Lucene search
+L

41 matches found

nvd
nvd
added 2026/07/08 4:16 p.m.10 views

CVE-2026-53951

Copier is a library and CLI app for rendering project templates. In versions 9.5.0 through 9.15.1, the trust setting's prefix match copier/settings.py compares the template URL against a trusted prefix with a raw str.startswith and no path normalization, while the URL is normalized when the...

8.8CVSS0.00189EPSS
Exploits0References2
euvd
euvd
added 2026/07/03 12:56 p.m.6 views

EUVD-2026-41541

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

6AI score0.00537EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/03 12:56 p.m.40 views

CVE-2026-56015 Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length

Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length. add passes the prefix string to the trie builder addPrefixToTrie without checking it against the address width. addPrefixToTrie then walks the prefix buffer by prefixlength bits, reading...

0.00537EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 12:32 a.m.9 views

EUVD-2026-39578

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
osv
osv
added 2026/06/25 10:16 p.m.8 views

UBUNTU-CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
osv
osv
added 2026/05/21 4:33 p.m.17 views

RXSA-2026:3488 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Use skdstget and dstdevrcu in smcclcprfxmatch CVE-2025-40168 kernel: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr CVE-2025-71085 kernel: Linux kernel: Denial of Servic...

7.5CVSS6AI score0.0017EPSS
Exploits0References4
github
github
added 2026/05/19 4:34 p.m.13 views

Apify Model Context Protocol (MCP) server: Domain Allowlist Bypass in fetch-apify-docs via String Prefix Matching

Summary The fetch-apify-docs tool validates URLs against a domain allowlist using String.startsWith instead of proper URL hostname comparison. This allows bypass via attacker-controlled subdomains e.g., https://docs.apify.com.evil.com/, enabling the tool to fetch and return arbitrary web content ...

6.1CVSS5.9AI score0.00045EPSS
Exploits0References2Affected Software1
redhat
redhat
added 2026/04/22 12:32 a.m.8 views

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

5.8AI score0.0017EPSS
Exploits0References5
github
github
added 2026/03/30 5:19 p.m.9 views

HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

Summary ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

9.1CVSS5.9AI score0.00158EPSS
Exploits1References3Affected Software2
osv
osv
added 2026/03/05 9:9 a.m.6 views

RLSA-2026:3488 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Use skdstget and dstdevrcu in smcclcprfxmatch CVE-2025-40168 kernel: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr CVE-2025-71085 kernel: Linux kernel: Denial of Servic...

7.5CVSS5.7AI score0.0017EPSS
Exploits0References4
nessus
nessus
added 2026/03/04 12:0 a.m.6 views

AlmaLinux 10 : kernel (ALSA-2026:3275)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:3275 advisory. kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial of service CVE-2025-38206 kernel: drm/sched: Fix potential double free i...

7.8CVSS7.2AI score0.00183EPSS
Exploits0References6
redhat
redhat
added 2026/03/02 3:27 a.m.2 views

kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match()

A flaw was found in the Linux kernel’s SMC Shared Memory Communication module: in smcclcprfxmatch, the function is called from smclistenwork without proper RCU or RTNL protection. The code previously used skdstgetsk-dev, which can lead to a use-after-free UAF condition if the sk’s destination is...

5.8AI score0.0017EPSS
Exploits0References5
almalinux
almalinux
added 2026/03/02 12:0 a.m.14 views

Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Use skdstget and dstdevrcu in smcclcprfxmatch CVE-2025-40168 kernel: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr CVE-2025-71085 kernel: Linux kernel: Denial of Servic...

5.5CVSS6AI score0.0017EPSS
Exploits0References8
nessus
nessus
added 2026/03/02 12:0 a.m.8 views

RHEL 9 : kernel (RHSA-2026:3488)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:3488 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Use skdstget and dstdevrc...

5.5CVSS6.1AI score0.0017EPSS
Exploits0References9
osv
osv
added 2026/03/02 12:0 a.m.6 views

ALSA-2026:3488 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smc: Use skdstget and dstdevrcu in smcclcprfxmatch CVE-2025-40168 kernel: ipv6: BUG in pskbexpandhead as part of calipsoskbuffsetattr CVE-2025-71085 kernel: Linux kernel: Denial of Servic...

5.5CVSS6AI score0.0017EPSS
Exploits0References8
nessus
nessus
added 2026/02/26 12:0 a.m.9 views

AlmaLinux 8 : kernel (ALSA-2026:2720)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2720 advisory. kernel: smc: Use skdstget and dstdevrcu in smcclcprfxmatch CVE-2025-40168 kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in...

6.8AI score0.00171EPSS
Exploits0References5
huntr
huntr
added 2026/02/25 6:56 a.m.13 views

Path Traversal via Prefix Match Bypass in `_get_os_path`

This report is not public...

5.8AI score
Exploits0
redhat
redhat
added 2026/02/25 2:10 a.m.8 views

Moderate: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

7.8CVSS6.7AI score0.00183EPSS
Exploits0References5
osv
osv
added 2026/02/25 12:0 a.m.8 views

ALSA-2026:3275 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial of service CVE-2025-38206 kernel: drm/sched: Fix potential double free in drmschedjobaddresvdependencies...

7.8CVSS5.9AI score0.00183EPSS
Exploits0References10
nessus
nessus
added 2026/02/23 12:0 a.m.8 views

AlmaLinux 8 : kernel-rt (ALSA-2026:2821)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:2821 advisory. kernel: smc: Use skdstget and dstdevrcu in smcclcprfxmatch CVE-2025-40168 kernel: Linux kernel Bluetooth: Denial of Service due to use-after-free in...

8.6AI score0.00171EPSS
Exploits0References5
Rows per page
Query Builder