Lucene search
K

126521 matches found

RubySec
RubySec
added 2026/05/27 12:0 a.m.11 views

Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connections

Impact Puma is vulnerable to source IP spoofing when setremoteaddress proxyprotocol: :v1 is enabled and persistent connections are used. PROXY protocol v1 is a connection-level protocol. Support was added to Puma in v5.5.0. A proxy sends one PROXY header at the beginning of a TCP connection, befo...

5.6AI score0.00015EPSS
Exploits0References1Affected Software1
RubySec
RubySec
added 2026/05/27 12:0 a.m.63 views

Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

5.8AI score0.0007EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.12 views

PT-2026-43717

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description Protocol checksum validation fails for IPv6 when extension headers are present before the protocol header. The issue occurs because the system does not correctly skip these extension...

5.5AI score0.0016EPSS
Exploits0References19
AlmaLinux
AlmaLinux
added 2026/05/27 12:0 a.m.26 views

Important: httpd security update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: modproxyajp: heap-based buffer over-read and memory disclosure in ajpparsedata CVE-2026-34059 httpd: modproxyajp: heap-based buffer over-read due to missing null-termination...

9.8CVSS6.3AI score0.01325EPSS
Exploits0References12
OSV
OSV
added 2026/05/26 8:31 p.m.16 views

USN-8063-2 protobuf vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

8.2CVSS6.6AI score0.00613EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/05/26 8:31 p.m.18 views

USN-8063-2: Protocol Buffers vulnerability

USN-8063-1 fixed a vulnerability in Protocol Buffers. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: It was discovered that Protocol Buffers incorrectly handled recursion when the Python google.protobuf.jsonformat.ParseDict...

8.2CVSS6.4AI score0.00613EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.16 views

CVE-2026-5072

A bitwise shift vulnerability in Zephyr's PTP subsystem allows a remote attacker to cause undefined behavior and potential system crashes. An attacker sends a crafted PTPMSGMANAGEMENT message to set an unvalidated negative logannounceinterval value in the port's data set. When a subsequent...

6.5CVSS5.9AI score0.00187EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2026/05/26 7:55 p.m.16 views

USN-8280-3: Linux kernel (IoT) vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS6.1AI score0.96267EPSS
Exploits228
OSV
OSV
added 2026/05/26 7:8 p.m.8 views

USN-8305-2 linux-lowlatency-hwe-5.15 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS5.9AI score0.96267EPSS
Exploits228References8
OSV
OSV
added 2026/05/26 6:56 p.m.8 views

USN-8310-1 linux-azure, linux-azure-6.17 vulnerabilities

It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-31431 Several security issues were discovered in th...

9.8CVSS5.9AI score0.96267EPSS
Exploits228References23
GithubExploit
GithubExploit
added 2026/05/26 6:33 p.m.101 views

IMVU-Exploits

IMVU Exploits IMVU Classic Client v3.6.15 - Complete exploita...

10CVSS5.8AI score0.94354EPSS
Exploits6
NVD
NVD
added 2026/05/26 5:16 p.m.12 views

CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.5CVSS0.00123EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/26 5:16 p.m.10 views

CVE-2026-45834

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsockstatechangecb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

5.8AI score0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 5:16 p.m.8 views

UBUNTU-CVE-2026-45835

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2capsocknewconnectioncb Add the same NULL guard already present in l2capsockresumecb and l2capsockreadycb...

6CVSS5.7AI score0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:11 p.m.11 views

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/26 4:16 p.m.14 views

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

6.5CVSS0.00295EPSS
Exploits0References3
NVD
NVD
added 2026/05/26 4:16 p.m.17 views

CVE-2026-48686

FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI Network Layer Reachability Information decoder. The function decodebgpsubnetencodingipv4raw in src/bgpprotocol.cpp reads prefixbitlength directly from the BGP packet line 99 without validating it is ...

9.8CVSS0.00565EPSS
Exploits0References3
OSV
OSV
added 2026/05/26 4:16 p.m.7 views

DEBIAN-CVE-2026-48688

FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MPREACHNLRI IPv6 attribute decoder. The function decodempreachipv6 in src/bgpprotocol.cpp contains a TODO comment at line 156 explicitly acknowledging 'we should add sanity checks to avoid reads after...

7.5CVSS5.9AI score0.00283EPSS
Exploits0References1
OSV
OSV
added 2026/05/26 4:16 p.m.7 views

DEBIAN-CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/26 4:16 p.m.14 views

CVE-2026-48685

FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgpprotocol.hpp, the parserawbgpattribute function correctly identifies when extendedlengthbit is set and sets lengthoflengthfield...

6.5CVSS5.8AI score0.00295EPSS
Exploits0References5
Rows per page
Query Builder