Lucene search
+L

612025 matches found

bdu_fstec
bdu_fstec
added yesterday10 views

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems allows a hacker to cause a service failure.

The vulnerability in the drivers/bluetooth/btnxpuart.c module of Linux operating systems is related to incorrect resource management. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS6AI score0.00127EPSS
Exploits0References6Affected Software4
euvd
euvd
added yesterday3 views

EUVD-2026-45004

An issue was discovered in cyrus-imapd in Cyrus IMAP through 3.12.2. There is an XAPPLEPUSHSERVICE folder existence oracle and push hijack. An authenticated IMAP user could probe for the existence of arbitrary mailboxes on other users' accounts via the XAPPLEPUSHSERVICE command and then create...

3.1CVSS6.2AI score
Exploits0References3
nvd
nvd
added yesterday5 views

CVE-2026-15352

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS
Exploits0References3
cve
cve
added yesterday7 views

CVE-2026-15352

CVE-2026-15352 affects NASA’s Core Flight System (cFS) Health & Safety (HS) application. The vulnerability allows a segmentation fault when handling a routine Housekeeping Telemetry request, resulting in a denial-of-service condition. Documents confirm the HS component and cFS are impacted; the i...

8.2CVSS6.1AI score
Exploits0References3
attackerkb
attackerkb
added yesterday3 views

CVE-2026-15352

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS6.1AI score
Exploits0References4
euvd
euvd
added yesterday3 views

EUVD-2026-45022

A vulnerability exists in the Health & Safety HS application of NASA's Core Flight System cFS. The flaw allows the application to crash via segmentation fault when processing a routine Housekeeping Telemetry request, leading to denial of service...

8.2CVSS6.1AI score
Exploits0References3
cve
cve
added yesterday23 views

CVE-2026-44981

CrowdSec LAPI is affected. The LAPI router uses gin-contrib/gzip with DefaultDecompressHandle globally in pkg/apiserver/controllers/controller.go, causing unauthenticated gzip payloads to be decompressed on /v1/watchers and /v1/watchers/login without a maximum decompressed size, which can trigger...

8.2CVSS6.1AI score0.00115EPSS
Exploits0References3
cve
cve
added yesterday3 views

CVE-2026-62299

CoreDNS (rewrite plugin, edns0.go) prior to version 1.14.5 could panic when a downstream plugin returns a response with no OPT record. The code path in edns0.go dereferenced a DNS OPT without a nil check, triggered by a query matching a rewrite edns0 rule (local/nsid/subnet with set/append/replac...

5.3CVSS6.1AI score
Exploits0References4
cve
cve
added yesterday8 views

CVE-2026-62309

CoreDNS (Go) vulnerability CVE-2026-62309 affects the proxyproto plugin. A crafted PROXY v2 header with a non-UDP transport (family 0x11) can cause a crash via PacketConn.ReadFrom, where a nil readFrom result is reinterpreted after a failed parse and addr.String() is logged before crash recovery....

7.5CVSS6.1AI score
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-62994

CoreDNS vulnerability CVE-2026-62994 affects the Go-based DNS server in versions 1.9.4 through 1.14.5. When a network DNS client uses AXFR for a CoreDNS zone and CoreDNS is configured with the k8s_external headless-service zone transfers feature, and Kubernetes contains a headless service endpoin...

3.7CVSS6.1AI score
Exploits0References4
cve
cve
added yesterday5 views

CVE-2026-62963

CVE-2026-62963 affects Centrifugo prior to 6.8.4. The unidirectional WebSocket transport with uni_websocket.compression enabled did not cap output after decompression in ReadMessage (internal/websocket/conn.go advanceFrame), allowing unauthenticated requests to /connection/uni_websocket to trigge...

8.7CVSS6.1AI score
Exploits0References4
cve
cve
added yesterday14 views

CVE-2026-46378

Dasel (github.com/tomwright/dasel) is affected by CVE-2026-46378 due to a non-terminating loop in the selector lexer when tokenizing an unterminated regex literal (r/). The bug resides in matchRegexPattern inside selector/lexer/tokenize.go, where the loop continues indefinitely if the closing sla...

6.2CVSS6.1AI score0.0005EPSS
Exploits0References2
redhatcve
redhatcve
added yesterday4 views

CVE-2026-59197

A flaw was found in Pillow prior to 12.3.0. The public RankFilter API can trigger a native heap out-of-bounds write when given a very large odd filter size. ImageFilter.RankFilter.filter calls image.expandsize // 2, size // 2 before rank-filter size validation, and ImagingExpand computes output...

8.2CVSS6AI score0.00397EPSS
Exploits0References7
attackerkb
attackerkb
added yesterday3 views

CVE-2026-46621

Yamcs is a mission control framework. Prior to 5.12.7, the Yamcs script evaluation engine for Python algorithms dynamically compiled and evaluated user-controlled algorithm text using Jython through the JSR-223 ScriptEngine API without enforcing a secure sandbox, so an authenticated user with the...

9.1CVSS6.6AI score0.00473EPSS
Exploits0References6Affected Software1
ibm
ibm
added yesterday15 views

Security Bulletin: IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by multiple vulnerabilities (CVE-2026-50645, CVE-2026-9322, CVE-2026-9171)

Summary IBM WebSphere Application Server and WebSphere Application Server Liberty are affected by uncontrolled resource consumption and denial of service. Vulnerability Details CVEID:CVE-2026-50645 DESCRIPTION: There is no restriction on the amount of attachment headers that a message can contain...

7.5CVSS6.1AI score0.0046EPSS
Exploits0Affected Software1
redhat
redhat
added yesterday4 views

github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability

A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service DoS or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation...

9.8CVSS6.2AI score0.00561EPSS
Exploits0References5
redhat
redhat
added yesterday5 views

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate

A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the HostnameError.Error function. This flaw, caused by unbounded string concatenation, leads to excessive resource...

7.5CVSS7AI score0.00459EPSS
Exploits2References8
redhat
redhat
added yesterday5 views

golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses

A flaw was found in golang.org/x/crypto/ssh. A remote malicious SSH peer can exploit this by sending unsolicited global request responses, which fills an internal buffer and blocks the connection's read loop. This prevents the associated resources from being released, leading to a resource leak p...

9.1CVSS6.4AI score0.00533EPSS
Exploits0References9
redhat
redhat
added yesterday4 views

Kubelet: CRI-O: kube-apiserver: Kubelet, CRI-O, kube-apiserver: Denial of Service via SPDY streaming code

A flaw was found in the SPDY streaming code used by Kubelet, CRI-O, and kube-apiserver. An attacker with specific cluster roles, such as those allowing access to pod port forwarding, execution, or attachment, or node proxying, could exploit this vulnerability. This could lead to a Denial of Servi...

8.7CVSS6.1AI score0.00656EPSS
Exploits0References4
redhat
redhat
added yesterday5 views

github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint

A flaw was found in Prometheus. An unauthenticated attacker can exploit the remote read endpoint /api/v1/read by sending a specially crafted, small snappy-compressed payload. This payload causes a disproportionately large memory allocation, leading to memory exhaustion and a Denial of Service DoS...

7.5CVSS6AI score0.00761EPSS
Exploits0References9
Rows per page
Query Builder