Lucene search
K

2608 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS0.00374EPSS
Exploits0References3
CVE
CVE
added 3 days ago6 views

CVE-2026-52868

The CVE-2026-52868 issue is a path traversal vulnerability in the OFFIS DCMTK Toolkit where an unauthenticated attacker can read worklist records stored outside the intended per-AE area, potentially crossing department/clinic data boundaries in multi-area deployments. Connected sources confirm th...

8.8CVSS5.7AI score0.00374EPSS
Exploits0References3
Cvelist
Cvelist
added 3 days ago34 views

CVE-2026-52868 OFFIS DCMTK Toolkit Path Traversal

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS0.00374EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 3 days ago8 views

CVE-2026-29167

A flaw was found in Apache HTTP Server when using the modldap module in a per-directory configuration. This use-after-free vulnerability allows a remote attacker to potentially execute arbitrary code or cause a denial of service DoS due to improper memory handling. This could lead to system...

9.8CVSS6.2AI score0.00663EPSS
Exploits0References4
NVD
NVD
added 4 days ago6 views

CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS0.00609EPSS
Exploits0References3
Debian CVE
Debian CVE
added 4 days ago3 views

CVE-2026-56018

JavaScript::Minifier::XS versions before 0.16 for Perl leak memory on every call to minify, allowing unbounded memory growth. In JsMinify XS.xs the cleanup frees only the NodeSet structures and never the per-token contents buffers allocated in JsSetNodeContents; JsDiscardNode unlinks nodes withou...

7.5CVSS5.9AI score0.00609EPSS
Exploits0
OSV
OSV
added 4 days ago5 views

PYSEC-2026-283 ArchiveBox Vulnerable to RCE via unvalidated per-crawl config overrides in AddView

The /add/ endpoint AddView in core/views.py accepts a config JSON field that gets merged into the crawl config without validation. This config is exported as environment variables when archive plugins run, allowing injection of arbitrary tool arguments to achieve RCE. When PUBLICADDVIEW=True comm...

9.8CVSS6.4AI score0.00404EPSS
Exploits1References5
NVD
NVD
added 5 days ago12 views

CVE-2026-58056

RustDesk gates incoming control messages on per-capability flags rather than on the session's authorized connection type, and a file-transfer session does not clear those flags. A peer holding only a valid FileTransfer authorization can inject keyboard and mouse input and reach the unguarded...

7.6CVSS0.00191EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 5 days ago7 views

SUSE CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.8AI score0.00158EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53162

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge drainin...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53148

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - thunderbolt: Clamp XDomain response data copy to allocation size tbxdppropertiesrequest derives the per-packet copy length from the response header without...

7CVSS5.8AI score0.0014EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 5 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53124

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ublk: reset per-IO canceled flag on each fetch If a ublk server starts recovering devices but dies before issuing fetch commands for all IOs, cancellation of th...

5.8AI score0.00145EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 6 days ago6 views

netfilter: x_tables: avoid leaking percpu counter pointers

...

5.5CVSS5.8AI score0.00184EPSS
Exploits0
Github Security Blog
Github Security Blog
added last week6 views

Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM

Summary hackneyh3:awaitresponseloop/6 in src/hackneyh3.erl accumulates the HTTP/3 response body in memory without any size cap. The after Timeout clause is a per-message inactivity timer, not a wall-clock deadline: every received streamdata chunk, housekeeping select message, or settings frame...

8.2CVSS5.9AI score0.00703EPSS
Exploits1References7Affected Software1
NVD
NVD
added last week7 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

0.00158EPSS
Exploits0References3
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.7AI score0.00158EPSS
Exploits0References6
CVE
CVE
added last week7 views

CVE-2026-53324

CVE-2026-53324 concerns the Linux kernel, fixing debugfs directory naming for per-device entries in the mana/net subsystem. The root cause was reliance on a hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs, which could dereference a NULL pdev->slot for VFs in environments like VF...

5.8AI score0.00158EPSS
Exploits0References3
NVD
NVD
added last week12 views

CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS0.00387EPSS
Exploits1References1
CVE
CVE
added last week12 views

CVE-2026-47205

CVE-2026-47205 affects Envoy’s ext_authz HTTP filter. From 1.36.0 through 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free (UAF) occurs when processing per-route authorization overrides concurrently with rapid downstream disconnects. The vulnerable flow creates a transient per-route client and reallo...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added last week5 views

CVE-2026-47205

Envoy is an open source edge and service proxy designed for cloud-native applications. From 1.36.0 until 1.36.9, 1.37.5, and 1.38.3, a Use-After-Free UAF vulnerability leading to a sudden segmentation fault exists in Envoy's extauthz HTTP filter when processing per-route authorization overrides...

5.9CVSS5.8AI score0.00387EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder