Lucene search
K

130 matches found

Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46000

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

5.8AI score0.00139EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.5 views

CVE-2026-36612

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 enables WPS 2.0 by default with a weak lockout policy 60-second lockout after 10 attempts...

5.8AI score0.00139EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/21 9:13 a.m.10 views

Malicious code in @hanssoft/baileys (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3f83fb38a98b69c322df069a26c495101aa35682df8f83641b00e2ce40a99bd This package is a fork of the WhatsApp library Baileys whose metadata homepage, repository, author points at the upstream @whiskeysockets/baileys,...

5.9AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 4:53 a.m.7 views

Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/05/20 4:53 a.m.7 views

MAL-2026-4665 Malicious code in security-env-loader (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cf2b538ca6f5582ba25c054253f091eacca05571066d7237d6f693f23938e37c Package impersonates the popular dotenv library identical description and repo URL git://github.com/motdotla/dotenv.git and exposes a matching config...

5.7AI score
Exploits0References2
EUVD
EUVD
added 2026/05/13 9:32 p.m.8 views

EUVD-2026-30146

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

5.9CVSS5.8AI score0.00245EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/13 8:16 p.m.9 views

CVE-2026-33381

When a user's access to mint tokens for a service account is revoked, it is sometimes still possible to do so for a few seconds after the event. The user will eventually lose access to do this...

5.9CVSS5.8AI score0.00245EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.8 views

SUSE CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.7AI score0.00123EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 3:16 p.m.9 views

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.5CVSS0.00123EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.7 views

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References10
OSV
OSV
added 2026/05/08 3:16 p.m.6 views

UBUNTU-CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References11
CVE
CVE
added 2026/05/08 2:22 p.m.22 views

CVE-2026-43428

CVE-2026-43428 affects the Linux kernel USB core. The vulnerability arises from usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() allowing unbounded, uninterruptible timeouts, which could hang a task indefinitely. The fix enforces a maximum timeout of 60 seconds and treats negative timeo...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:22 p.m.8 views

CVE-2026-43428

In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usbcontrolmsg, usbbulkmsg, and usbinterruptmsg APIs in usbcore allow unlimited timeout durations. And since they use uninterruptible waits, this leaves open the...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.12 views

PT-2026-39089

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The usb control msg, usb bulk msg, and usb interrupt msg APIs in usbcore allow unlimited timeout durations. Because these APIs utilize uninterruptible waits, a task can be hung...

7.8CVSS5.8AI score0.00378EPSS
Exploits0References147
Debian
Debian
added 2026/05/07 7:50 a.m.8 views

[SECURITY] [DLA 4569-1] tzdata new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-4569-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort May 07, 2026 https://wiki.debian.org/LTS -...

5.8AI score
Exploits0
OSV
OSV
added 2026/04/21 1:5 p.m.5 views

CLSA-2026-1776601980 curl: Fix of CVE-2024-7264

CVE-2024-7264: fix ASN.1 GTime2str heap buffer over-read caused by off-by-one in fractional seconds length calculation...

6.5CVSS6.9AI score0.16212EPSS
Exploits1References1
OSV
OSV
added 2026/04/19 11:50 a.m.6 views

CLSA-2026-1776599416 curl: Fix of CVE-2024-7264

CVE-2024-7264: fix ASN.1 GTime2str heap buffer over-read caused by off-by-one in fractional seconds length calculation...

6.5CVSS5.9AI score0.16212EPSS
Exploits1References1
NVD
NVD
added 2026/04/10 5:17 p.m.11 views

CVE-2026-35665

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending...

6.9CVSS0.00327EPSS
Exploits1References2
EUVD
EUVD
added 2026/04/10 4:3 p.m.6 views

EUVD-2026-21476

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending...

8.7CVSS5.8AI score0.00418EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.3 views

CVE-2026-35665

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending...

8.7CVSS5.8AI score0.00418EPSS
Exploits1References3
Rows per page
Query Builder