Lucene search
K

1385 matches found

RedhatCVE
RedhatCVE
added 2026/05/13 4:53 p.m.8 views

CVE-2026-43481

A flaw was found in the Linux kernel's net-shapers component. An issue exists where the skb socket buffer is freed twice if genlmsgreply fails, leading to a double-free vulnerability. This can result in memory corruption or a denial of service DoS condition, potentially allowing a local attacker ...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References4
NVD
NVD
added 2026/05/13 4:16 p.m.13 views

CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

7.8CVSS0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 4:16 p.m.10 views

CVE-2020-37222

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS0.00311EPSS
Exploits0References4
OSV
OSV
added 2026/05/13 4:16 p.m.7 views

UBUNTU-CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

7.8CVSS5.7AI score0.00119EPSS
Exploits0References3
CVE
CVE
added 2026/05/13 3:8 p.m.20 views

CVE-2026-43481

The CVE-2026-43481 issue affects the Linux kernel net-shapers component. The vulnerability arises because, on genlmsg_reply() failure, the reply skb could be freed twice (the code path freed or nlmsg_free(msg) after genlmsg_reply() and in all return paths). The root cause is that netlink_unicast(...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/13 3:8 p.m.39 views

CVE-2026-43481 net-shapers: don't free reply skb after genlmsg_reply()

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

7.8CVSS0.00119EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 3:8 p.m.5 views

CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

5.8AI score0.00119EPSS
Exploits0References4Affected Software1
Debian CVE
Debian CVE
added 2026/05/13 3:8 p.m.9 views

CVE-2026-43481

In the Linux kernel, the following vulnerability has been resolved: net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether the skb is queued successfully or freed on an error path...

7.8CVSS5.7AI score0.00119EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/13 2:22 p.m.10 views

CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS5.9AI score0.00311EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:22 p.m.7 views

CVE-2020-37222

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS5.9AI score0.00311EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/13 2:22 p.m.33 views

CVE-2020-37222 Kuicms Php EE 2.0 Persistent Cross-Site Scripting via bbs reply

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS0.00311EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/13 2:21 a.m.8 views

golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS

A flaw in golang.org/x/crypto/ssh/agent causes the SSH agent client to panic when a peer responds with the generic SSHAGENTSUCCESS 0x06 message to requests expecting typed replies e.g., List, Sign. The unmarshal layer produces an unexpected message type, which the client code does not handle,...

7.5CVSS6.9AI score0.00591EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.13 views

Kuicms Php EE 跨站脚本漏洞

Kuicms Php EE is a PHP enterprise website content management system developed by Kuicms. Version 2.0 of Kuicms Php EE contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site scripting issue, which may allow unauthenticated attackers to submit malicious...

7.2CVSS5.6AI score0.00311EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.9 views

PT-2026-40688

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the net-shapers component where the reply socket buffer skb is freed twice. The genlmsg reply function transfers the reply skb to netlink, and netlink unicast consumes...

7.8CVSS5.9AI score0.00119EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-43481

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-shapers: don't free reply skb after genlmsgreply genlmsgreply hands the reply skb to netlink, and netlinkunicast consumes it on all return paths, whether th...

7.8CVSS5.8AI score0.00119EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40623

Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted content through the bbs reply endpoint. Attackers can send POST requests to /web/?c=bbs&a=reply with HTML and JavaScript payloads in t...

7.2CVSS5.9AI score0.00311EPSS
Exploits0References5
NVD
NVD
added 2026/05/11 9:18 p.m.8 views

CVE-2026-28929

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Replying to an email could display remote images in Mail in Lockdown Mode...

7.5CVSS0.0041EPSS
Exploits0References4
CVE
CVE
added 2026/05/11 8:8 p.m.16 views

CVE-2026-28929

CVE-2026-28929 describes a logic issue in Apple’s Mail app related to Lockdown Mode, where replying to an email could cause remote images to be displayed. The problem is fixed in software updates: iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. The conn...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References4Affected Software3
EUVD
EUVD
added 2026/05/11 6:31 p.m.30 views

EUVD-2026-29141

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

6.3CVSS5.9AI score0.00305EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.10 views

CVE-2026-44996

OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence agent or tool-produced ReplyPayload.mediaUrl parameters to resolve absolute local paths or file URLs...

6.3CVSS5.9AI score0.00305EPSS
Exploits0References4
Rows per page
Query Builder