Lucene search
+L

674 matches found

CVE
CVE
added 2026/06/24 4:29 p.m.51 views

CVE-2026-52991

CVE-2026-52991 concerns a race in the Linux kernel PSI subsystem where a use-after-free can occur due to a race between pressure_write and cgroup file release touching the priv member of struct kernfs_open_file. The issue is fixed by widening the scope of the cgroup_mutex in pressure_write to cov...

7.8CVSS5.9AI score0.00107EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/24 4:29 p.m.8 views

CVE-2026-52991 sched/psi: fix race between file release and pressure write

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

7.8CVSS6AI score0.00107EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.38 views

CVE-2026-52991 sched/psi: fix race between file release and pressure write

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

7.8CVSS0.00107EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 4:29 p.m.6 views

CVE-2026-52991

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

5.8AI score0.00107EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix the initialization of the spitransfer struct Make sure that the spitransfer struct is cleared to zero before use...

8.4CVSS5.7AI score0.00132EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: shmem: fixed the issue where renaming failed due to insufficient memory; MapleTree insertions may fail if there is severely low memory available; simpleoffsetrename does not handle failures properly when encountering such...

5.5CVSS6AI score0.00121EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.16 views

PT-2026-51885

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the pressure write operation and the cgroup file release process. This occurs because the priv member of the struct kernfs open file is not sufficiently...

7.8CVSS5.9AI score0.00107EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-55204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validat...

8.7CVSS6.2AI score0.00431EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 5:16 p.m.13 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 4:5 p.m.30 views

CVE-2026-55204 HAProxy - NULL Pointer Dereference in hpack_dht_insert Function

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS0.00431EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/06/18 4:5 p.m.14 views

CVE-2026-55204

HAProxy through 3.4.0, fixed in commit 9a6d1fe, contains a null pointer dereference vulnerability in hpackdhtinsert within src/hpack-tbl.c that fails to validate the return value of hpackdhtdefrag when the memory pool is exhausted. An attacker can trigger HPACK dynamic table insertions under memo...

8.7CVSS5.9AI score0.00431EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 8:13 p.m.9 views

protobufjs: Memory amplification from preserved unknown fields in binary decode

Summary protobufjs 8.2.0 added support for preserving unknown fields encountered during binary decode. Affected versions preserved unknown wire elements in message.$unknowns and did not provide a decode-time option to discard unknown fields before retaining them. A crafted protobuf payload...

5.3CVSS5.3AI score0.00293EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49585

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.4.2 Description protobufjs preserves unknown wire elements in message.$unknowns during binary decode but lacks a decode-time option to discard these fields before retention. A crafted protobuf payload...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.13 views

SUSE CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS5.5AI score0.00346EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46326

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 12:31 a.m.39 views

In Spring for Apache Kafka, unbounded delegate cache keyed on user-controlled, potentially malicious selector header

When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0...

6.5CVSS5.2AI score0.00296EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46326

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use. CVE-2026-46326 Note that Nessu...

8.4CVSS7AI score0.00132EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 4:51 p.m.10 views

CVE-2026-46326

A flaw was found in the Linux kernel, specifically within the iio: pressure: mprls0025pa driver. This vulnerability is due to improper initialization of the spitransfer structure, which is not consistently zeroed out before use. This could allow an attacker to potentially read sensitive informati...

8.4CVSS5.4AI score0.00132EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.17 views

CVE-2026-46326

In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spitransfer struct initialisation Make sure that the spitransfer struct is zeroed out before use...

8.4CVSS0.00132EPSS
Exploits0References4
OSV
OSV
added 2026/06/09 2:16 p.m.11 views

DEBIAN-CVE-2026-11788

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

7.5CVSS5.5AI score0.00346EPSS
Exploits0References1
Rows per page
Query Builder