Lucene search
K

795 matches found

CVE
CVE
added 5 days ago15 views

CVE-2026-60094

Vulnerability overview (CVE-2026-60094): Vinchin Backup & Recovery up to 9.0.0.86562 is affected by a heap buffer overflow in the agentlink_server. According to the records, an unauthenticated remote attacker can send a malformed TCP packet with an unchecked body_len field, passing an attacker-co...

6.9CVSS6.2AI score0.00411EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42587

Vinchin Backup & Recovery through 9.0.0.86562 contains a heap buffer overflow vulnerability that allows unauthenticated remote attackers to cause process crash or memory corruption by sending a malformed TCP packet with an unchecked bodylen field to the agentlinkserver service. Attackers can craf...

6.9CVSS6.2AI score0.00411EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-15165

A flaw was found in Wireshark. This vulnerability allows a remote attacker to cause a denial of service by crafting a malicious TLS Encrypted Client Hello ECH packet. When Wireshark attempts to decrypt this malformed packet, it can lead to a crash of the application, making it unavailable...

6.5CVSS5.9AI score0.00133EPSS
Exploits1References5
NVD
NVD
added 6 days ago8 views

CVE-2026-29008

U-Boot through 2026.04-rc3 contains an integer underflow vulnerability in the tcprxstatemachine function net/tcp.c that allows a network-adjacent attacker to crash the bootloader by sending a malformed TCP SYN+ACK packet with a manipulated data offset field causing payloadlen to become negative...

8.7CVSS0.00432EPSS
Exploits0References4
CVE
CVE
added 6 days ago10 views

CVE-2026-29008

U-Boot 2026.04-rc3 contains a vulnerability in tcp_rx_state_machine() (net/tcp.c) that can crash the bootloader via a malformed TCP SYN+ACK with manipulated data offset, causing payload_len to become negative. The negative value is implicitly converted to a large unsigned integer and passed to me...

8.7CVSS6AI score0.00432EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/04 11:4 p.m.7 views

CVE-2025-8873 Arista EOS Dataplane Denial of Service via Malformed IPsec Packet

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS5.5AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/04 11:4 p.m.36 views

CVE-2025-8873 Arista EOS Dataplane Denial of Service via Malformed IPsec Packet

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

8.7CVSS0.00386EPSS
Exploits0References1
OSV
OSV
added 2026/05/29 1:34 p.m.11 views

OESA-2026-2488 python-twisted security update

Twisted is an event-based framework for internet applications, supporting Python 2.7 and Python 3.5+. It includes modules for many different purposes, including the following: Security Fixes: A denial of service vulnerability exists in Twisted framework when handling DNS compression pointer chain...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References2
CVE
CVE
added 2026/05/28 9:14 p.m.26 views

CVE-2026-39929

CVE-2026-39929 concerns Lakeside SysTrack Agent prior to 11.2.1.28, 11.3.0.38, 11.4.0.24, and 11.5.0.15, where the out-of-bounds read occurs in the UDP Command ID 30 packet handler. The root cause is an invalid memory access triggered by a malformed UDP packet at offset 0x4 in the payload, leadin...

8.7CVSS5.8AI score0.01403EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/22 3:21 a.m.14 views

EUVD-2026-31403

An attacker sending tcp, il, rudp, rudp, or gre packets with a length less than the header size would trigger a kernel panic...

9.2CVSS5.8AI score0.00291EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/11 8:25 p.m.15 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.7AI score0.00481EPSS
Exploits1References1
OSV
OSV
added 2026/05/10 2:43 a.m.9 views

MGASA-2026-0126 Updated openvpn packages fix security vulnerabilities

CVE-2026-35058 - fix server ASSERT on receiving a suitably malformed packet with a valid tls-crypt-v2 key CVE-2026-40215 - fix race condition in TLS handshake that could lead to leaking of packet data from a previous handshake under specific circumstances...

6.9CVSS5.8AI score0.00317EPSS
Exploits0References5
NVD
NVD
added 2026/05/08 8:16 p.m.63 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:49 p.m.7 views

CVE-2026-42189

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/05/08 7:49 p.m.26 views

CVE-2026-42189

CVE-2026-42189 affects the Russh Rust SSH library. A pre-authentication denial-of-service exists in the server keyboard-interactive authentication path: an attacker can trigger an OOM crash by sending a crafted USERAUTH_INFO_RESPONSE with a large n, causing the server to allocate memory for a mas...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References3Affected Software2
Cvelist
Cvelist
added 2026/05/08 7:49 p.m.84 views

CVE-2026-42189 Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth

Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth e.g., for...

7.5CVSS0.00481EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.11 views

Russh 安全漏洞

Russh is a Rust SSH client and server library developed by Eugene as a personal project. Versions of Russh prior to 0.60.1 contained security vulnerabilities. These vulnerabilities stemmed from a pre-authentication denial-of-service vulnerability in the server’s keyboard interaction authenticatio...

7.5CVSS5.8AI score0.00481EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/01 8:48 p.m.8 views

CVE-2026-33450

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References1
NVD
NVD
added 2026/04/30 9:16 p.m.10 views

CVE-2026-33450

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service...

5.5CVSS0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/30 8:4 p.m.4 views

EUVD-2026-26422

CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service...

2.3CVSS5.3AI score0.00156EPSS
Exploits0References1
Rows per page
Query Builder