Lucene search
K

407 matches found

CVE
CVE
added 3 days ago7 views

CVE-2026-40454

CVE-2026-40454 affects the Apache IoTDB C++ client. The issue is an out-of-bounds read caused by improper input validation in the TsBlock deserializer, which can crash the client when processing malformed server data. Affected ranges are IoTDB C++ client: 1.3.5–1.3.7 and 2.0.5–2.0.9; upgrading to...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
Cvelist
Cvelist
added 3 days ago31 views

CVE-2026-40454 Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users...

0.00278EPSS
Exploits0References1
Snyk
Snyk
added 2026/07/03 10:19 p.m.5 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation via insufficient validation of repository creation fields, including length-limited template fields and trust model or object format values. An attacker can submit malformed or unexpected data by providing...

9.1CVSS6AI score0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 2:8 p.m.9 views

EUVD-2026-41005

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:8 p.m.7 views

CVE-2026-2891

The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...

8.2CVSS5.8AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.7 views

PT-2026-52991

Name of the Vulnerable Software and Affected Versions H.View HV-500S6 IP Camera affected versions not specified Description Certificate-related upload interfaces allow authenticated users to store arbitrary file content in fixed, persistent filesystem locations. The system fails to validate the...

8.6CVSS5.9AI score0.004EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/22 11:58 p.m.5 views

CVE-2026-10658

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...

7.1CVSS5.9AI score0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 11:58 p.m.40 views

CVE-2026-10658 Bluetooth Host ISO RX Missing SDU Header Length Validation in bt_iso_recv() Leads to DoS

A missing length validation in the Zephyr Bluetooth Host ISO receive path can be triggered by malformed HCI ISO data. In btisorecv subsys/bluetooth/host/iso.c, when processing PB=START/SINGLE fragments, the code pulls a TS SDU header 8 bytes, ts=1 or a non-TS SDU header 4 bytes, ts=0 without firs...

7.1CVSS0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48547

Name of the Vulnerable Software and Affected Versions russh versions 0.34.0 through 0.60.2 Description Several client and server message handlers decode attacker-controlled SSH strings, name-lists, and byte fields into owned allocations before applying field-specific bounds. A remote SSH peer can...

7.5CVSS5.3AI score0.00268EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.14 views

CVE-2026-40951

CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger a denial of service...

6.8CVSS5.5AI score0.00095EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 8:16 p.m.17 views

CVE-2021-4479

Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...

6.3CVSS0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 7:27 p.m.36 views

CVE-2021-4479 Dräger Atlan A350 1.00 <= 1.01 DoS via Medibus Interface

Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload...

6.3CVSS0.00241EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 7:0 p.m.8 views

CVE-2019-25723

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/02 7:0 p.m.31 views

CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

6.3CVSS0.00236EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 7:0 p.m.10 views

CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

6.3CVSS5.8AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/02 3:27 p.m.4 views

Astra Linux – Vulnerability in exim4

In Exim before 4.99.2, when utf8 operators are enabled, there is a potential for out-of-bounds reading if large UTF-8 trailing characters are present malformed UTF-8 header data. Information may be disclosed within an error message generated during the processing of an unrelated email message...

5.3CVSS6.2AI score0.00246EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.15 views

PT-2026-45812

Name of the Vulnerable Software and Affected Versions Dräger Perseus A500 versions 2.00 through 2.02 Description Improper input handling allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. This can overlo...

6.3CVSS5.4AI score0.00236EPSS
Exploits0References5
OSV
OSV
added 2026/05/29 7:43 p.m.33 views

GHSA-W5PP-99CH-QJ29 go-git: Malformed Git object data may cause panics or resource exhaustion

Impact Several denial-of-service issues were identified in go-git when parsing maliciously crafted Git repository data. An attacker may craft a malicious .pack, .idx or loose objects that causes an application using an affected version of go-git to panic or consume excessive resources. This can...

6.5CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added 2026/05/15 2:48 a.m.34 views

EUVD-2023-35620

Improper validation in Power Management Firmware PMFW may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability...

6.8CVSS5.8AI score0.00112EPSS
Exploits0References1
Rows per page
Query Builder