Lucene search
K

6131 matches found

OSV
OSV
added 2026/04/04 6:13 a.m.2 views

GHSA-6Q22-G298-GRJH Directus: Unauthenticated Denial of Service via GraphQL Alias Amplification of Expensive Health Check Resolver

Summary The GraphQL specification permits a single query to repeat the same field multiple times using aliases, with each alias resolved independently by default. Directus did not deduplicate resolver invocations within a single request, meaning each alias triggered a full, independent execution ...

7.5CVSS6AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.5 views

SUSE CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

7.5CVSS5.7AI score0.00343EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/04/03 11:27 p.m.9 views

SUSE CVE-2026-23463

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qmandestroyfq When QMANFQFLAGDYNAMICFQID is set, there's a race condition between fqtablefq-idx state and freeing/allocating from the pool and WARNONfqtablefq-idx in qmancreatefq gets...

5.7AI score0.0009EPSS
Exploits0References16
OSV
OSV
added 2026/04/03 9:54 p.m.6 views

GHSA-3JR7-6HQP-X679 Mesop: Unbounded Thread Creation in WebSocket Handler Leads to Denial of Service

Summary An uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unbounded number of operating system threads. This leads to threa...

7.5CVSS6AI score0.00721EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/03 6:31 p.m.6 views

EUVD-2026-18726

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qmandestroyfq When QMANFQFLAGDYNAMICFQID is set, there's a race condition between fqtablefq-idx state and freeing/allocating from the pool and WARNONfqtablefq-idx in qmancreatefq gets...

5.8AI score0.0009EPSS
Exploits0References7
EUVD
EUVD
added 2026/04/03 6:31 p.m.7 views

EUVD-2026-18706

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

5.8AI score0.00343EPSS
Exploits0References3
NVD
NVD
added 2026/04/03 4:16 p.m.4 views

CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

7.5CVSS0.00343EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.4 views

CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

7.5CVSS5.8AI score0.00343EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/04/03 4:16 p.m.4 views

CVE-2026-23463

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qmandestroyfq When QMANFQFLAGDYNAMICFQID is set, there's a race condition between fqtablefq-idx state and freeing/allocating from the pool and WARNONfqtablefq-idx in qmancreatefq gets...

4.7CVSS5.8AI score0.0009EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.4 views

CVE-2026-23463

In the Linux kernel, the following vulnerability has been resolved: soc: fsl: qbman: fix race condition in qmandestroyfq When QMANFQFLAGDYNAMICFQID is set, there's a race condition between fqtablefq-idx state and freeing/allocating from the pool and WARNONfqtablefq-idx in qmancreatefq gets...

5.7AI score0.0009EPSS
Exploits0References9Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.3 views

CVE-2026-23453

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

5.8AI score0.00343EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/03 3:15 p.m.24 views

CVE-2026-23453 net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode

In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg-prueth: Fix memory leak in XDPDROP for non-zero-copy mode Page recycling was removed from the XDPDROP path in emacrunxdp to avoid conflicts with AFXDP zero-copy mode, which uses xskbufffree instead. However, this...

7.5CVSS0.00343EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/04/03 10:59 a.m.22 views

curl: ignoring 'options' when doing connection reuse

libcurl contains a significant logic flaw in its connection pool matching mechanism. When a transfer specifies a required authentication policy—such as a specific SASL mechanism e.g., ;AUTH=GSSAPI or a restricted set of SSH authentication types CURLOPTSSHAUTHTYPES—libcurl fails to verify these...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30157

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a race condition within the qman destroy fq function in the soc: fsl: qbman component. This occurs when the QMAN FQ FLAG DYNAMIC FQID flag is set, specifically...

4.7CVSS5.3AI score0.0009EPSS
Exploits0References470
OSV
OSV
added 2026/04/02 12:1 a.m.16 views

RLSA-2026:6391 Moderate: mysql:8.4 security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: Optimizer unspecified vulnerability CPU Jan 2026 CVE-2026-21941 mysql: Optimizer unspecified vulnerability CPU Jan 2026...

6.5CVSS7.1AI score0.00337EPSS
Exploits0References7
Hacker One
Hacker One
added 2026/04/01 3:36 p.m.15 views

curl: CVE-2026-5545: wrong reuse of HTTP Negotiate connection

Summary: An attacker sharing a libcurl multi-handle connection pool can hijack another user's Negotiate/Kerberos-authenticated connection. When User A authenticates via Negotiate SPNEGO and the connection returns to the pool, User B using CURLAUTHANY with different credentials gets that connectio...

6.5CVSS5.7AI score0.00414EPSS
Exploits1
Hacker One
Hacker One
added 2026/03/31 10:47 p.m.19 views

curl: Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning

Missing server identity policy enforcement in SSH connection reuse allows host key verification bypass via pool poisoning --- Summary sshconfigmatches in lib/url.c decides whether an existing SSH connection can be reused by a new transfer handle. It checks client key paths rsa, rsapub but never...

7.7CVSS7.2AI score0.02596EPSS
Exploits2
Hacker One
Hacker One
added 2026/03/30 9:50 p.m.11 views

curl: Use-After-Free race condition in url_move_hostname() via shared connection pool

Summary: In lib/url.c, urlconnreuseadjust calls urlmovehostname which frees conn-host.rawalloc and conn-host.encalloc via Curlsafefree and Curlfreeidnconvertedhostname after Curlcpoolfind has already released the connection pool lock. A second thread doing a concurrent pool lookup still holds tha...

5.9AI score
Exploits0
OSV
OSV
added 2026/03/30 7:13 p.m.2 views

GHSA-3VMH-33XR-9CQH Zebra has a Consensus Failure due to Improper Verification of V5 Transactions

--- CVE-2026-34377: Consensus Failure via Crafted V5 Authorization Data Summary A logic error in Zebra's transaction verification cache could allow a malicious miner to induce a consensus split. By matching a valid transaction's txid while providing invalid authorization data, a miner could cause...

8.4CVSS5.9AI score0.00255EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1494)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1494 advisory. In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 In the Linux kernel, the following vulnerability has be...

9.8CVSS6.5AI score0.00395EPSS
Exploits0References136
Rows per page
Query Builder