Lucene search
+L

6389 matches found

redhat
redhat
added 2026/06/19 4:39 p.m.10 views

kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing

A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture USB audio subsystem. An inconsistency in how USB audio playback and capture streams are handled can lead to an out-of-bounds write to a memory buffer. This can result in a system crash, causing a denial of service for a...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
mscve
mscve
added 2026/06/19 2:0 p.m.7 views

Chromium: CVE-2026-12459 Inappropriate implementation in Serial

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS5.8AI score0.00181EPSS
Exploits0
astralinux
astralinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: asix: Proper error handling for USB read errors has been added. The Syzbot issue with the asix driver remains the same. The problem is still present—the asixreadcmd function reads fewer bytes than requested by the caller...

5.5CVSS6.1AI score0.00252EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/19 8:50 a.m.9 views

CVE-2026-12459

An inappropriate implementation flaw was found in the Serial component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=517406035...

8.1CVSS5.8AI score0.00181EPSS
Exploits0References5
osv
osv
added 2026/06/18 11:41 a.m.3 views

MINI-7P53-F5G3-7XQ3

Bulletin has no description...

9.6CVSS4.9AI score0.00478EPSS
Exploits0
susecve
susecve
added 2026/06/18 1:59 a.m.10 views

SUSE CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS5.5AI score0.00181EPSS
Exploits0References3
nvd
nvd
added 2026/06/17 1:20 p.m.11 views

CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS0.00181EPSS
Exploits0References2
osv
osv
added 2026/06/17 1:20 p.m.5 views

DEBIAN-CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS5.6AI score0.00181EPSS
Exploits0References1
debiancve
debiancve
added 2026/06/17 1:38 a.m.9 views

CVE-2026-12459

Inappropriate implementation in Serial in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

6.1CVSS5.6AI score0.00181EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.17 views

PT-2026-50209

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description An inappropriate implementation in the Serial component allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the injection of...

9.6CVSS6AI score0.00601EPSS
Exploits0References40
nvd
nvd
added 2026/06/16 3:16 p.m.14 views

CVE-2026-10831

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

6.9CVSS0.00292EPSS
Exploits0References1
cve
cve
added 2026/06/16 1:46 p.m.12 views

CVE-2026-10831

CVE-2026-10831 concerns MOXA NPort serial device servers. The issue is improper access control on the command port: the command interface does not properly verify that the sender is tied to a valid data-port session before accepting break signal commands. A remote attacker with network access can...

6.9CVSS5.4AI score0.00292EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/16 1:46 p.m.29 views

CVE-2026-10831 Improper Authorization of Break Signal Commands in Devices

A denial-of-service vulnerability exists in NPort devices because of improper access control on the command port. The command interface does not properly validate whether a sender is associated with a valid data port session before accepting break signal commands. A remote attacker with network...

6.9CVSS0.00292EPSS
Exploits0References1
nvd
nvd
added 2026/06/16 12:16 p.m.15 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
euvd
euvd
added 2026/06/16 10:16 a.m.10 views

EUVD-2026-37062

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

8.6CVSS5.3AI score0.00472EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/16 10:16 a.m.34 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS0.0031EPSS
Exploits0References1
cve
cve
added 2026/06/16 10:16 a.m.27 views

CVE-2026-10828

The CVE-2026-10828 affects the NPort W2150A-W4/W2250A-W4 Serial Param config page, where the alias parameter is vulnerable to format-string handling due to insufficient input validation in version 1.5 and earlier. This can lead to memory disclosure and potential ASLR bypass. No exploitation detai...

6.9CVSS5.4AI score0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/16 10:16 a.m.10 views

CVE-2026-10828

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.00472EPSS
Exploits0References1
redhat
redhat
added 2026/06/16 7:18 a.m.8 views

wireshark: Improperly Controlled Sequential Memory Allocation in Wireshark

A flaw was found in the USB HID dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing an excessive consumption of memory, resulting in a denial of service...

7.5CVSS5.1AI score0.00184EPSS
Exploits2References6
ptsecurity
ptsecurity
added 2026/06/16 12:0 a.m.22 views

PT-2026-49653

A format string vulnerability has been found in the "alias" parameter of the Serial Param configuration page in the NPort W2150A-W4/W2250A-W4 Series version 1.5 and prior. This vulnerability stems from insufficient input validation and improper handling of externally supplied format strings. An...

6.9CVSS5.3AI score0.0031EPSS
Exploits0References3
Rows per page
Query Builder