CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Snyk•added 6 days ago•3 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the formattr function when handling JSON object keys of exactly 65,535 bytes with createid enabled. An attacker can cause heap memory corruption and crash the process by supplying a specially crafted JSON payload with ...

8.7CVSS5.9AI score

Cvelist•added 6 days ago•18 views

CVE-2026-9375 Decompression Bomb Bypass via Negative max_length in Streaming API in urllib3

urllib3 version 2.6.3 is vulnerable to a decompression bomb bypass in its streaming API preloadcontent=False when using Brotli support. The issue arises due to three independent code paths in response.py that bypass the maxlength protection introduced in version 2.6.0 to mitigate CVE-2025-66471...

7.5CVSS0.00304EPSS

AstraLinux•added 6 days ago•2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed a soft lockup issue in brmulticastqueryexpired. When setting multicastqueryinterval to a large value, the local variable time in brmulticastsendquery may overflow. If the time is less than a few milliseconds, t...

5.5CVSS6.7AI score0.0011EPSS

7.8CVSS5.8AI score0.00141EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: netfs: Fix for unbuffered write error handling If all the subrequests in an unbuffered write stream fail, the subrequest collector does not update the stream-transferred value, and it retains its initial LONGMAX value...

7.8CVSS6.1AI score0.00142EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: hcisync: Fixed a stack buffer overflow in hcilebigcreatesync. The function hcilebigcreatesync uses DEFINEFLEX to allocate a struct hcicplebigcreatesync on the stack, with 0x11 17 bytes of space for BIS entries...

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: eventpoll: Fixed semi-unbounded recursion. Ensured that epoll instances never form a graph with more than EPMAXNESTS+1 links. Currently, eploopcheckproc ensures that the graph is free of loops and performs some recursion depth...

5.5CVSS6.9AI score0.00153EPSS

AstraLinux•added 6 days ago•5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: QCA8K: resetting the CPU port when the MTU changes. It was discovered that the documentation lacks a fundamental detail regarding how to correctly change the MAXFRAMESIZE of the switch. In fact, if the MAXFRAMESIZE...

5.5CVSS5.8AI score0.00237EPSS

AstraLinux•added 6 days ago•6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fixed a kernel panic that occurs when the host sends an invalid H2C PDU length. If the host sends an H2CData command with an invalid DATAL value, the kernel may crash in the nvmettcpbuildpduiovec function. The...

5.5CVSS5.7AI score0.00228EPSS

5.5CVSS5.7AI score0.00182EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci: The issue of setting maxsegsize to 64KiB PAGESIZE has been fixed. blkqueuemaxsegmentsize: It is ensured that: if maxsize maxsegmentsize PAGESIZE return -EINVAL; This change exposes the vulnerability in sdhci, which...

AstraLinux•added 6 days ago•7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xsk: Validates the MTU against the usable frame size when binding. The AFXDP binding currently accepts zero-copy pool configurations without verifying that the device’s MTU fits within the usable frame space provided by the UMEM...

5.5CVSS5.9AI score0.00122EPSS

5.5CVSS5.3AI score0.00114EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: Annotated data-race in ndiscrouterdiscovery The syzbot found that ndiscrouterdiscovery could read and write in6dev-ramtu without holding a lock 1 This seems fine, as IFLAINET6RAMTU is a best-effort mechanism. Add...

5.5CVSS5.3AI score0.00116EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: fixed an issue where the algorithm used for encoded extents was invalid. The current algorithm sanity checks do not properly apply to newly encoded extents. We need to unify the algorithm checks with the...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fixed out-of-band OOB access during the parseadvmonitorpattern function execution. In the parseadvmonitorpattern function, the value of the length variable is currently limited to HCIMAXEXTADLENGTH251. The size o...

5.7AI score0.00168EPSS

5.5CVSS5.3AI score0.00121EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intelpstate: A crash occurred during the disabling of turbo mode. When the system is booted with the kernel command line arguments “nosmt” or “maxcpus” to limit the number of CPUs, disabling turbo mode by executing: echo...

7.1CVSS4.9AI score0.00244EPSS

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Thermal: Intel: PowerClamp: Fixing a mismatch in the get function for maxIdle. KASAN reported this issue. 444.853098 BUG: KASAN: Global-out-of-bounds access in paramgetint+0x77/0x90 444.853111 A size 4 value was read from the...