Lucene search
+L

333 matches found

NVD
NVD
added yesterday7 views

CVE-2026-54340

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Prior to commit 9265bdd, there is an HTTP/2 state amplification issue that combines HPACK decompression amplification with Slowloris-style stream stalling. Amplified decoded header state can be retained by stalled HTTP/2 streams,...

7.5CVSS0.00278EPSS
Exploits0References2
OSV
OSV
added 2 days ago5 views

GHSA-M2V6-2JMH-4C68 Envoy Gateway: Nil-dereference when SecurityPolicy targets TCPRoute without spec.authorization

Vulnerability report without repro case. Repro case may be added later after harness is complete. Preconditions 4: - Tenant has SecurityPolicy + TCPRoute RBAC baseline - Tenant namespace permitted to attach TCPRoute to a Gateway listener - spec.authorization omitted the trigger - No admission...

6.5CVSS6.1AI score0.00121EPSS
Exploits0References2
CERT
CERT
added 2 days ago4 views

Denial-of-service vulnerability in HTTP/2 servers via stalled flow-control conditions

Overview A denial-of-service DoS vulnerability exists in some HTTP/2 server implementations that fail to adequately limit resource consumption when buffering response data under stalled flow-control conditions. A remote, unauthenticated attacker can trigger memory exhaustion and service...

8.7CVSS5.8AI score0.00328EPSS
Exploits0References1
NVD
NVD
added 6 days ago6 views

CVE-2026-10668

The Nuvoton NuMaker HSUSBD USB device-controller driver drivers/usb/udc/udcnumaker.c armed the control Data IN stage unconditionally base-CEPTXCNT = len in numakerhsusbdeptrigger. Because the HSUSBD hardware cannot disarm a control Data IN already armed for a previous transfer, a USB host that...

4.6CVSS0.00159EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2026/06/29 5:40 p.m.10 views

K000161954: Linux kernel vulnerability CVE-2026-23351

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Under a large number of expired elements, commit-time GC can run for a very...

7.8CVSS5.9AI score0.00125EPSS
Exploits0Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.7 views

SUSE CVE-2026-53290

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-52945

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Revert wireguard: device: enable threaded NAPI This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit...

7.5CVSS5.9AI score0.00307EPSS
Exploits0References3
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

UBUNTU-CVE-2026-53290

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS5.7AI score0.00124EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.10 views

CVE-2026-53290

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS5.8AI score0.00124EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.33 views

CVE-2026-53290 drm/xe/eustall: Fix drm_dev_put called before stream disable in close

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS0.00124EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:40 p.m.10 views

CVE-2026-53290

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 12:53 p.m.8 views

CVE-2026-52991

A flaw was found in the Linux kernel's Pressure Stall Information PSI subsystem. A race condition exists between the file release and pressure write operations, specifically concerning the priv member of struct kernfsopenfile. This can lead to a use-after-free vulnerability or a NULL dereference,...

7.8CVSS5.7AI score0.00107EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.15 views

PT-2026-52929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the xe eu stall stream close function. The drm dev put function is called before the stream is disabled and its resources are freed. If this call drops t...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls...

6.1AI score0.00156EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:15 p.m.28 views

CVE-2026-52814

CVE-2026-52814 affects Gogs’ built-in Go SSH server, where unauthenticated clients can stall the SSH handshake to exhaust file descriptors, spawning unbounded goroutines and causing FD exhaustion that disrupts SSH access. Connected advisories (GHSA-XP79-5MX3-JX52) confirm the vulnerability detail...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 8:15 p.m.4 views

CVE-2026-52814 Gogs: Unauthenticated Asymmetric Denial of Service (DoS) via SSH Handshake Stall (File Descriptor Exhaustion)

Gogs is an open source self-hosted Git service. Prior to 0.14.3, the Gogs built-in Go SSH server is vulnerable to an unauthenticated, asymmetric Denial of Service DoS attack. The application accepts inbound TCP connections and passes them to golang.org/x/crypto/ssh.NewServerConn inside a new...

6.9CVSS5.9AI score0.00547EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38813

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

5.8AI score0.00307EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-52945

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

7.5CVSS0.00307EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38951

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls progarraymappokerun per entry which can be expensive, and without yielding this c...

5.7AI score0.00156EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 4:29 p.m.6 views

CVE-2026-52991 sched/psi: fix race between file release and pressure write

In the Linux kernel, the following vulnerability has been resolved: sched/psi: fix race between file release and pressure write A potential race condition exists between pressure write and cgroup file release regarding the priv member of struct kernfsopenfile, which triggers the uaf reported in 1...

7.8CVSS6AI score0.00107EPSS
Exploits0References9
Rows per page
Query Builder