Lucene search
+L

195 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2026-54465 websocket-driver: Memory exhaustion in HTTP header parser

websocket-driver is a WebSocket protocol handler with pluggable I/O. Prior to 0.8.1, when websocket-driver is used to implement a WebSocket server on top of a TCP server using WebSocket::Driver.server or to complement a WebSocket client, a peer can make a single connection consume an unbounded...

6.3CVSS
Exploits0References2
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60380

Name of the Vulnerable Software and Affected Versions websocket-driver versions prior to 0.8.1 Description When used to implement a WebSocket server on top of a TCP server via the WebSocket::Driver.server method or to complement a WebSocket client, the software is susceptible to memory exhaustion...

6.3CVSS5.3AI score
Exploits0References8
OSV
OSV
added 2026/07/09 12:54 p.m.3 views

OESA-2026-2959 fluidsynth security update

FluidSynth is a free software synthesizer. Its currently based on the SoundFont 2 specifications and supports real time MIDI effect controls. It can be used as a shared library for embedding in other applications, can play MIDI files and has a command line shell. Many other applications use...

6.3AI score
Exploits0References2
EUVD
EUVD
added 2026/06/14 5:10 p.m.14 views

EUVD-2026-36661

nanoMODBUS through v1.23.0 contains an off-by-one buffer overflow in the recvmsgheader function of the Modbus/TCP server that allows remote unauthenticated attackers to write one attacker-controlled byte past the end of the 260-byte receive buffer by sending a crafted MBAP frame whose Length fiel...

9CVSS5.8AI score0.00541EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.22 views

PT-2026-49133

Name of the Vulnerable Software and Affected Versions nanoMODBUS versions prior to 1.23.1 Description An off-by-one buffer overflow exists in the recv msg header function of the Modbus/TCP server. Remote unauthenticated attackers can write one controlled byte beyond the 260-byte receive buffer by...

9CVSS5.6AI score0.00541EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.20 views

PT-2026-41947

Name of the Vulnerable Software and Affected Versions Motorola Factory Test affected versions not specified Description An improper authentication issue exists in the com.motorola.motocit component. The application contains a reference to a writable file descriptor in external storage. This allow...

8.4CVSS6.1AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 a.m.15 views

EUVD-2026-29390

An unauthenticated remote attacker may exhaust all available TCP connections in the CODESYS Modbus TCP Server stack if a race condition in connection handling is successfully exploited, preventing legitimate clients from establishing new connections...

8.2CVSS5.8AI score0.00351EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/01 12:0 a.m.5 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS6.1AI score0.00253EPSS
Exploits0References4
CVE
CVE
added 2026/05/01 12:0 a.m.12 views

CVE-2026-37552

CVE-2026-37552 . Affected: MixPHP Framework 2.x up to 2.2.17. Root cause: unsafe deserialization using Opis\Closure\unserialize() on data received by the sync-invoke TCP server, then executed via call_user_func(). No authentication/signature on the localhost TCP port (127.0.0.1). Impact: arbitrar...

8.4CVSS6.1AI score0.00253EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.35 views

CVE-2026-37552

Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server Server.php:87 receives data from a TCP socket, passes it directly to Opis\Closure\unserialize, then executes the result via calluserfunc. No authentication or signature verification exists on the...

8.4CVSS0.00253EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a contention condition when accessing TCPServerInfo::hostname, which could lead to reuse after release...

5.8AI score0.00167EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/09 12:29 a.m.6 views

SUSE CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

5.5CVSS6.6AI score0.00162EPSS
Exploits0References9
EUVD
EUVD
added 2025/12/08 3:31 a.m.4 views

EUVD-2023-60077

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

6.1AI score0.00162EPSS
Exploits0References5
NVD
NVD
added 2025/12/08 2:15 a.m.6 views

CVE-2023-53751

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its access outside reconnect path as well and then prevent any potential...

0.00162EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2023-53751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cifs: fix potential use-after-free bugs in TCPServerInfo::hostname TCPServerInfo::hostname may be updated once or many times during reconnect, so protect its...

6AI score0.00162EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 1:49 p.m.5 views

EUVD-2025-32856

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS6.3AI score0.00344EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/07 1:49 p.m.14 views

CVE-2025-53476

A denial of service vulnerability exists in the ModbusTCP server functionality of OpenPLC v3 a931181e8b81e36fadf7b74d5cba99b73c3f6d58. A specially crafted series of network connections can lead to the server not processing subsequent Modbus requests. An attacker can open a series of TCP connectio...

5.3CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added 2025/10/07 1:49 p.m.16 views

CVE-2025-53476

OpenPLC_v3 is affected by CVE-2025-53476 due to a DoS in the ModbusTCP server. A crafted sequence of TCP connections can exhaust the server’s file descriptors, causing the server to be unable to process subsequent Modbus requests. TALOS details the vulnerability in OpenPLC_v3, including the waitF...

5.3CVSS6.4AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-13802

Malware in sbrugna...

7.5CVSS7.4AI score0.02268EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-3932

Malware in sbrugna...

8.8CVSS8.6AI score0.00879EPSS
Exploits1References3
Rows per page
Query Builder