Lucene search
+L

57 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 5:32 p.m.8 views

CVE-2026-48497

Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to 1.35.11, 1.36.7, 1.37.3, and 1.38.1, in cases where UDP DNS filter is configured with local resolution containing a name with the length of 255 octets or remote resolution for a name of 255 octets long...

5.9CVSS5.8AI score0.00405EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/14 8:52 p.m.8 views

GHSA-GXHX-2686-5H9G slack-go `SecretsVerifier` accepts empty signing secret without precondition

SecretsVerifier in slack-go/slack before v0.23.1 accepts an empty signing secret without error. If an application is misconfigured e.g., an unset or empty SLACKSIGNINGSECRET, NewSecretsVerifier builds an HMAC-SHA256 keyed with an empty string, allowing an unauthenticated attacker to forge a valid...

8.3CVSS5.8AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 8:52 p.m.23 views

slack-go `SecretsVerifier` accepts empty signing secret without precondition

SecretsVerifier in slack-go/slack before v0.23.1 accepts an empty signing secret without error. If an application is misconfigured e.g., an unset or empty SLACKSIGNINGSECRET, NewSecretsVerifier builds an HMAC-SHA256 keyed with an empty string, allowing an unauthenticated attacker to forge a valid...

5.8AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/28 4:8 p.m.8 views

CLSA-2026-1777392531 glib2: Fix of CVE-2020-35457

CVE-2020-35457: add a precondition in goptiongroupaddentries to avoid a GOptionEntry list size overflow GMAXSIZE. Patch backported from amazon-linux-2els...

7.8CVSS7.2AI score0.00567EPSS
Exploits1References1
OSV
OSV
added 2026/04/28 3:58 p.m.10 views

CLSA-2026-1777391919 glib2: Fix of CVE-2020-35457

CVE-2020-35457: add a precondition in goptiongroupaddentries to avoid a GOptionEntry list size overflow GMAXSIZE. Patch backported from amazon-linux-2els...

7.8CVSS7.2AI score0.00567EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 5:36 p.m.4 views

CVE-2026-42033

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can a silently intercept and modify every JSON response before the...

7.4CVSS5.4AI score0.00808EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:14 p.m.7 views

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS6AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/10 9:32 p.m.7 views

EUVD-2026-10834

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00288EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/10 9:32 p.m.9 views

EUVD-2026-10835

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/03/10 9:16 p.m.6 views

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS0.00288EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 8:46 p.m.39 views

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/10 8:46 p.m.4 views

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/03/10 8:46 p.m.20 views

CVE-2026-0109

CVE-2026-0109 affects the function dhd_tcpdata_info_get in dhd_ip.c, enabling a remote Denial of Service due to a precondition check failure. Exploitation requires no user interaction and can be remote (network vector). The strongest public context comes from Android Pixel bulletin entries, which...

7.5CVSS5.9AI score0.00288EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/10 8:46 p.m.4 views

CVE-2026-0109

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00288EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.8 views

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability, which stems from a failed precondition check in dhdtcpdatainfoget within dhdip.c, potentially leading to remote denial of service attacks...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.13 views

PT-2026-24438

Name of the Vulnerable Software and Affected Versions versions prior to 2026 Description A flaw exists in the dhd tcpdata info get function within dhd ip.c that may result in a denial of service. This issue stems from a failure in a precondition check. Successful exploitation does not require...

7.5CVSS5.8AI score0.00288EPSS
Exploits0References7
OSV
OSV
added 2026/03/01 12:0 a.m.10 views

PUB-A-438245439

In dhdtcpdatainfoget of dhdip.c, there is a possible Denial of Service due to a precondition check failure. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

7.5CVSS6.1AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:31 p.m.3 views

CVE-2025-14424 GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability

GIMP XCF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS7.2AI score0.00539EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/09 5:27 p.m.5 views

CVE-2025-48626

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS7.4AI score0.00343EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/08 6:30 p.m.7 views

EUVD-2025-201743

In multiple locations, there is a possible way to launch an application from the background due to a precondition check failure. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

9.8CVSS6.9AI score0.00343EPSS
Exploits0References4
Rows per page
Query Builder