Lucene search
+L

239 matches found

ptsecurity
ptsecurity
added 2026/05/25 12:0 a.m.13 views

PT-2026-43221

Visual Ping 0.8.0.0 contains a buffer overflow vulnerability in input field handling that allows local attackers to crash the application by supplying oversized data. Attackers can inject malicious payloads exceeding 4108 bytes into the Host, Time Out, Packet Size, Pause, or Loops fields to trigg...

6.9CVSS6AI score0.0017EPSS
Exploits0References5
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: Fixed the race condition between balance operations and cancel/pause requests. Syzbot reported a panic that looked like this: Assertion failed: fsinfo-exclusiveoperation == BTRFSEXCLOPBALANCEPAUSED, in fs/btrfs/ioctl.c:465...

5.9AI score0.00155EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/dax: Fixed the issue of “not skipping locked entries when scanning entries”. The commit 6be3e21d25ca “fs/dax: not skipping locked entries when scanning entries” introduced a new function, waitentryunlockedexclusive, which wait...

5.5CVSS5.9AI score0.00105EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: fixed the BUGON condition in btrfscancelbalance. Pausing and canceling balance can race to interrupt balance, leading to a BUGON panic in btrfscancelbalance. The BUGON condition in btrfscancelbalance does not take this rac...

5.5CVSS5.9AI score0.00187EPSS
Exploits0References2
hackerone
hackerone
added 2026/05/19 10:4 p.m.10 views

curl: CVE-2026-9080: UAF after pause in socket callback

Hi all, We've found a heap-use-after-free in lib/multiev.c triggered by calling curleasypause from within a CURLMOPTSOCKETFUNCTION callback. ASAN-confirmed with the self-contained reproducer below. Affected versions: 8.13.0 – 8.20.0 current. The entry-action write line 280 has been vulnerable sin...

7.3CVSS5.7AI score0.00494EPSS
Exploits1
attackerkb
attackerkb
added 2026/05/14 3:30 p.m.11 views

CVE-2026-42592

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when i...

5.3CVSS5.8AI score0.00186EPSS
Exploits1References2Affected Software1
hackerone
hackerone
added 2026/05/14 10:48 a.m.34 views

curl: HTTP/3 paused transfer buffers incoming data without bound up to ~1 GiB

Hi all, When a libcurl application's CURLOPTWRITEFUNCTION returns CURLWRITEFUNCPAUSE, libcurl routes subsequent incoming body data through cw-pause lib/cw-pause.c. The bufq inside cw-pause is initialised with BUFQOPTSOFTLIMIT and a chunk size of 16 KiB lib/cw-pause.c:51-52, which causes bufq to...

5.8AI score
Exploits0
github
github
added 2026/03/02 10:9 p.m.11 views

@keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

6AI score
Exploits0References4Affected Software1
snyk
snyk
added 2026/02/24 2:59 p.m.4 views

Malicious Package

Overview chai-as-pause is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.6AI score
Exploits0References2
ossf
ossf
added 2026/02/24 2:59 p.m.13 views

Malicious code in chai-as-pause (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6bc450b711e5bfeca160d6a4836ce78f7da759812438fbf0701cf8c2f95e38d The package chai-as-pause was found to contain malicious code. Source: ghsa-malware 58583a4b9f33e23b3cafb853c51539fbe79e149a4d6e5cdfafa98713d32e64cd...

5.9AI score
Exploits0References1
osv
osv
added 2026/02/24 2:59 p.m.6 views

MAL-2026-1013 Malicious code in chai-as-pause (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6bc450b711e5bfeca160d6a4836ce78f7da759812438fbf0701cf8c2f95e38d The package chai-as-pause was found to contain malicious code. Source: ghsa-malware 58583a4b9f33e23b3cafb853c51539fbe79e149a4d6e5cdfafa98713d32e64cd...

5.9AI score
Exploits0References1
cnnvd
cnnvd
added 2026/02/04 12:0 a.m.11 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the incorrect setting of the pause state for the calctarget component. This vulnerability may cau...

5.8AI score0.00161EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/01/14 3:5 p.m.2 views

CVE-2025-71104

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

5.3AI score0.00095EPSS
Exploits0References8Affected Software1
osv
osv
added 2026/01/14 3:5 p.m.6 views

CVE-2025-71104 KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expiration is in the past...

5.5CVSS5.3AI score0.00095EPSS
Exploits0References11
nvd
nvd
added 2026/01/10 10:15 a.m.8 views

CVE-2025-52435

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

7.5CVSS0.00207EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/01/10 9:47 a.m.6 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

6.5AI score0.00207EPSS
Exploits0References3
euvd
euvd
added 2026/01/10 9:47 a.m.10 views

EUVD-2026-1854

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

6.4AI score0.00207EPSS
Exploits0References5
cve
cve
added 2026/01/10 9:47 a.m.21 views

CVE-2025-52435

CVE-2025-52435 affects Apache NimBLE (Mynewt NimBLE) up to version 1.8.0. The issue is caused by improper handling of the Pause Encryption procedure on the Link Layer, which can leave a previously encrypted connection in an unencrypted state and allow an eavesdropper to observe the remainder of t...

7.5CVSS6.5AI score0.00207EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/01/10 9:47 a.m.8 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

7.5CVSS6AI score0.00207EPSS
Exploits0References6
cvelist
cvelist
added 2026/01/10 9:47 a.m.29 views

CVE-2025-52435 Apache Mynewt NimBLE: Invalid error handling in pause encryption procedure in NimBLE controller

J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropper to observe the remainder of the exchange...

0.00207EPSS
Exploits0References3
Rows per page
Query Builder