Lucene search
K

6204 matches found

RedHat Linux
RedHat Linux
added 2026/05/26 4:39 a.m.18 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/26 2:58 a.m.12 views

xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.8AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.18 views

PT-2026-43324

IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod ibm upload...

7.5CVSS5.8AI score0.0038EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.13 views

PT-2026-43367

Name of the Vulnerable Software and Affected Versions IBM HTTP Server version 8.5 IBM HTTP Server version 9.0 Description An issue exists that allows a denial of service via the optional module mod mem cache. Recommendations Restrict the use of the mod mem cache module to minimize the risk of...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.29 views

Amazon Linux 2023 : httpd, httpd-core, httpd-devel (ALAS2023-2026-1720)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1720 advisory. An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. Users are recommended to...

9.8CVSS5.9AI score0.01376EPSS
Exploits2References22
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.17 views

RHEL 7 : xorg-x11-server (RHSA-2026:20590)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20590 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

9.1CVSS5.9AI score0.00489EPSS
Exploits0References12
Microsoft CVE
Microsoft CVE
added 2026/05/23 8:2 a.m.15 views

NGINX JavaScript vulnerability

...

9.8CVSS5.8AI score0.00889EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/22 3:28 p.m.11 views

CVE-2026-5171

Improper access control in the entry activity log feature in Devolutions Server allows an authenticated user with access to an entry but without the required permission to retrieve that entry's activity logs via a crafted API request. This issue affects : Devolutions Server 2026.1.6.0 through...

5.8AI score0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/05/22 11:16 a.m.12 views

CVE-2026-5755

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.2, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service serve...

6.5CVSS0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.18 views

PT-2026-42814

Name of the Vulnerable Software and Affected Versions ImageMagick affected versions not specified Description An attacker capable of connecting to a magick -distribute-cache service can trigger a heap buffer over-read in the server process. A heap buffer over-read occurs when a program reads data...

7.5CVSS5.7AI score0.00441EPSS
Exploits0References130
CVE
CVE
added 2026/05/20 9:0 a.m.51 views

CVE-2026-9064

The CVE-2026-9064 issue affects the 389-ds-base LDAP server. The get_ldapmessage_controls_ext() function does not bound the number of LDAP message controls, allowing a remote, unauthenticated attacker to send requests with hundreds of thousands of minimal controls within the default BER size (2 M...

7.5CVSS5.8AI score0.00815EPSS
Exploits0References20Affected Software3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in libsoup2.4

A use-after-free vulnerability was discovered in libsoup, within the soupmessageheadersgetcontentdisposition function. This flaw allows a malicious HTTP client to cause memory corruption in the libsoup server...

9CVSS7AI score0.00847EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Mariadb 10.3

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. The supported versions affected are 5.7.33 and earlier, as well as 8.0.23 and earlier. This easily exploitable vulnerability allows a highly privileged attacker with network access via multiple protocols to compromi...

4.9CVSS6.7AI score0.04643EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.13 views

Astra Linux – Vulnerability in Apache2

Inconsistent interpretation of HTTP requests: The “HTTP Request Smuggling” vulnerability in modproxyajp of the Apache HTTP Server allows an attacker to secretly send requests to the AJP server to which the server forwards requests. This issue affects the Apache HTTP Server version 2.4.53 and...

7.5CVSS7AI score0.19008EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in etcd

A cross-site request forgery flaw was discovered in etcd 3.3.1 and earlier. An attacker can create a website that attempts to send a POST request to the etcd server and modify a key. Adding a key is done using a PUT operation, so it seems theoretically safe but PUT operations cannot be performed...

8.8CVSS7.2AI score0.01266EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. In versions prior to 2.7.0, NT LAN Manager NTLM authentication does not properly abort when someone provides an empty password value. This issue affects FreeRDP-based RDP Server implementations. RDP clients are not affected. The...

9.1CVSS7.8AI score0.02752EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.8 views

NVIDIA Triton Inference Server 路径遍历漏洞

NVIDIA Triton Inference Server is an open-source software developed by NVIDIA Corporation. It helps standardize model deployment and provide fast, scalable AI in production environments. NVIDIA Triton Inference Server has a path traversal vulnerability, which stems from path traversal issues and...

7.5CVSS5.8AI score0.0065EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 4:16 p.m.34 views

libsoup: libsoup: Denial of Service via Use-After-Free in HTTP/2 server

A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the...

7.5CVSS5.8AI score0.00829EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

smtp-server 资源管理错误漏洞

smtp-server is an open-source Node.js module developed by nodemailer, used to create SMTP and LMTP server instances. Versions of smtp-server prior to 3.18.3 contained a resource management vulnerability. This vulnerability stemmed from issues with the SMTPStream.write and lib/smtp-stream.js...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/14 10:18 a.m.13 views

CVE-2026-42945

A flaw was found in NGINX, specifically within the ngxhttprewritemodule. An unauthenticated attacker can exploit this vulnerability by sending crafted HTTP requests under specific rewrite configurations. This can lead to a heap buffer overflow in the NGINX worker process, which may result in...

9.2CVSS6.4AI score0.61469EPSS
Exploits40References5
Rows per page
Query Builder