Lucene search
K

923 matches found

CVE
CVE
added 2026/05/27 12:57 p.m.29 views

CVE-2026-46051

CVE-2026-46051 affects the Linux kernel's MD RAID5 path. The vulnerability arises when retry_aligned_read() encounters an overlapped stripe and releases it via raid5_release_stripe(), placing it on the released_stripes list. In a subsequent raid5d loop, release_stripe_list() drains the stripe ont...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/05/27 11:53 a.m.17 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.20 views

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2026-1743)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1743 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.6AI score0.00813EPSS
Exploits0References22
Cvelist
Cvelist
added 2026/05/26 7:40 p.m.38 views

CVE-2026-44837 view_component: System Test Entry Point Path Check Allows Sibling Directory Escape

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS0.00412EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 7:40 p.m.13 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

5.9CVSS5.8AI score0.00412EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/26 7:40 p.m.9 views

CVE-2026-44837

viewcomponent is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. From 3.0.0 to 4.9.0, the system test entrypoint canonicalizes a user-controlled file path with File.realpath, then checks whether the resolved path starts with the temp directory path...

7.5CVSS5.8AI score0.00412EPSS
Exploits1
OSV
OSV
added 2026/05/26 2:54 p.m.15 views

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
EUVD
EUVD
added 2026/05/26 6:39 a.m.17 views

EUVD-2026-31797

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS5.8AI score0.00105EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.13 views

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the incorrect default...

8.5CVSS5.8AI score0.00105EPSS
Exploits0References1
Amazon
Amazon
added 2026/05/26 12:0 a.m.28 views

Important: golang

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.6AI score0.00813EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:9 p.m.11 views

Malicious code in @service-user-notifications/set_notifications_not_removable (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a890f1cd8313de802c1425ca5603b7d1fabaf84cb1e47b582a4633dae34ccf14 On npm install, scripts/postinstall.js fetches a platform-specific binary from https://oob.moika.tech/payload/linux|mac|win, writes it to a hidden te...

6.5AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/25 6:8 p.m.14 views

Malicious code in @service-suppliers/set_selected_supplier (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector eba319282947a6dfb83a31cec6127e62594cc16160bd9c74cee3feee349c4b07 The postinstall hook in scripts/postinstall.js performs two independently-blocking actions on every npm install. First, it scrapes installer-side...

6AI score
Exploits0References2
OSV
OSV
added 2026/05/25 7:35 a.m.6 views

CLSA-2026-1779579653 thunderbird: Fix of 4 CVEs

CVE-2024-0742: assertion failure in nsPresContext::UserInputEventsAllowed Document::SetIsInitialDocument sticky-bit - CVE-2025-2830: path traversal via malformed attachment filename in multipart message directory guard in MimePart.fetchAttachment + mimedrft.cpp - CVE-2025-3909: predictable...

8.1CVSS6.7AI score0.00596EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/24 3:12 p.m.20 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.4.18 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

9.8CVSS6.6AI score0.00312EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/24 3:8 p.m.21 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 3.2.26 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

9.8CVSS6.6AI score0.00344EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/24 3:4 p.m.15 views

Security Bulletin: Multiple Vulnerabilities in IBM Library Support for Spring

Summary Multiple vulnerabilities were addressed in IBM Library Support for Spring 2.7.38 Vulnerability Details CVEID:CVE-2026-40972 DESCRIPTION: An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In...

9.8CVSS6.6AI score0.00344EPSS
Exploits0Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 4:50 p.m.11 views

Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/22 4:50 p.m.8 views

MAL-2026-4646 Malicious code in prisma-client-python (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ba0c0f6a1d1bdb5bffb45ca56fb99b8084fba921cc7689b6e8913c0436fe392 The package's CLI flow ppy generate reads dist/index.enc, a 346 KB AES-encrypted blob, decrypts it using a key extracted from dist/key.enc substring...

6AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

7.5CVSS6.8AI score0.08235EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fixed the boundary conditions in interpolation. The functions powersupplytemp2resistsimple and powersupplyocv2capsimple incorrectly handle boundary conditions. This issue was introduced in the code change...

7.8CVSS6.2AI score0.0026EPSS
Exploits0References2
Rows per page
Query Builder