Lucene search
K

3023 matches found

EUVD
EUVD
added yesterday5 views

EUVD-2026-32924

Hono: app.mount strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths...

5.3CVSS5.8AI score0.00067EPSS
Exploits0References4
OSV
OSV
added yesterday3 views

GHSA-2GCR-MFCQ-WCC3 Hono: app.mount() strips mount prefix using undecoded path, causing incorrect routing for percent-encoded paths

Summary app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the prefix to be stripped at the wrong position when the path contains percent-encoded multi-byte...

5.3CVSS5.8AI score0.00067EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday5 views

php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()

A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...

6.5CVSS5.8AI score0.00064EPSS
Exploits0References5
EUVD
EUVD
added yesterday5 views

EUVD-2025-210062

HCL iControl was affected by Weak Input Validation vulnerability. This weakness is caused during implementation of an architectural security tactic. Received input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expecte...

4.3CVSS5.8AI score
Exploits0References1
Nuclei
Nuclei
added yesterday5 views

Starlette - Improper Validation of Unsafe Equivalence in Input

A flaw was found in Starlette, a lightweight ASGI Asynchronous Server Gateway Interface framework. A remote attacker could exploit this vulnerability by sending a specially crafted HTTP Host request header. This malformed header could cause the request.url to be incorrectly reconstructed, leading...

6.5CVSS5.8AI score0.00353EPSS
Exploits2References2
SUSE CVE
SUSE CVE
added yesterday4 views

SUSE CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00031EPSS
Exploits1References3
Packet Storm News
Packet Storm News
added 2 days ago2 views

Description-Code Inconsistency in Real-World MCP Servers: Measurement, Detection, and Security Implications

The Model Context Protocol MCP has emerged as a critical standard empowering Large Language Models LLMs to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool...

6AI score
Exploits0
NVD
NVD
added 3 days ago7 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS0.00031EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 3 days ago8 views

CVE-2026-45681 OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00031EPSS
Exploits1References2
Cvelist
Cvelist
added 3 days ago38 views

CVE-2026-45681 OpenTelemetry eBPF Instrumentation: CPU-mismatch fallback uses 256-byte buffer with 8KB size

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS0.00031EPSS
Exploits1References2
CVE
CVE
added 3 days ago11 views

CVE-2026-45681

Summary: OpenTelemetry eBPF Instrumentation contains a memory‑read overflow in the CPU‑mismatch fallback path. Prior to version 0.9.0, a 256‑byte backup buffer is used for the per‑CPU message buffer, while the logical payload size can reach 8KB. If a CPU mismatch occurs, the code can read beyond ...

5.9CVSS5.8AI score0.00031EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-45681

OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can...

5.9CVSS5.8AI score0.00031EPSS
Exploits1References3Affected Software1
SUSE CVE
SUSE CVE
added 3 days ago10 views

SUSE CVE-2026-46344

liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. Prior to 0.16.0, an out-of-bounds read has been identified in the XMSS and XMSS^MT stateful signature verification code. When the verification function is called with a...

5.3CVSS5.8AI score0.00051EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2025-210023

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.8AI score0.0001EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago8 views

EUVD-2025-210026

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

6.7CVSS5.9AI score0.00011EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS0.0001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2025-59613

Memory Corruption when output buffer size is smaller than input buffer size during data copying operation...

6.7CVSS5.9AI score0.00011EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.8AI score0.0001EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 4 days ago6 views

CVE-2025-59610 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Driver

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.8AI score0.0001EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-33699

FlexRIC v2.0.0 crashes when the iApp receives an E42RICSUBSCRIPTIONREQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the...

7.5CVSS5.8AI score0.0006EPSS
Exploits0References3
Rows per page
Query Builder