Lucene search
K

782 matches found

EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-42411

Multiple protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.6 and 4.4.0 to 4.4.16 allow denial of service...

5.5CVSS5.9AI score
Exploits0References6
NVD
NVD
added 6 hours ago7 views

CVE-2026-59879

Immutable.js provides many Persistent Immutable data structures. Prior to 4.3.9 and 5.1.8, Listset, ListsetSize, ListsetIn, ListupdateIn, and the functional set, setIn, and updateIn mishandle an index or size in the range 2 30 to 2 31 in setListBounds in src/List.js, causing an empty List to ente...

8.7CVSS
Exploits0References5
CVE
CVE
added 7 hours ago7 views

CVE-2026-59879

Immutable.js List contains a 32-bit trie overflow in List.js setListBounds that, prior to versions 4.3.9 and 5.1.8, can mishandle an index or size in the 2^30–2^31 range, leading to an uncatchable infinite loop for empty Lists, unbounded allocation for populated Lists, or silent wrap of large set...

8.7CVSS6AI score
Exploits0References5
EUVD
EUVD
added 2 days ago8 views

EUVD-2026-25012

mv: symlinks expanded during cross-device move resource exhaustion / data duplication...

6.6CVSS5.9AI score0.00161EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 6 days ago10 views

CVE-2026-44740

A flaw was found in Billy, an interface filesystem abstraction for Go. This vulnerability allows a remote attacker to cause a Denial of Service DoS by providing crafted or malformed input. The issue arises from insufficient validation and missing safety mechanisms when processing untrusted...

7.5CVSS6AI score0.00295EPSS
Exploits0References6
OSV
OSV
added 2026/06/30 5:41 p.m.2 views

SUSE-SU-2026:22433-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...

9.8CVSS7.4AI score0.93235EPSS
Exploits41References350
RedhatCVE
RedhatCVE
added 2026/06/26 7:34 a.m.5 views

CVE-2026-53138

A flaw was found in the Linux kernel's AMD display drm/amd/display driver. A malformed VBIOS image can cause unbounded processing loops, leading to an out-of-bounds read. This could result in information disclosure or a system crash...

7.1CVSS5.8AI score0.00176EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.4 views

CVE-2026-53138

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

7.1CVSS5.6AI score0.00176EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53138

The CVE-2026-53138 issue affects the Linux kernel’s drm/amd/display driver. A malformed VBIOS image can cause unbounded record-chain walk loops in bios_parser.c and bios_parser2.c due to for(;;) loops that terminate only on a 0xFF sentinel or zero record_size. This can lead to a large number of i...

7.1CVSS5.7AI score0.00176EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.28 views

CVE-2026-53138 drm/amd/display: Bound VBIOS record-chain walk loops

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Bound VBIOS record-chain walk loops Why & How All record-chain walk loops in biosparser.c and biosparser2.c use for;; and only terminate on a 0xFF recordtype sentinel or zero recordsize. A malformed VBIOS image...

0.00176EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 2:17 p.m.13 views

CVE-2026-57280

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

8.8CVSS0.00372EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.8 views

EUVD-2026-38760

Jenkins Script Security Plugin 1402.v94c9ce464861 and earlier does not intercept the implicit type casts applied to the elements of typed for-each loops in sandboxed Groovy scripts, allowing attackers able to provide such scripts to invoke arbitrary constructors and bypass the sandbox protection...

8.8CVSS6AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 1:20 p.m.33 views

CVE-2026-57280

The CVE-2026-57280 affects Jenkins Script Security Plugin (versions up to and including 1402.v94c9ce464861). The issue is that sandboxed Groovy scripts do not intercept implicit type casts in elements of typed for-each loops, which can allow a user-supplied script to invoke arbitrary constructors...

8.8CVSS6AI score0.00372EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 5:29 a.m.13 views

kernel: Linux kernel: Denial of Service in libceph OSD client due to unreset sparse-read state

A flaw was found in the Linux kernel's libceph OSD client. When a connection fault occurs during a sparse read, the sparse-read state is not properly reset. This allows a misbehaving or compromised Ceph OSD server, or a network adversary, to disrupt traffic. As a result, the client can misinterpr...

7.5CVSS5.8AI score0.0028EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38124

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 3:24 p.m.19 views

CVE-2026-56307

Cap-go before 12.128.12 has a broken cursor pagination vulnerability in the /private/devices endpoint of the Cloudflare/workerd path. Authenticated attackers with app.read_devices can exploit non-advancing cursor filters to trigger infinite pagination loops, causing duplicate pages and making lat...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/20 3:24 p.m.30 views

CVE-2026-56307 Cap-go - Broken Cursor Pagination in /private/devices Endpoint

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS0.00238EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Wireshark

Excessive loops in multiple dissectors in Wireshark versions 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 allow denial of service via packet injection or crafted capture files...

6.5CVSS6.8AI score0.00887EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Wireshark

MONGO and ZigBee TLV dissector have infinite loops in Wireshark versions 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22. These bugs allow for denial of service through packet injection or with properly crafted capture files...

7.5CVSS6.8AI score0.00811EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 5:16 p.m.13 views

CVE-2025-32436

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AddAudioToVideoBlock will download and store the video and audio in a temporary directory without deleting before all noded are done. StepThroughItemsBlock c...

7.1CVSS0.00247EPSS
Exploits0References1
Rows per page
Query Builder