of-bounds access, use-after-free errors, memory handling issues, type confusion, double-free operations, stack overflows, insufficient input validation, and race conditions. These vulnerabilities could...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/30 12:0 a.m.6 views

Security update for rpcbind (moderate)

openSUSE security update: security update for rpcbind ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21019-1 Rating: moderate References: bsc1117217 bsc1181400 bsc1267212 Affected Products: openSUSE Leap 16.0...

6.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/29 9:47 a.m.7 views

CVE-2026-53298

A flaw was found in the Linux kernel's airoha network driver. An issue with early initialization of the ndesc variable in the airohaqdmainitrxqueue routine can lead to a NULL pointer dereference during cleanup. This can result in a Denial of Service DoS condition. Additionally, improper ordering ...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.7 views

SUSE CVE-2026-53298

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

5.8AI score0.00122EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

DEBIAN-CVE-2026-53298

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53296

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References11
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53298

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.5 views

CVE-2026-53298

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
CVE
CVE
added 2026/06/26 7:40 p.m.17 views

CVE-2026-53298

In CVE-2026-53298, the Linux kernel airoha network driver is affected by a race in initialization: ndesc is initialized too early in airoha_qdma_init_rx_queue(), causing a NULL pointer dereference during cleanup if allocation fails. The documented fix moves ndesc initialization to the end of airo...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:40 p.m.8 views

CVE-2026-53296

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

5.8AI score0.00129EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/06/26 7:40 p.m.6 views

EUVD-2026-39901

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

5.8AI score0.00129EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53019

Name of the Vulnerable Software and Affected Versions python-socketio versions prior to 5.16.2 Description The server stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacker can trigger a memory exhaustion issue by submitting a binary message and...

7.5CVSS5.8AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mailbox-test component where channels are not freed during a probe error. This failure to release resources leads to a memory leak and creates Use-After-Free UAF...

5.7AI score0.00129EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52937

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the airoha qdma init rx queue function when queue entry or DMA descriptor list allocation fails. This happens because the ndesc variable is initializ...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References19
Rows per page
Query Builder