Lucene search
+L

26496 matches found

AlpineLinux
AlpineLinux
added 2026/06/25 8:11 p.m.3 views

CVE-2026-6681

The PKCS7 decode path ignores the caller-supplied output buffer size outputSz, allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release...

5.3CVSS6.1AI score0.00256EPSS
Exploits0
Snyk
Snyk
added 2026/06/25 6:43 p.m.7 views

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in the PKCS7 signature verification process for Azure instance identity. An attacker can obtain agent tokens without authentication by bypassing signature validation. Remediation There is...

9.3CVSS5.8AI score0.0026EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 6:39 p.m.6 views

EUVD-2026-39534

SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations AES encryption/decryption and hashing. DPA Countermeasures on SYMCRYPTO can be weakened reduced entropy by forcing certain seed values if an attacker gains code...

7.1CVSS6.3AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 6:16 p.m.11 views

CVE-2026-55967

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

7.5CVSS0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:14 p.m.6 views

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64...

7.1CVSS6.2AI score0.00239EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/25 4:53 p.m.7 views

EUVD-2026-39493

AES-GCM encryption/decryption with extremely large cumulative single message sizes 64 GiB were not properly rejected by the streaming APIs, allowing counter wrap, keystream reuse, and consequent plaintext recovery...

2CVSS5.8AI score0.00114EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 11:0 a.m.6 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.6 views

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

7.5CVSS6.8AI score0.01945EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 9:3 a.m.7 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.9 views

crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building

A flaw was found in the Go standard library packages crypto/x509 and crypto/tls. During the process of building a certificate chain, an attacker can provide a large number of intermediate certificates. This excessive input is not properly limited, leading to an uncontrolled amount of work being...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/25 12:7 a.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.17 views

PT-2026-52586

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer underflow occurs in the wc PKCS7 DecryptOri function when processing specially crafted Other Recipient Info. This leads to incorrect length handling...

5.3CVSS5.7AI score0.0019EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52621

Name of the Vulnerable Software and Affected Versions vtk vtk-dicom affected versions not specified Description A heap-based buffer overflow occurs in the vtkDICOMItem::NewDataElement function. A heap-based buffer overflow is a memory corruption issue that happens when a program writes more data ...

8.1CVSS6AI score0.0032EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/24 8:21 p.m.11 views

CVE-2023-54365

A flaw was found in Traefik's HTTP/2 request handling. A remote attacker can exploit this vulnerability by rapidly creating and canceling HTTP/2 streams. This can exhaust server resources, leading to a denial of service DoS and making the service unavailable to legitimate users. This issue is...

8.7CVSS5.9AI score0.00566EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/24 2:3 p.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS7.4AI score0.00728EPSS
Exploits0References8
CVE
CVE
added 2026/06/23 7:53 p.m.41 views

CVE-2026-12891

The CVE-2026-12891 issue affects the GStreamer gst-plugins-bad package, specifically the H.266/VVC parser. A malformed H.266/VVC stream with a crafted aspect ratio indicator value can cause an out-of-bounds read of up to 8 bytes from adjacent memory. This could enable an attacker to craft a malic...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2026/06/23 1:16 p.m.15 views

CVE-2026-56315

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS0.00757EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:13 p.m.27 views

CVE-2026-56315

CVE-2026-56315 affects the Python tool picklescan until version 1.0.4, which fails to block imports from at least seven standard library modules (e.g., uuid, _osx_support, _aix_support, _pyrepl.pager, imaplib). This allows adversaries to craft pickle files that import these unblocked modules to t...

9.8CVSS6.7AI score0.00757EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:13 p.m.57 views

CVE-2026-56315 picklescan - Remote Code Execution via Unblocked Standard Library Modules

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS0.00757EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.13 views

EUVD-2026-38437

picklescan before 1.0.4 fails to block at least seven Python standard library modules including uuid, osxsupport, aixsupport, pyrepl.pager, and imaplib exposing eight functions that provide direct arbitrary command execution. Attackers can craft malicious pickle files importing these unblocked...

9.8CVSS6.7AI score0.00757EPSS
Exploits0References2
Rows per page
Query Builder