Lucene search
+L

524 matches found

CVE
CVE
added 2026/04/30 8:17 p.m.24 views

CVE-2026-28532

FRRouting before 10.5.3 is affected by an integer overflow in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16_t accumulator truncates uint32_t values returned by TLV_SIZE(), causing the loop termination condition to fail while pointer advancement continues. An at...

6.5CVSS5.3AI score0.00225EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/30 12:0 a.m.21 views

PT-2026-36172

Name of the Vulnerable Software and Affected Versions FRRouting versions prior to 10.5.3 Description An integer overflow exists in seven OSPF Traffic Engineering and Segment Routing TLV parser functions. A uint16 t accumulator variable truncates uint32 t values returned by the TLV SIZE macro, whi...

7.5CVSS5.9AI score0.00371EPSS
Exploits0References40
RedhatCVE
RedhatCVE
added 2026/04/27 10:18 a.m.6 views

CVE-2026-31683

A flaw was found in the batman-adv module of the Linux kernel. This vulnerability arises when the Optimized Global Messaging OGM aggregation state is dynamically altered, leading to insufficient buffer space skb tailroom for network packets. A remote attacker could exploit this condition by sendi...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.12 views

PT-2026-38560

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description When using the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory, leading to a crash. This occurs specifically when utilizing th...

9.8CVSS5.8AI score0.00813EPSS
Exploits0
NVD
NVD
added 2026/04/09 10:16 p.m.12 views

CVE-2026-33780

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon l2ald of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service DoS. In an EVPN-MPLS...

7.1CVSS0.00173EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/08 3:9 p.m.6 views

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the internalexrundopiz process. An attacker can cause out-of-bounds memory access, leading to potential memory corruption or process crash, by supplying a specially crafted EXR file that triggers signed integ...

8.8CVSS6AI score0.00482EPSS
Exploits1References4
OSV
OSV
added 2026/04/06 4:16 p.m.3 views

DEBIAN-CVE-2026-34379

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

7.1CVSS5.6AI score0.00283EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 3:46 p.m.61 views

CVE-2026-34764

The CVE-2026-34764 issue affects Electron apps that use offscreen rendering with GPU shared textures (webPreferences.offscreen: { useSharedTexture: true }). The root cause is a use-after-free where the release() callback for a paint-event texture can outlive its backing native state, causing a de...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/06 3:46 p.m.5 views

CVE-2026-34764 Electron has a use-after-free in offscreen shared texture release() callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 33.0.0-alpha.1 to before 39.8.5, 40.8.5, 41.1.0, and 42.0.0-alpha.5, apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain...

2.3CVSS5.8AI score0.001EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

Electron 资源管理错误漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.0,...

8.8CVSS5.8AI score0.00287EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/04 12:0 a.m.3 views

SUSE SLED15 / SLES15 Security Update : wireshark (SUSE-SU-2026:1169-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1169-1 advisory. Update Wireshark to version 4.6.4 jscPED-15400. - CVE-2024-9780: ITS dissector crash bsc1231475. -...

7.8CVSS6.8AI score0.00306EPSS
Exploits12References55
OSV
OSV
added 2026/04/03 9:52 p.m.3 views

GHSA-8X5Q-PVF5-64MP Electron: Use-after-free in offscreen shared texture release() callback

Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...

2.3CVSS5.8AI score0.001EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/03 9:51 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview vllm is an A high-throughput and memory-efficient inference and serving engine for LLMs Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of a frame count limit in the loadbase64 function when processing video/jpeg...

7.1CVSS5.9AI score0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:58 p.m.7 views

CVE-2026-34535

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a crafted ICC profile can trigger a segmentation fault SEGV in CIccTagArray::Cleanup. The issue is observable under UBSan/ASan as misaligned member access / misaligned pointer...

6.2CVSS5.8AI score0.00156EPSS
Exploits1References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/27 8:52 p.m.5 views

CVE-2026-27879

A flaw was found in Grafana. A remote attacker with low privileges can exploit this vulnerability by sending a specially crafted resample query. This can trigger out-of-memory crashes, leading to a Denial of Service DoS for the affected system. Mitigation Mitigation for this issue is either not...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References4
AlpineLinux
AlpineLinux
added 2026/03/27 2:12 p.m.6 views

CVE-2026-27880

The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS5.5AI score0.00772EPSS
Exploits0
OSV
OSV
added 2026/03/27 2:3 p.m.6 views

OESA-2026-1725 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...

3.1CVSS5.8AI score0.00264EPSS
Exploits0References2
OSV
OSV
added 2026/03/27 2:3 p.m.5 views

OESA-2026-1724 libxslt security update

Libxslt is the XSLT C library developed for the GNOME project Security Fixes: A flaw was found in the exsltFuncResultComp function of libxslt, which handles EXSLT func:result elements during stylesheet parsing. Due to improper type handling, the function may treat an XML document node as a regula...

3.1CVSS5.8AI score0.00264EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.14 views

PT-2026-28371

Name of the Vulnerable Software and Affected Versions Grafana versions prior to 11.6.14+security01-1 Description A resample query can be used to trigger out-of-memory crashes. Recommendations Update to version 11.6.14+security01-1...

9.8CVSS6.3AI score0.01557EPSS
Exploits2References89
CNNVD
CNNVD
added 2026/03/27 12:0 a.m.10 views

Grafana 安全漏洞

Grafana is a set of open-source monitoring tools developed by Grafana Open Source, which provide a visual monitoring interface. This tool is primarily used for monitoring and analyzing Graphite, InfluxDB, and Prometheus. Grafana has a security vulnerability that can lead to a memory insufficiency...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References2
Rows per page
Query Builder