Lucene search
K

3471 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in espeak-ng

It was discovered that Espeak-ng 1.52-dev contains a Floating Point Exception due to the use of the PeaksToHarmspect function in wavegen.c...

5.5CVSS5.5AI score0.00376EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: clk: sunxi-ng: h616: Reparenting the GPU clock during frequency changes The H616 manual does not indicate that the GPU PLL supports dynamic frequency configuration. Therefore, we must be extra careful when changing the frequency...

5.5CVSS6.6AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in espeak-ng

It was discovered that Espeak-ng 1.52-dev contains a Stack Buffer Underflow due to the CountVowelPosition function in synthdata.c...

5.3CVSS5.9AI score0.00372EPSS
Exploits1References1
OSV
OSV
added 2026/05/18 6:56 p.m.6 views

CLSA-2026-1779130594 procps-ng: Fix of CVE-2023-4016

CVE-2023-4016: fix possible buffer overflow in ps -C option...

3.3CVSS6.6AI score0.00241EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/18 3:31 a.m.11 views

AMF Improperly Restricts Operations within the Bounds of a Memory Buffer

A vulnerability was determined in omec-project amf up to 2.1.3-dev. Impacted is the function NGSetupRequest of the file ngap/handler.go. Executing a manipulation of the argument InformationElement can lead to memory corruption. The attack can be launched remotely. The exploit has been publicly...

5.3CVSS5.4AI score0.00303EPSS
Exploits0References9Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 5:37 p.m.9 views

CVE-2026-37630

A flaw was found in QuickJS-NG. An attacker can exploit an issue within the jsmappedargumentsmark function to execute arbitrary code. This vulnerability allows for unauthorized code execution, potentially leading to a complete compromise of the affected system...

7.3CVSS6AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/11 9:31 p.m.10 views

EUVD-2026-29291

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

6.2AI score0.00233EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 4:32 p.m.21 views

CVE-2026-42312

pyload-ng contains a vulnerability (CVE-2026-42312) where a non-admin user with SETTINGS permission can disable TLS peer/hostname verification by setting general.ssl_verify off. The root cause is that the option is not in the ADMIN_ONLY_CORE_OPTIONS allowlist, so set_config_value() writes are all...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 4:32 p.m.7 views

CVE-2026-42312 pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The option "general",...

6.8CVSS5.8AI score0.00174EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/11 4:30 p.m.37 views

CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

8.3CVSS0.00396EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/11 4:30 p.m.7 views

CVE-2026-42313 pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the setconfigvalue API method @permissionPerms.SETTINGS in src/pyload/core/api/init.py gates security-sensitive options behind a hand-maintained allowlist ADMINONLYCOREOPTIONS. The allowlist contains...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1
CVE
CVE
added 2026/05/11 4:30 p.m.14 views

CVE-2026-42313

Summary of CVE-2026-42313 / pyload-ng: A non-admin user with SETTINGS permission can enable a proxy and point pyload at any attacker-controlled host, causing all outbound traffic (downloads, captcha fetch, update checks, plugin HTTP calls) to be routed through that attacker. The vulnerability ste...

8.3CVSS5.8AI score0.00396EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 12:0 a.m.9 views

CVE-2026-37630

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

6.2AI score0.00233EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.16 views

PT-2026-39832

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the js mapped arguments mark function...

6.2AI score0.00233EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 12:0 a.m.32 views

CVE-2026-37630

The connected sources confirm a vulnerability in QuickJS-NG v0.12.1 that allows an attacker to execute arbitrary code via the js_mapped_arguments_mark function. Impact per metrics is CVSS v3.1 base score 7.3 (HIGH), with network attack vector, low complexity, no privileges required, and no user i...

7.3CVSS6.2AI score0.00233EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 12:0 a.m.34 views

CVE-2026-37630

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

0.00233EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/11 12:0 a.m.7 views

CVE-2026-37630

An issue in QuickJS-NG v.0.12.1 allows an attacker to execute arbitrary code via the jsmappedargumentsmark function...

7.3CVSS6.2AI score0.00233EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/07 12:0 a.m.13 views

PaperCut NG < 25.0.11 Path Traversal (CVE-2026-6418)

The version of PaperCut NG installed on the remote Windows host is prior to 25.0.11. It is, therefore, affected by a vulnerability: - A path traversal vulnerability exists in the Shared Account Synchronization component of PaperCut NG/MF. Due to a lack of proper path validation and sanitization, ...

4.9CVSS6AI score0.00376EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/06 11:42 p.m.9 views

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: SNYK:JS-ANGULARSSR-16438975...

6.9CVSS5.7AI score0.00203EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/06 11:42 p.m.8 views

@cosla/sensemaking-web-ui (>=1.0.5 <=1.0.8), @manniwatch/client-desktop (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2026-44437 via @angular/ssr (>=19.0.5 <=19.2.19)

@angular/ssr NPM version =19.0.5, =1.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...

6.9CVSS5.7AI score0.00203EPSS
Exploits0
Rows per page
Query Builder