Lucene search
+L

4210 matches found

redhat
redhat
added yesterday5 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
osv
osv
added yesterday4 views

USN-8547-1 linux-gcp-5.15, linux-intel-iotg-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.8AI score0.09796EPSS
Exploits4References66
osv
osv
added yesterday6 views

USN-8546-1 linux-raspi vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
osv
osv
added yesterday6 views

USN-8545-1 linux-hwe-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9References63
ubuntu
ubuntu
added yesterday4 views

USN-8545-1: Linux kernel (HWE) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - InfiniBand drivers; -...

9.8CVSS6.9AI score0.00817EPSS
Exploits9
nvd
nvd
added 2 days ago3 views

CVE-2026-50462

External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00313EPSS
Exploits0References1
nvd
nvd
added 2 days ago3 views

CVE-2026-34346

Cleartext transmission of sensitive information in Windows Ancillary Function Driver for WinSock allows an authorized attacker to disclose information locally...

5.5CVSS0.00207EPSS
Exploits0References1
cve
cve
added 2 days ago5 views

CVE-2026-57093

CVE-2026-57093 – Windows Ancillary Function Driver for WinSock is a reported use-after-free vulnerability in the WinSock ancillary function driver that can be exploited locally to achieve privilege escalation. The issue affects the specific Windows driver handling WinSock operations; successful e...

7CVSS6AI score0.00252EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago24 views

CVE-2026-50462 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

7.8CVSS0.00313EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago25 views

CVE-2026-50312 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

...

4.7CVSS0.0031EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2 days ago5 views

CVE-2026-34346 Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

...

5.5CVSS6.1AI score0.00207EPSS
Exploits0References1
cve
cve
added 2 days ago28 views

CVE-2026-34346

CVE-2026-34346 concerns the Windows Ancillary Function Driver for WinSock. The vulnerability enables an authorized, local attacker to disclose sensitive information due to cleartext transmission of data. The available records (NVD/NVD entry and CVE listing) describe the affected component and the...

5.5CVSS6AI score0.00207EPSS
Exploits0References1Affected Software13
redhat
redhat
added 5 days ago7 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.9AI score0.00228EPSS
Exploits0References7
redhat
redhat
added 6 days ago5 views

undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery.

A flaw was found in undici. An attacker-controlled upstream server can exploit a vulnerability in Undici's HTTP/1.1 client, specifically related to response queue poisoning on reused keep-alive sockets. This allows the attacker to inject an unsolicited HTTP/1.1 response onto an idle socket...

3.7CVSS6.1AI score0.00228EPSS
Exploits0References7
ubuntu
ubuntu
added 6 days ago6 views

USN-8529-1: Linux kernel vulnerabilities

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-43503 Several security issues...

9.8CVSS6.9AI score0.00591EPSS
Exploits11
osv
osv
added 6 days ago1 views

SUSE-SU-2026:2839-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-68324: scsi: imm: Fix use-after-free bug caused by unfinished delayed work bsc1255416. - CVE-2026-43198: tcp: fix potential race in tcpv6synrecvsock bsc1264610. ...

9.8CVSS6.7AI score0.00346EPSS
Exploits16References22
cve
cve
added 2026/07/09 5:8 p.m.16 views

CVE-2026-13461

CVE-2026-13461 affects PayRange Android app v7.0.7 where, when paired with an SSL-bypass vulnerability, JavaScript can be injected into the WebView, allowing sandbox escape and dangerous actions on the user device. The underlying issue is WebView JavaScript injection enabled by a compromised TLS ...

9.6CVSS6AI score0.0034EPSS
Exploits0References2
euvd
euvd
added 2026/07/09 5:8 p.m.7 views

EUVD-2026-42635

When coupled with the SSL bypass vulnerability, JavaScript can be injected into a WebView in the PayRange version 7.0.7 app. The injection of specific JavaScript function calls allows the attacker to escape the WebView sandbox and perform a number of dangerous actions on the user's device...

6AI score0.0034EPSS
Exploits0References2
nvd
nvd
added 2026/07/08 11:16 p.m.6 views

CVE-2026-54776

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, a CoreWCF service hosted on Unix Domain Sockets with PosixIdentity client credentials can accept connections that skip the application/unixposix stream upgrade before dispatching...

4.4CVSS0.00109EPSS
Exploits0References6
redhat
redhat
added 2026/07/07 8:2 p.m.40 views

kernel: tcp: fix potential race in tcp_v6_syn_recv_sock()

A flaw was found in the Linux kernel. A race condition exists in the TCP Transmission Control Protocol IPv6 Internet Protocol version 6 socket handling, specifically within the tcpv6synrecvsock function. This occurs because a child socket becomes visible in the TCP hash table before its...

9.8CVSS6.6AI score0.00298EPSS
Exploits0References5
Rows per page
Query Builder