Lucene search
K

36 matches found

OSV
OSV
added 2026/06/25 12:0 a.m.2 views

UBUNTU-CVE-2026-12246

NSD version 4.14.0 introduced a bug where a specially crafted APL RR, with an adflength larger than permitted for the address family will overwrite the stack when the zone is written to disk, with a maximum of 111 attacker controlled bytes...

8.1CVSS5.8AI score0.00265EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/18 6:1 p.m.9 views

EUVD-2026-37928

A flaw in Node.js HTTP/2 server API can cause servers to keep accepting data even after sending a GOAWAY frame. This vulnerability affects two supported release lines: Node.js 22 and Node.js 24...

5.3CVSS5.4AI score0.00445EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/10 5:16 a.m.8 views

CVE-2026-7262

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, and 8.5. before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element. This leads to dereferences a NULL pointer,...

7.5CVSS5.8AI score0.0076EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/01 6:36 p.m.6 views

EUVD-2026-17995

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6AI score0.00248EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/01 6:36 p.m.14 views

Temporal Server: attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster

A writer role user in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the attacker to know or guess specific victim workflow IDs and, for signal operations, signal names. This was due to a bu...

2.3CVSS6.1AI score0.00248EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.6 views

PT-2026-29583

Name of the Vulnerable Software and Affected Versions Temporal Server versions 1.29.0 and later Description A user with a writer role in an attacker-controlled namespace could signal, delete, and reset workflows or activities in a victim namespace on the same cluster. Exploitation requires the...

2.3CVSS6AI score0.00248EPSS
Exploits0References10
OSV
OSV
added 2026/01/29 8:17 a.m.10 views

LSN-0117-1 Kernel Live Patch Security Notice

In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100xmitprepare In e100xmitprepare, if we can't map the skb, then return -ENOMEM, so e100xmitframe will return NETDEVTXBUSY and the upper layer will resend the skb. In the Linux kernel, the...

7.8CVSS6.9AI score0.00571EPSS
Exploits2References12
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 4 : kernel-2.6.32-696.6.3.el6 (AXSA:2017-1749:05)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1749:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating system:...

10CVSS7AI score0.1081EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.3 views

MiracleLinux 7 : 389-ds-base-1.3.4.0-26.el7 (AXSA:2016-099:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-099:01 advisory. 389 Directory Server is an LDAPv3 compliant server. The base package includes the LDAP server and command line utilities for server administration. Security...

7.8CVSS7.5AI score0.0399EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/12/06 9:50 p.m.5 views

CVE-2025-40273

In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4freeolstateid Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4laundromat if the stateid hasn't been used in a lease period. However, in case...

5.4AI score0.00176EPSS
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-3761

Malware in sbrugna...

8.8CVSS8.6AI score0.01091EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-6570

Malware in sbrugna...

8CVSS7.7AI score0.0113EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-31885

Malicious code in bioql PyPI...

7.5CVSS8.1AI score0.01546EPSS
Exploits1References8
SUSE Linux
SUSE Linux
added 2025/07/30 4:17 p.m.3 views

Security update for kernel-livepatch-MICRO-6-0-RT_Update_2

This update for kernel-livepatch-MICRO-6-0-RTUpdate2 fixes the following issues: CVE-2024-50208: RDMA/bnxtre: Fix a bug while setting up Level-2 PBL pages bsc1233118 CVE-2024-50250: fsdax: daxunshareiter needs to copy entire blocks bsc1233227 CVE-2024-53146: NFSD: prevent a potential integer...

8.5CVSS7.6AI score0.00262EPSS
Exploits0References46
RedhatCVE
RedhatCVE
added 2025/05/22 6:33 p.m.8 views

CVE-2021-32657

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The...

4.3CVSS6.5AI score0.01823EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 2:2 p.m.36 views

CVE-2025-47790 Nextcloud Server doesn't request second factor after session timeout

Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor...

6.4CVSS0.00325EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/04/17 6:39 a.m.6 views

X.Org: Xwayland: Use-after-free of the root cursor

A use-after-free flaw was found in X.Org and Xwayland. The root cursor is referenced in the X server as a global variable. If a client frees the root cursor, the internal reference points to freed memory and causes a use-after-free...

7.8CVSS7AI score0.00359EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/07/09 12:0 a.m.6 views

Google Android Security Vulnerability

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in Google Android that originates from a logic error in the DevmemIntFreeDefBackingPage method of the devicememserver.c file, which could lead to arbitrary code...

7.8CVSS7.5AI score0.001EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2023/05/09 9:50 a.m.6 views

xorg-x11-server: ScreenSaverSetAttributes use-after-free

A vulnerability was found in X.Org. This issue occurs because the handler for the ScreenSaverSetAttributes request may write to memory after it has been freed. This flaw can lead to local privileges elevation on systems where the X server runs privileged and remote code execution for ssh X...

8.8CVSS6.3AI score0.02367EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:22 a.m.3 views

SUSE CVE-2015-1158

The addjob function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted 1 IPPCREATEJOB or 2 IPPPRINTJOB...

10CVSS7.3AI score0.29913EPSS
Exploits8References8
Rows per page
Query Builder