Lucene search
K

87 matches found

SUSE CVE
SUSE CVE
added 2026/06/04 2:21 a.m.10 views

SUSE CVE-2026-46260

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

5.8AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/03 3:49 p.m.10 views

EUVD-2026-34122

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6addrt2node. syzbot reported out-of-bound read in fib6addrt2node. 0 When IPv6 route is created with RTANHID, struct fib6info does not have the trailing struct fib6nh. The cited commit started t...

5.8AI score0.0012EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ipv6 module’s failure to check iter-nh when using RTANHID in the fib6addrt2node function. As ...

7.8CVSS5.3AI score0.0012EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: ipv4: Handled attempts to delete multipath routes when fibinfo contains a reference to nh. Gwangun Jung reported a buffer overflow vulnerability in fibnhmatch: fibnhmatch+0xf98/0x1130, linux-6.0-rc7/net/ipv4/fibsemantics.c:961...

7.1CVSS6.5AI score0.00254EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed another slab-out-of-bounds issue in fib6nhflushexceptions While running the self-tests on a KASAN-enabled kernel, I observed a slab-out-of-bounds issue that was very similar to the one reported in commit 821bbf79fe46...

7.1CVSS6.3AI score0.00247EPSS
Exploits0References2
CVE
CVE
added 2026/05/08 2:21 p.m.24 views

CVE-2026-43374

Summary: CVE-2026-43374 affects the Linux kernel networking code (net: nexthop). The vuln arises when removing a nexthop from a group: remove_nh_grp_entry() publishes the new group via rcu_assign_pointer() and then immediately frees the removed entry’s percpu stats with free_percpu(), while the s...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/25 11:16 a.m.4 views

CVE-2026-23300

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loopback device e.g., "ip -6 nexthop add id 100 dev lo", fib6nhinit misclassifies it as a reject route...

5.5CVSS0.00123EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-005502)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005502 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix potential uninit-value access in ip6makeskb As it was done in commit fc1092f51567 ipv4:...

5.5CVSS6.3AI score0.0023EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fixed a memory leak in nhcpcpurthoutput within fibchecknhv6gw. The function fibchecknhv6gw expects that fib6nhinit will clean up everything when it fails. The commit 7dd73168e273 „ipv6: Always allocate pcpu memory in fib6nh...

5.5CVSS6.4AI score0.00185EPSS
Exploits0References3
Redos
Redos
added 2026/01/21 12:0 a.m.5 views

ROS-20260121-73-0021

A vulnerability in the fibchecknhv6gw function of the Linux operating system kernel is related to a possible memory leak. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS7.2AI score0.00185EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:40 a.m.14 views

CVE-2022-35911

On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. NOTE: the vendor's perspective is that "omitting the query string does not cause a denial of service and the indicated event can not be reproduced...

7.5CVSS7.1AI score0.02045EPSS
Exploits2References1
NVD
NVD
added 2026/01/07 12:16 p.m.6 views

CVE-2025-14145

The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS0.00235EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:20 a.m.21 views

CVE-2025-14145 Niche Hero | Beautifully-designed blocks in seconds <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'spacing' Shortcode Attribute

The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spacing' parameter of the nhrow shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possib...

6.4CVSS0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-1632

Name of the Vulnerable Software and Affected Versions The Niche Hero | Beautifully-designed blocks in seconds plugin for WordPress versions through 1.0.5 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows...

6.4CVSS5.5AI score0.00235EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989032)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989032 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fibinfo contains an nh reference Gwangun Jung...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987112)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987112 advisory. In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fibinfo contains an nh reference Gwangun Jung...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/10/03 11:17 a.m.7 views

CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS6.3AI score0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/03 11:17 a.m.38 views

CVE-2025-9200 Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App <= 0.8.8.8 - Unauthenticated SQL Injection

The Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App plugin for WordPress is vulnerable to SQL Injection via the nhynaacomments function in all versions up to, and including, 0.8.8.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

7.5CVSS0.00338EPSS
Exploits0References2
CVE
CVE
added 2025/10/03 11:17 a.m.32 views

CVE-2025-9200

CVE-2025-9200 affects the WordPress plugin “Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App”. The issue is an unauthenticated SQL Injection via nh_ynaa_comments() present in all versions up to 0.8.8.8, caused by insufficient escaping of user-supplied input and inadequa...

7.5CVSS6.4AI score0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/17 2:56 p.m.9 views

CVE-2023-53342 net: marvell: prestera: fix handling IPv4 routes with nhid

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fibinfonh with fibinfonhc. Trying to add an IPv4 route referencing a nextop via nhid: $ ip...

0.00182EPSS
Exploits0References3
Rows per page
Query Builder