Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

77031 matches found

NVD
NVDadded 2026/05/27 8:16 p.m.9 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS0.00061EPSS
Exploits0References1
NVD
NVDadded 2026/05/27 8:16 p.m.9 views

CVE-2026-45104

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS0.00053EPSS
Exploits1References1
CVE
CVEadded 2026/05/27 8:10 p.m.13 views

CVE-2026-47270

CVE-2026-47270 affects the pam_usb PAM module used for Linux hardware authentication. The denial logic (deny_remote) uses non-reentrant strtok(), with three functions sharing a global token pointer; in multi-threaded authentication (e.g., long-lived display managers like GDM), two concurrent auth...

6.3CVSS5.9AI score0.00016EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/05/27 8:9 p.m.5 views

CVE-2026-46081

A flaw was found in the Linux kernel's asynchronous compression acomp subsystem. When an asynchronous hardware implementation, such as the QAT driver, completes a request that uses the DMA virtual address interface, an incorrect pointer is stored. This leads to memory corruption within the...

7.8CVSS5.8AI score0.00015EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/27 8:8 p.m.3 views

CVE-2026-47271 pam_usb: OOM guards removed by -DNDEBUG cause NULL dereference and authentication process crash

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc, xrealloc, and xstrdup using assertdata != NULL. The C standard specifies that all assert expressions are compiled out when NDEBUG is defined at...

5.1CVSS5.8AI score0.00019EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/27 7:57 p.m.4 views

EUVD-2026-32648

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00019EPSS
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:57 p.m.4 views

CVE-2026-48066

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00019EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/27 7:57 p.m.4 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00019EPSS
Exploits0References3
CVE
CVEadded 2026/05/27 7:57 p.m.9 views

CVE-2026-48066

pam_usb fixes a thread-unsafe behavior: before 0.9.1, src/log.c used a process-wide static pointer written on every PAM invocation to a stack-local address, creating a data race when PAM is invoked concurrently by multiple threads. The issue is resolved in version 0.9.1. Affected component: pam_u...

5.7CVSS5.8AI score0.00019EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/05/27 7:57 p.m.32 views

CVE-2026-48066 pam_usb: Thread-unsafe static pointer in log.c causes data race under concurrent PAM authentication

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS0.00019EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/05/27 7:49 p.m.4 views

CVE-2026-8359 Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS5.8AI score0.00061EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:49 p.m.11 views

CVE-2026-8359

The CVE concerns Gladinet Triofox on processing requests for /status or /sysinfo, where WOSHttpStatusModule.dll should load to handle the path. The root cause is that WOSHttpStatusModule.dll is not present in the installation, causing the WOSBin_LoadHttpModule export to be NULL and a call to addr...

7.5CVSS5.8AI score0.00061EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:49 p.m.6 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS5.8AI score0.00061EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/27 7:49 p.m.31 views

CVE-2026-8359 Gladinet Triofox WOSHttpStatusModule.dll NULL Function Pointer Call DoS

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS0.00061EPSS
Exploits0References1
CVE
CVEadded 2026/05/27 7:47 p.m.10 views

CVE-2026-8360

CVE-2026-8360 affects the Triofox server components using WOSCommonUtil.dll, specifically the function WOSSysInfoGetDeviceInterface() called by DLLs such as WOSProfileMgrModule.dll and WOSWebDavModule.dll . The vulnerability arises when these calls can return a NULL pointer (e.g., when no user is...

7.5CVSS5.8AI score0.00053EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/27 7:47 p.m.5 views

CVE-2026-8360

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS5.8AI score0.00053EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/27 7:47 p.m.35 views

CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS

Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...

7.5CVSS0.00053EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/27 6:41 p.m.35 views

CVE-2026-45104 MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY`

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS0.00053EPSS
Exploits1References1
EUVD
EUVDadded 2026/05/27 6:41 p.m.6 views

EUVD-2026-32631

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.00053EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2026/05/27 6:41 p.m.6 views

CVE-2026-45104 MapServer: NULL pointer dereference in SLD `<ElseFilter>` rule parsing reachable via WMS `SLD_BODY`

MapServer is a system for developing web-based GIS applications. From 6.4.0 to before 8.6.3, msSLDParseUserStyle always calls SLDApplyRuleValuespsRule, psLayer, 1; for any carrying — it assumes msSLDParseRule added one class. When the rule has no symbolizer a structurally valid SLD, msSLDParseRul...

7.5CVSS5.8AI score0.00053EPSS
Exploits1References1
Rows per page
Query Builder