Lucene search
+L

7899 matches found

Vulnrichment
Vulnrichment
added yesterday4 views

CVE-2026-48045 Zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Zeroconf is a pure Python implementation of multicast DNS service discovery. Prior to 0.149.12, AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query, each up to MAXMSGABSOLUTE = 8966 bytes, in self.deferredaddr and armed a per-address timer in self.timersaddr without...

6.5CVSS5.2AI score0.00018EPSS
Exploits0References4
CVE
CVE
added yesterday24 views

CVE-2026-48045

The CVE-2026-48045 issue affects python-zeroconf (Zeroconf Pure Python) where AsyncListener.handle_query_or_defer retains every truncated TC-bit mDNS query per source in self._deferred[addr] and arms per-address timers in self._timers[addr]. This unbounded queue growth on LAN-local hosts (UDP/535...

6.5CVSS5.2AI score0.00018EPSS
Exploits0References4
CVE
CVE
added 2 days ago9 views

CVE-2026-59249

The CVE concerns the Elixir Mint library (mint) and its HTTP/1.1 decoding path. Specifically, Mint.HTTP1.decode_body/5 parses chunk-size lines using Integer.parse(data, 16), which accepts a leading + or - despite RFC 7230 requiring unsigned hex digits. This leads to a mismatch with RFC-strict int...

6.3CVSS6.1AI score0.00301EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago5 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References5
OSV
OSV
added 3 days ago4 views

RLSA-2026:39302 Moderate: cups security update

The Common UNIX Printing System CUPS provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fixes: cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach lp code execution over the network CVE-2026-34980 For more details about...

6.4CVSS7AI score0.00502EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 3 days ago6 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 4 days ago5 views

cups: OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network

A flaw was found in OpenPrinting CUPS. An unauthorized client can exploit this vulnerability by sending a specially crafted print job to a shared PostScript queue without authentication. The server improperly handles the page-border value, allowing an attacker to embed and reparse malicious text ...

7.5CVSS7AI score0.00502EPSS
Exploits1References5
NVD
NVD
added 4 days ago5 views

CVE-2026-50439

Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network...

8.1CVSS0.00519EPSS
Exploits0References1
NVD
NVD
added 4 days ago5 views

CVE-2026-54992

Heap-based buffer overflow in Windows Message Queuing Queue Manager allows an unauthorized attacker to execute code locally...

8.4CVSS0.00388EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 4 days ago6 views

kernel: nvmet-tcp: fix race between ICReq handling and queue teardown

A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...

9.8CVSS6.1AI score0.00353EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 4 days ago6 views

CVE-2026-50439 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

...

8.1CVSS6.1AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-50439 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

...

8.1CVSS0.00519EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-50439

CVE-2026-50439 : Use-after-free vulnerability in Microsoft Message Queuing Queue Manager allowing an unauthenticated attacker to remotely execute code over the network. Root cause is a use-after-free condition in the Queue Manager. Impact: remote code execution with high severity (CVSS v3.1 base ...

8.1CVSS6.2AI score0.00519EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 4 days ago5 views

CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

...

8.4CVSS6.1AI score0.00388EPSS
Exploits1References1
Cvelist
Cvelist
added 4 days ago25 views

CVE-2026-54992 Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

...

8.4CVSS0.00388EPSS
Exploits1References1
CVE
CVE
added 4 days ago33 views

CVE-2026-54992

CVE-2026-54992 is a heap-based buffer overflow affecting the Windows Message Queuing Queue Manager that allows a local attacker to execute code. The vulnerability is described in NVD/MSRC references as enabling local arbitrary code execution. The public entries consistently describe the same unde...

8.4CVSS6.2AI score0.00388EPSS
Exploits1References1
CVE
CVE
added 4 days ago11 views

CVE-2026-12707

CVE-2026-12707 affects Cloudflare quiche. After QUIC handshakes, an attacker can trigger unbounded queuing of PathEvent::ReusedSourceConnectionId during rapid source address migration, causing memory resource exhaustion. Affected component is quiche’s PathEvents collection (path_event_next() drai...

7.5CVSS6.1AI score0.00252EPSS
Exploits0References1
OSV
OSV
added 4 days ago3 views

CVE-2026-10671 User thread can re-initialize an in-use `k_pipe`, corrupting kernel wait queues (`CONFIG_USERSPACE`)

In Zephyr's kernel pipe implementation, the userspace syscall verifier zvrfykpipeinit in kernel/pipe.c used KSYSCALLOBJ which requires the kernel object to already be initialized instead of KSYSCALLOBJNEVERINIT which rejects an already-initialized object. As a result, on CONFIGUSERSPACE builds an...

7.1CVSS6.1AI score0.00103EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 4 days ago8 views

Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

Use after free in Microsoft Message Queuing Queue Manager allows an unauthorized attacker to execute code over a network...

8.1CVSS6.2AI score0.00519EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago8 views

Microsoft Message Queuing Queue Manager Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows Message Queuing Queue Manager allows an unauthorized attacker to execute code locally...

8.4CVSS6.3AI score0.00388EPSS
Exploits1
Rows per page
Query Builder