Lucene search
K

220 matches found

CVE
CVE
added yesterday6 views

CVE-2026-59725

CVE-2026-59725 affects Socket.IO’s Engine.IO polling transport (versions 4.1.0–6.6.6). The root cause is that invalid binary POST requests with Content-Type: application/octet-stream are not properly closing the HTTP response, enabling unauthenticated attackers to exhaust server-side connections ...

7.5CVSS6AI score
Exploits0References3
CVE
CVE
added 2026/06/26 5:32 p.m.22 views

CVE-2026-48497

CVE-2026-48497 affects Envoy and relates to the UDP DNS filter. Before versions 1.35.11, 1.36.7, 1.37.3, and 1.38.1, a query with a DNS name of exactly 255 octets (local or remote resolution) can trigger abnormal process termination due to an invalid runtime precondition that the name must be str...

7.5CVSS5.8AI score0.00405EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/24 12:5 p.m.4 views

RLSA-2026:28235 Low: libtasn1 security update

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: libtasn1: Denial of Service via stack-based...

5.9CVSS6.3AI score0.01109EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 12:3 p.m.3 views

RLSA-2026:28253 Low: libtasn1 security update

A library that provides Abstract Syntax Notation One ASN.1, as specified by the X.680 ITU-T recommendation parsing and structures management, and Distinguished Encoding Rules DER, as per X.690 encoding and decoding functions. Security Fixes: libtasn1: libtasn1: Denial of Service via stack-based...

5.9CVSS7.7AI score0.01109EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/23 11:58 p.m.11 views

Low: Red Hat Security Advisory: libtasn1 security update

An update for libtasn1 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

7.5CVSS7.9AI score0.01109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.11 views

PT-2026-50475

Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.05.1 Description When NC SECURE ATTACHMENTS is set to true, an authenticated uploader can upload .html or .svg attachments that the browser renders inline from the NocoDB origin instead of forcing a download. This...

5.1CVSS5.7AI score0.00288EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.11 views

EulerOS Virtualization 2.13.0 : libtasn1 (EulerOS-SA-2026-2177)

According to the versions of the libtasn1 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a...

7.5CVSS8.1AI score0.01109EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8507

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

9.8CVSS5.5AI score0.00648EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.10 views

CVE-2026-43988

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

7.5CVSS5.5AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.9 views

CVE-2026-45615

mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c specifically INTEGERoer.c. When parsing a maliciously crafted, zero-length OER payload for a variable-length, non-negative INTEGER type, th...

8.2CVSS5.6AI score0.00197EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.10 views

CVE-2026-45331

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, validateurl in backend/openwebui/retrieval/web/utils.py calls validators.ipv6ip, private=True, but the validators library does NOT implement the private keyword for IPv6 — the call...

8.5CVSS5.4AI score0.00286EPSS
Exploits1References1
Snyk
Snyk
added 2026/05/29 3:19 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the INTEGERdecodeoer function. An attacker can cause a denial of service or trigger incorrect integer interpretation in downstream applications by submitting a maliciously crafted, zero-length OER payload for a...

8.8CVSS5.8AI score0.00197EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 1:24 p.m.28 views

CVE-2026-45615

ASN.1 compiler mouse07410/asn1c (1.4 and earlier) contains a memory-safety flaw in the OER decoding skeleton (INTEGER_oer.c). Parsing a crafted, zero-length OER payload for a variable-length, non-negative INTEGER can skip required-byte validation before extracting the MSB, causing a precise 1-byt...

8.2CVSS5.9AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

asn1c 安全漏洞

ASN1C is an ASN.1 compiler developed by Lev Walkin as a personal project. Versions of ASN1C prior to 1.4 contained security vulnerabilities. These vulnerabilities stemmed from memory safety issues in the OER decoding framework. When parsing specially crafted zero-length payloads, the decoder did...

8.2CVSS5.8AI score0.00197EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 9:18 p.m.21 views

CVE-2026-44905

Vanetza (ETSI C-ITS) contains a denial-of-service condition in 26.02 and earlier due to a logic flaw in the cryptographic verification path. An incoming V2X certificate with a Psid subtype violation can be parsed syntactically, but semantic checks are not enforced until re-encoding during Straigh...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:17 p.m.7 views

CVE-2026-43988

Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures e.g., invalid length...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.9 views

Vanetza 安全漏洞

Vanetza is an open-source implementation of a vehicle communication protocol suite developed by Raphael Riebl. Versions of Vanetza prior to 26.02 contained a security vulnerability. This vulnerability occurred when processing malformed network packets in the ASN.1/OER parsing pipeline, where the...

7.5CVSS5.8AI score0.00184EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in opensc

Before version 0.20.0-rc1, OpenSC had a buffer overflow vulnerability related to the ASN.1 Octet string in the asn1decodeentry function in libopensc/asn1.c...

6.4CVSS6.8AI score0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/17 6:43 p.m.9 views

CVE-2026-8507 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds (OOB) write flaws

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl have out-of-bounds OOB write flaws. When parsing a PKCS12 file, with a = 1 GiB OCTET STRING or BIT STRING attribute on a SAFEBAG, via info or infoashash, a heap out-of-bounds write would be triggered with remote-code-execution potential RCE du...

5.9AI score0.00648EPSS
Exploits0References4
OSV
OSV
added 2026/05/03 9:56 a.m.55 views

OESA-2026-2164 opencryptoki security update

openCryptoki is an implementation of the PKCS 11 API that allows interfacing to devices that hold cryptographic information and perform cryptographic functions. openCryptoki provides application portability by isolating the application from the details of the cryptographic device. Isolating the...

6.8CVSS6AI score0.0016EPSS
Exploits1References2
Rows per page
Query Builder