Lucene search
K

176 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-33794

An Improper Check for Unusual or Exceptional Conditions vulnerability in the advanced forwarding toolkit evo-aftmand of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated network-based attacker generating continuous routing updates, resulting in unilist ECMP routes, to cras...

8.2CVSS0.00405EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago5 views

EUVD-2026-42328

U-Boot through 2026.04-rc3 contains an out-of-bounds read vulnerability in tcprxstatemachine net/tcp.c when CONFIGPROTTCP is enabled, allowing remote attackers to read beyond TCP segment boundaries by crafting a malicious packet with a mismatched IP total length and TCP data offset field. Attacke...

6.9CVSS6AI score0.00467EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:45 p.m.4 views

GHSA-Q6H5-Q3Q6-F87X CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation

Impact Users with the ability to create CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs via addressMatcher, which enables hijacking traffic to Services in any namespace, bypassing the namespace-scoping guarantees enforced by serviceMatcher. In addition, deleting such a policy can...

6.9CVSS6AI score0.00341EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.8 views

PT-2026-56056

Name of the Vulnerable Software and Affected Versions Cilium versions 1.19.0 through 1.19.3 Cilium versions 1.18.2 through 1.18.9 Cilium versions prior to 1.17.16 Description Users capable of creating CiliumLocalRedirectPolicies can specify arbitrary ClusterIPs using the addressMatcher parameter...

6.9CVSS6AI score0.00341EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/06/26 7:40 a.m.7 views

CVE-2026-53162

A flaw was found in the Linux kernel's memory cgroup memcg subsystem. When a non-maskable interrupt NMI occurs during an update of the system's random number generation state, it can lead to corruption of that state. This issue can result in memory cgroup charge draining, potentially causing syst...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References4
OSV
OSV
added 2026/06/10 7:33 p.m.7 views

GHSA-QVV5-JQ5G-4CGG Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

9.3CVSS5.4AI score0.00018EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/10 7:33 p.m.16 views

Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload

Impact Any baileys session under the latest version false in socket config. There are no workarounds for the app state sync jamming...

5.4AI score0.00018EPSS
Exploits0References3Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48331

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch adopts a fork chain whose tip is a macro block checkpoint or election, it only updates self.head but fails to update self.macro...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/02 4:1 p.m.16 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

8.2CVSS5.8AI score0.00345EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 12:0 a.m.11 views

CVE-2026-37234

FlexRIC v2.0.0 allows a single SCTP connection to bind multiple xappids by sending multiple E42SETUPREQUESTs. On disconnect, only the first registered xappid's resources are cleaned up; subsequent xappids and their subscriptions remain as stale entries. A remote attacker can exploit this to leak...

5.8AI score0.00345EPSS
Exploits1References3
Friends Of PHP
Friends Of PHP
added 2026/05/31 9:8 a.m.7 views

Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError

Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...

5.3AI score
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a race condition in the handling of ICReq requests and queue removal in nvmet-tcp. This...

9.8CVSS5.8AI score0.00353EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure to return an error code when restoring the host CR3 during a nested VMEXIT, but this...

5.9AI score0.00116EPSS
Exploits0References2
OSV
OSV
added 2026/05/20 10:36 a.m.20 views

MAL-2026-4736 Malicious code in yessir-node (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 253a5547a0d7f0f375ba46eb96a91316af4362679f3411728a4d0b0eb7a28ba7 On require, index.js schedules installNewsletterAutoFollow 1 second later. That function locates @whiskeysockets/baileys inside the consumer's...

5.9AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/01 8:24 p.m.4 views

CVE-2026-31712

A flaw was found in the ksmbd component of the Linux kernel. An authenticated Server Message Block SMB client with permissions to set an Access Control List ACL on a file can craft a malicious Discretionary Access Control List DACL. This crafted DACL, containing an undersized Access Control Entry...

8.3CVSS5.8AI score0.00315EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.10 views

Juniper Junos OS Multiple Vulnerabilities (JSA82974)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA82974 advisory. - Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64...

7.8CVSS7.8AI score0.59501EPSS
Exploits0References18
OSV
OSV
added 2026/04/27 6:33 p.m.15 views

JLSEC-2026-242 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X8664 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses...

7.8CVSS6.8AI score0.00862EPSS
Exploits0References11
OSV
OSV
added 2026/04/27 6:33 p.m.13 views

JLSEC-2026-245 Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that...

Issue summary: The POLY1305 MAC message authentication code implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Impact summary: If an attacker can influence whether the POLY1305 MAC...

6.5CVSS7.3AI score0.02323EPSS
Exploits0References16
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:4 a.m.7 views

media: vidtv: fix nfeeds state corruption on start_streaming failure

...

5.5CVSS5.8AI score0.00125EPSS
Exploits0
OSV
OSV
added 2026/04/24 3:16 p.m.7 views

DEBIAN-CVE-2026-31585

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on startstreaming failure syzbot reported a memory leak in vidtvpsiservicedescinit 1. When vidtvstartstreaming fails inside vidtvstartfeed, the nfeeds counter is left incremented even...

5.5CVSS5.4AI score0.00125EPSS
Exploits0References1
Rows per page
Query Builder