Lucene search
K

15162 matches found

OSV
OSV
added 2026/06/26 7:58 a.m.2 views

SUSE-SU-2026:22372-1 Security update for python-python-multipart

This update for python-python-multipart fixes the following issues - CVE-2026-53537: multipart/form-data with extended parameters can lead to file or parameter smuggling bsc1268506. - CVE-2026-53538: urlencoded requests containing semicolons can lead to form field smuggling bsc1268496. -...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/26 7:17 a.m.38 views

CVE-2026-57878 GV-LPC2011/LPC2211 - unauthorized buffer overflow vulnerability (thttpd)

An unauthenticated stack-based buffer overflow vulnerability exists in thttpd in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing web request parameters in a specific request path. A remote attacker may exploit this...

9.8CVSS0.00531EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.7 views

SUSE CVE-2026-53192

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.5 views

SUSE CVE-2026-53224

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

9.1CVSS5.8AI score0.00547EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 10:18 p.m.11 views

EUVD-2026-31396

golang.org/x/crypto/ssh: Invoking pathological RSA/DSA parameters may cause DoS...

7.5CVSS5.8AI score0.004EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/25 8:38 p.m.6 views

EUVD-2026-39561

Two data sources DICOMWebProxy and DICOMJSON shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the...

8.3CVSS6AI score0.00232EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 6:11 p.m.5 views

EUVD-2026-39527

MaxKB before 2.10.0 contains a server-side request forgery vulnerability in tool creation and update endpoints that allows authenticated users to make arbitrary server requests by supplying unvalidated downloadCallbackUrl and downloadurl parameters. Attackers with default workspace USER role can...

6.4CVSS6AI score0.00171EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.6 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53192

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

7.8CVSS0.00134EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53224

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

9.1CVSS5.7AI score0.00547EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.4 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39315

In the Linux kernel, the following vulnerability has been resolved: sctp: validate embedded INIT chunk and address list lengths in cookie sctpunpackcookie only checked that the embedded INIT chunk length did not exceed the remaining cookie payload, but did not ensure that the INIT chunk is large...

5.7AI score0.00547EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 8:39 a.m.16 views

CVE-2026-53192

CVE-2026-53192 — Linux kernel ALSA timer UAF fix The vulnerability affects the ALSA timer path (snd_timer_user_params) in the Linux kernel. A race can occur during timer object release when a concurrent SNDRV_TIMER_IOCTL_PARAMS ioctl is in flight, potentially leading to a use-after-free if anothe...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.5 views

EUVD-2026-39283

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

5.8AI score0.00134EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53192

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.5 views

CVE-2026-53192

In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Fix UAF at sndtimeruserparams At releasing a timer object, e.g. when a userspace timer CONFIGSNDUTIMER gets closed and sndtimerfree is called, it tries to detach the timer instances and release the resources. However...

7.8CVSS5.7AI score0.00134EPSS
Exploits0
NVD
NVD
added 2026/06/25 2:16 a.m.13 views

CVE-2026-8665

OS Command Injection vulnerability in the TR action of Rapid7 InsightConnect Translate Plugin on Linux allows remote attackers to execute arbitrary OS commands via the text or expression parameters due to insufficient input sanitization in shell command construction...

9.8CVSS0.00675EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:28 a.m.6 views

EUVD-2026-39159

OS Command Injection vulnerability in Rapid7 InsightConnect Finger Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the user or host parameters due to insufficient input validation in shell command construction...

6CVSS6.2AI score0.00833EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.10 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters

A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...

7.5CVSS5.8AI score0.004EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52191

Name of the Vulnerable Software and Affected Versions Dokan Pro versions prior to 5.0.5 Description The Dokan Pro plugin for WordPress contains a time-based SQL Injection flaw. This issue occurs because user-supplied parameters are not sufficiently escaped and the SQL query is not properly...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References6
Rows per page
Query Builder