Lucene search
K

435 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 8:58 a.m.5 views

openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing

A flaw was found in OpenSSL. A remote attacker could exploit this vulnerability by sending a specially crafted Cryptographic Message Syntax CMS EnvelopedData message. During the processing of a KeyTransportRecipientInfo with RSA-OAEP encryption, the system attempts to access an optional parameter...

7.5CVSS7AI score0.00805EPSS
Exploits0References10
OSV
OSV
added 2026/06/24 6:35 p.m.5 views

DRUPAL-CONTRIB-2026-052

This module enables you to collect feedback from your site visitors on content pages, allowing them to optionally attach a free-text comment to their Yes/No vote. The module doesn't sufficiently verify authorization over the targeted feedback record when processing a comment submission. This...

3.1CVSS5.8AI score0.00142EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 3:22 p.m.3 views

SUSE-SU-2026:22268-1 Security update for openssh

This update for openssh fixes the following issues Security fixes: - CVE-2026-3497: information disclosure or denial of service due to uninitialized variables bsc1259642. - CVE-2026-35388: omitted connection multiplexing confirmation for proxy-mode multiplexing sessions bsc1261441. - openssh...

8.2CVSS7.1AI score0.0218EPSS
Exploits0References6
OSV
OSV
added 2026/06/16 8:13 p.m.11 views

GHSA-QXJP-W3PJ-48M7 Crawl4AI: AST Sandbox Escape via gi_frame.f_back Chain - Pre-Auth RCE in Docker API

Summary The safeevalexpression function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore. Python generator and frame object attributes giframe, fback, fbuiltins do NOT start with underscore, enabling a complete sandbox escape to achieve...

9.8CVSS6.8AI score0.0045EPSS
Exploits2References4
NVD
NVD
added 2026/06/12 4:16 p.m.16 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS0.00435EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 2:29 p.m.13 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS5.7AI score0.00435EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48888

Name of the Vulnerable Software and Affected Versions AMD optional tools affected versions not specified Description The use of insecure HTTP transport within the auto-updater allows for a man-in-the-middle attack, which is a technique where an attacker intercepts communication between two partie...

7.7CVSS5.6AI score0.00435EPSS
Exploits0References7
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/11 1:12 p.m.13 views

Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/06/11 1:12 p.m.12 views

MAL-2026-5642 Malicious code in optional-cpu-features (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4dbbb7dd9c604ef3e5782d477d4db7c04c50f7906b19af03e63a540e0a44166e On npm install, both the install and postinstall lifecycle scripts run node install.js, which requires lib/sync.js. That file hardcodes BASE =...

5.7AI score
Exploits0References2
CVE
CVE
added 2026/06/09 4:3 p.m.53 views

CVE-2026-42766

The CVE-2026-42766 entry documents a NULL pointer dereference in OpenSSL’s CMS decryption for password-based CMS messages. Specifically, PasswordRecipientInfo.keyDerivationAlgorithm is OPTIONAL and may be absent; OpenSSL’s CMS decryption dereferences this field without checking, triggering an app...

5.9CVSS5.5AI score0.00595EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/09 1:37 p.m.4 views

SUSE-SU-2026:22073-1 Security update for libzypp

This update for libzypp fixes the following issues Version 17.38.13 35: - CVE-2026-44941: path traversal via "keyhint" bsc1267426. - CVE-2026-44942: .repo files can have an optional path which can lead to path traversal attacks bsc1267874...

8.8CVSS5.4AI score0.00533EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/06/09 11:19 a.m.10 views

path-to-regexp: path-to-regexp: Denial of Service via crafted regular expressions

A flaw was found in path-to-regexp. A remote attacker could exploit this vulnerability by providing specially crafted input that generates a regular expression with multiple sequential optional groups. This leads to an exponential growth in the generated regular expression, causing a Denial of...

7.5CVSS6.1AI score0.00791EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.12 views

PT-2026-47836

Name of the Vulnerable Software and Affected Versions OpenSSL affected versions not specified Description A NULL pointer dereference can occur during the decryption of password-encrypted Cryptographic Message Syntax CMS messages. The issue arises because the OpenSSL CMS implementation dereference...

9.1CVSS5.5AI score0.02719EPSS
Exploits0References139
OSV
OSV
added 2026/06/02 11:18 a.m.6 views

OPENSUSE-SU-2026:20888-1 Security update for apptainer

This update for apptainer fixes the following issues: Changes in apptainer: - CVE-2026-39821: Update golang.org/x/net to 0.55.0. bsc1266656 - Add improved handling of suid-starter: Add system group apptainer Make sure, only users belonging to this group are able to run the application. Document...

9.6CVSS5.7AI score0.00478EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.14 views

IBM HTTP Server 代码问题漏洞

IBM HTTP Server is an enterprise-level web server software developed by International Business Machines IBM. Versions 8.5 and 9.0 of IBM HTTP Server contain code vulnerabilities that could lead to denial-of-service attacks due to the optional module modibmUpload...

7.5CVSS5.9AI score0.0038EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 10:18 p.m.11 views

Malicious code in @cometix/claude-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d9c6fc5df21efcd2949e4c05b4a9a75dbe8142243a3967dc853be7069ecaca24 Package is published under the @cometix scope but its package.json sets author to 'Anthropic ' and ships a README copied verbatim from Anthropic's...

5.9AI score
Exploits0References2
OSV
OSV
added 2026/05/20 3:8 p.m.14 views

MAL-2026-4409 Malicious code in @nutui/nutui-react-taro (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71ad42f4bfd953311c2d69f622cc6e8d5193a8852ac0bbc9ea0781ac6b651390 The package's postinstall.js invokes execSync'npm-usage-stats disable' and execSync'npm-usage-stats', stdio: 'inherit' . The npm-usage-stats bin is...

6.4AI score
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: acpi: Fixed suspend with Xen PV The commit f1e525009493 "x86/boot: Skipping realmode init code when running as Xen PV guest" missed one code path that accessed the realmodeheader, leading to a NULL dereference when suspending the...

5.5CVSS6.2AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cifs: Prevent NULL dereferencing in cifscomposemountoptions. The optional @ref parameter may contain a NULL nodename. Therefore, prevent dereferencing it in cifscomposemountoptions. Addresses-Coverity: 1476408 “Explicit NULL...

5.5CVSS5.8AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: backlight: hx8357: Fixed potential NULL pointer dereferencing issues. The “im” pins are optional. Added a missing check in the hx8357probe function...

5.5CVSS6AI score0.00193EPSS
Exploits0References2
Rows per page
Query Builder