Lucene search
K

661 matches found

CVE
CVE
added yesterday5 views

CVE-2026-56187

Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally...

7CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-56183

Use after free in Windows MIDI Service Module allows an authorized attacker to elevate privileges locally...

7CVSS6AI score
Exploits0References1
Nuclei
Nuclei
added yesterday17 views

WordPress midi-Synth <= 1.1.0 - Unauthenticated Arbitrary File Upload

WordPress midi-Synth plugin \u003C= 1.1.0 contains an unrestricted file upload vulnerability caused by missing file type and extension validation in the 'export' AJAX action, letting unauthenticated attackers upload arbitrary files and potentially execute remote code, exploit requires attacker to...

9.8CVSS6.3AI score0.04458EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It...

5.5CVSS6AI score0.00175EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 6:29 p.m.9 views

CVE-2026-52963

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA USB audio driver. The driver's handling of MIDI Musical Instrument Digital Interface endpoint descriptors did not properly bound scans, allowing it to read beyond the intended memory buffer. This out-of-bounds read coul...

5.5CVSS5.7AI score0.00184EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:14 a.m.7 views

SUSE CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.8AI score0.00184EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/25 6:18 p.m.4 views

CVE-2026-52964

A flaw was found in the Linux kernel's ALSA USB audio component. The USB MIDI 2.0 endpoint parser, responsible for handling audio device descriptors, failed to properly validate the length of these descriptors. This vulnerability could allow a local attacker, by connecting a specially crafted...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53241

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: dummy: fix UMP event stack overread The dummy sequencer port forwards events by copying an incoming struct sndseqevent into a stack temporary, rewriting source and destination, and dispatching the temporary to...

5.5CVSS0.00127EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52963

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using...

5.5CVSS6AI score0.00184EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38831

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.7AI score0.00184EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/24 6:32 p.m.4 views

EUVD-2026-38832

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00175EPSS
Exploits0References6
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.5CVSS0.00184EPSS
Exploits0References8
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.5CVSS0.00175EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.4 views

CVE-2026-52964

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00175EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/24 4:28 p.m.5 views

CVE-2026-52964 ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.5CVSS5.8AI score0.00175EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:28 p.m.12 views

CVE-2026-52964

Summary of CVE-2026-52964 : A flaw in the Linux kernel’s ALSA USB-audio path (USB MIDI 2.0 endpoint parser) fails to validate descriptor lengths for the MIDI 2.0 endpoint, allowing a malformed device to cause out-of-bounds reads on baAssoGrpTrmBlkID[] due to walking endpoint extras before verifyi...

5.5CVSS5.7AI score0.00175EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:28 p.m.7 views

CVE-2026-52963

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.7AI score0.00184EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/06/24 4:28 p.m.1 views

CVE-2026-52963 ALSA: usb-audio: Bound MIDI endpoint descriptor scans

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.5CVSS5.8AI score0.00184EPSS
Exploits0References11
CVE
CVE
added 2026/06/24 4:28 p.m.12 views

CVE-2026-52963

CVE-2026-52963 affects the Linux kernel ALSA usb-audio code path, specifically the MIDI endpoint handling in snd_usbmidi_get_ms_info. The vulnerability arises when the descriptor walker returns a class-specific MIDI endpoint with bLength larger than the remaining bytes in the endpoint-extra scan,...

5.5CVSS5.7AI score0.00184EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51857

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA usb-audio component where the snd usbmidi get ms info function fails to properly bound MIDI endpoint descriptor scans. While the function validates the intern...

5.9AI score0.00184EPSS
Exploits0References17
Rows per page
Query Builder