Lucene search
K

27508 matches found

EUVD
EUVD
added 2026/06/25 7:51 p.m.7 views

EUVD-2026-38384

MessagePack-CSharp: JSON conversion APIs can recurse without consistent depth enforcement...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 7:35 p.m.13 views

CVE-2026-55958

The CVE-2026-55958 issue is a buffer overrun in Renesas TSIP TLS 1.3 transcript handling. In tsip_StoreMessage(), a capacity check for the fixed MSGBAG_SIZE (8 KB) sets an error but does not return, allowing an XMEMCPY to overwrite past the end once the TLS handshake transcript exceeds MSGBAGE_SI...

8.3CVSS6.3AI score0.00269EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-56770

libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds,...

8.7CVSS0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:53 p.m.7 views

EUVD-2026-38386

MessagePack-CSharp: LZ4 decompression allocates from unbounded declared output lengths...

7.5CVSS5.8AI score0.00236EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:52 p.m.6 views

EUVD-2026-38387

MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies...

9.1CVSS5.8AI score0.00236EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/25 6:44 p.m.6 views

CVE-2026-52955

A flaw was found in the libceph component of the Linux kernel. A remote attacker could send a specially crafted CEPHMSGOSDMAP message where two internal fields, alg and b-alg, contain differing bucket algorithm values. This discrepancy can lead to an out-of-bounds memory access during processing ...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.4 views

CVE-2026-52958

A flaw was found in the Linux kernel's libceph component. This vulnerability, located within the osdmapdecode function, can lead to an out-of-bounds memory access. A remote attacker could exploit this by sending a specially crafted and corrupted osdmap message, where the maxosd value exceeds the...

9.1CVSS5.9AI score0.00544EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:16 p.m.3 views

UBUNTU-CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS5.8AI score0.00114EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 6:14 p.m.30 views

CVE-2026-56790 CANBoat - Off-by-One Global Buffer Overflow in searchForPgn()

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or...

7.3CVSS0.00215EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 6:11 p.m.13 views

CVE-2026-56786

RTKLIB 2.4.3 contains an out-of-bounds write in decode_type1033 that fails to clamp length counters to the destination buffer. This allows up to a 191-byte overflow into fixed 64-byte descriptor fields when processing a crafted RTCM3 type-1033 message. An attacker controlling an NTRIP or serial R...

9.8CVSS6.7AI score0.00422EPSS
Exploits1References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/25 5:32 p.m.4 views

net/textproto: golang: Golang net/textproto: Misleading error messages via input injection

A flaw was found in the net/textproto package in Golang. When functions in this package return errors, they include their input as part of the error message. An attacker could exploit this by injecting misleading content into these error messages, which are then printed or logged. This could lead...

5.3CVSS5.8AI score0.0037EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:53 p.m.5 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 4:53 p.m.5 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS5.8AI score0.00114EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:35 p.m.4 views

CVE-2026-6094

Heap buffer overread in wcPKCS7DecodeEnvelopedData when parsing crafted PKCS7 EnvelopedData. This could theoretically be triggered by attacker-supplied data delivered via S/MIME or CMS...

6.3CVSS6AI score0.00294EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/25 3:51 p.m.28 views

CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS0.00159EPSS
Exploits1References1
CVE
CVE
added 2026/06/25 3:51 p.m.7 views

CVE-2026-54029

CVE-2026-54029 affects LibreChat prior to 0.8.4-rc1. The bug is in the DELETE /api/messages/:conversationId/:messageId endpoint where authentication validates the conversationId but the deleteMessages({ messageId }) call uses only messageId as the MongoDB filter, omitting a user constraint. As a ...

6.5CVSS5.9AI score0.00159EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/25 3:51 p.m.5 views

CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS5.8AI score0.00353EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/06/25 1:39 p.m.30 views

CVE-2026-47150 IAS Zone enroll invalid table index and write in EmberZNet 9.0.2

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...

7.1CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53204

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL deref on rsusendmsg timeout in probe rsusendmsg can return -ETIMEDOUT when waitforcompletioninterruptibletimeout fires while the SMC call is still pending. In stratix10rsuprobe, the error paths f...

5.5CVSS0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 9:16 a.m.13 views

CVE-2026-53132

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential unbounded skb queue virtiotransportincrxpkt checks vvs-rxbytes + len vvs-bufalloc. virtiotransportrecvenqueue skips coalescing for packets with VIRTIOVSOCKSEQEOM. If fed with packets with len == 0 and...

7.1CVSS0.0014EPSS
Exploits0References4
Rows per page
Query Builder