Lucene search
K

4620 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48923

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/06/12 12:0 a.m.11 views

SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

5.6AI score0.00044EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/11 1:56 a.m.22 views

MAL-2026-5543 Malicious code in jailbreak-code (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9f729dde017c78154685be850893a9f3ebd58bf0b5cb1229e7e49fb09b14f5d5 The package presents itself as an AI developer CLI but is engineered as a credential and payment harvester. src/c2.ts hardcodes a Discord webhook URL...

5.5AI score
Exploits0References2
Mageia
Mageia
added 2026/06/10 5:7 a.m.16 views

Updated libxmp packages fix security vulnerabilities

CVE-2023-45679: Attempt to free an uninitialized memory pointer in vorbisdeinit CVE-2023-45680: Null pointer dereference in vorbisdeinit CVE-2023-45681: Out of bounds heap buffer write CVE-2023-45676: Multi-byte write heap buffer overflow in startdecoder CVE-2023-45677: Heap buffer out of bounds...

7.8CVSS7AI score0.0056EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.9 views

SUSE CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

4.4CVSS5.4AI score0.00155EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-52905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/09 4:33 p.m.12 views

CVE-2026-52905

A flaw was found in the Linux kernel's Data Access MONitor DAMON core. The damonstart function, when used via the DAMON sysfs interface, failed to properly validate the minregionsz parameter. This allowed non-power of two values, which could lead to unaligned DAMON region address ranges and...

5.5CVSS5.5AI score0.00155EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 2:16 p.m.12 views

CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

5.5CVSS0.00155EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 2:16 p.m.7 views

UBUNTU-CVE-2026-52905

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

5.2AI score0.00155EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/09 12:36 p.m.12 views

EUVD-2026-35434

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

5.4AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 12:36 p.m.34 views

CVE-2026-52905 mm/damon/core: disallow non-power of two min_region_sz on damon_start()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two minregionsz on damonstart Commit d8f867fa0825 "mm/damon: add damonctx-minszregion" introduced a bug that allows unaligned DAMON region address ranges. Commit c80f46ac228b "mm/damon/core:...

0.00155EPSS
Exploits0References3
CVE
CVE
added 2026/06/09 12:36 p.m.29 views

CVE-2026-52905

CVE-2026-52905 (Linux kernel) involves the DAMON subsystem where the min_region_sz value was not guaranteed to be a power of two, potentially allowing unaligned DAMON region address ranges via damon_start(). The issue originated from code in mm/damon/core and was partially addressed previously, b...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47791

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A bug in the DAMON Data Access MONitor subsystem allows the use of unaligned region address ranges. This occurs because the sysfs interface can emit a min region sz value that is not a...

9.8CVSS5.3AI score0.93235EPSS
Exploits31References333
RedhatCVE
RedhatCVE
added 2026/06/08 6:47 p.m.11 views

CVE-2020-37248

A flaw was found in OfflineIMAP. This vulnerability allows a remote attacker to perform a man-in-the-middle attack by exploiting the client's trust in the server's STARTTLS capability before authentication. This can lead to the attacker taking over the connection and extracting sensitive account...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 4:16 p.m.7 views

UBUNTU-CVE-2020-37248

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS5.4AI score0.00186EPSS
Exploits0References7
OSV
OSV
added 2026/06/08 4:16 p.m.11 views

UBUNTU-CVE-2026-42536

Heap-based Buffer Overflow vulnerability in Apache HTTP Server with modxml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the issue...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References5
CVE
CVE
added 2026/06/08 3:23 p.m.88 views

CVE-2026-42536

Summary (CVE-2026-42536) : A heap-based buffer overflow in Apache HTTP Server affects 2.4.0–2.4.67 through the mod_xml2enc component (and related parsing of untrusted content via xml2StartParse). The issue is resolved by upgrading to Apache HTTP Server 2.4.68. The payload vector involves processi...

7.5CVSS5.4AI score0.0071EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2026/06/08 3:5 p.m.38 views

CVE-2020-37248

OfflineIMAP prior to version 8.0.3 is affected by a STARTTLS trust issue: the client trusts the server’s STARTTLS capability before authentication, enabling man-in-the-middle attacks that can exfiltrate credentials in cleartext. This vulnerability can enable an attacker to take over the connectio...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
OSV
OSV
added 2026/06/08 1:54 p.m.10 views

JLSEC-2026-603

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.5AI score0.00324EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.18 views

PT-2026-47305

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account credentials in cleartext...

6.5CVSS5.5AI score0.00186EPSS
Exploits0References5
Rows per page
Query Builder