Lucene search
+L

3057 matches found

AlmaLinux
AlmaLinux
added 2026/06/08 12:0 a.m.32 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: smb: client: fix OOB reads parsing symlink error response CVE-2026-31613 kernel: Buffer overflow in drivers/xen/sys-hypervisor.c CVE-2026-31786 kernel: Linux kernel: smb: client: reject...

8.1CVSS6.6AI score0.00378EPSS
Exploits4References8
GithubExploit
GithubExploit
added 2026/06/07 9:4 a.m.93 views

glitchtip-gzip-decompression-poc

GlitchTip gzip decompression PoC This PoC demonstrates that c...

5.5AI score
Exploits0
OSV
OSV
added 2026/06/05 11:16 p.m.14 views

PYSEC-2026-215

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

5.3CVSS6.1AI score0.00408EPSS
Exploits0References1
PyPA
PyPA
added 2026/06/05 11:16 p.m.10 views

PYSEC-0000-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.2AI score0.00408EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/05 11:16 p.m.9 views

UBUNTU-CVE-2026-45409

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

6.9CVSS5.4AI score0.00408EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/05 10:6 p.m.12 views

EUVD-2026-34921

Internationalized Domain Names in Applications IDNA for Python provides support for Internationalized Domain Names in Applications IDNA and Unicode IDNA Compatibility Processing. In versions prior to 3.15, payloads such as "\u0660" N or "\u30fb" N + "\u6f22" utilize the validcontexto function pri...

7.5CVSS5.4AI score0.01386EPSS
Exploits1References1
OSV
OSV
added 2026/05/29 7:39 p.m.7 views

GHSA-HPV4-5H6F-WQR3 russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:8 a.m.9 views

batman-adv: reject new tp_meter sessions during teardown

...

7.8CVSS5.4AI score0.00139EPSS
Exploits0
OSV
OSV
added 2026/05/28 10:16 a.m.6 views

UBUNTU-CVE-2026-46123

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

7.7CVSS5.9AI score0.00142EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.42 views

CVE-2026-46123 Bluetooth: virtio_bt: clamp rx length before skb_put

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtiobt: clamp rx length before skbput virtbtrxwork calls skbputskb, len where len comes directly from virtqueuegetbuf with no validation against the buffer we posted to the device. The RX skb is allocated in...

7.7CVSS0.00142EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.11 views

SUSE CVE-2026-45923

In the Linux kernel, the following vulnerability has been resolved: net: usb: catc: enable basic endpoint checking catcprobe fills three URBs with hardcoded endpoint pipes without verifying the endpoint descriptors: - usbsndbulkpipeusbdev, 1 and usbrcvbulkpipeusbdev, 1 for TX/RX -...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 11:16 a.m.8 views

UBUNTU-CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

7.8CVSS5.7AI score0.00116EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:24 a.m.9 views

CVE-2026-45837

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.7AI score0.00116EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/05/27 9:24 a.m.15 views

EUVD-2026-32163

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

5.8AI score0.00116EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 9:24 a.m.43 views

CVE-2026-45837 bpf: Fix use-after-free in arena_vm_close on fork

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

0.00116EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 9:24 a.m.40 views

CVE-2026-45837

CVE-2026-45837 : In the Linux kernel, a use-after-free in arena_vm_close on fork was fixed. The root cause is that arena_vm_open() only bumps vml->mmap_count and does not register the child VMA in arena->vma_list, so vml->vma continues to point to the parent VMA after fork. If the child ...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/27 9:24 a.m.3 views

CVE-2026-45837 bpf: Fix use-after-free in arena_vm_close on fork

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arenavmclose on fork arenavmopen only bumps vml-mmapcount but never registers the child VMA in arena-vmalist. The vml-vma always points at the parent VMA, so after parent munmap the pointer dangles. If...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:14 a.m.14 views

Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh

...

6.5CVSS5.8AI score0.00196EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-39832

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination...

9.1CVSS6.1AI score0.00525EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.23 views

SUSE CVE-2026-39832

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

8.4CVSS5.8AI score0.00525EPSS
Exploits0References36
Rows per page
Query Builder