Lucene search
K

771 matches found

OSV
OSV
added 2026/05/05 9:11 p.m.6 views

CLSA-2026-1777558504 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

7.8CVSS6.8AI score0.01842EPSS
Exploits10References1
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.9 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Exim vulnerabilities (USN-8228-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8228-1 advisory. It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possib...

9.8CVSS6.3AI score0.00373EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/05/04 11:50 a.m.12 views

USN-8228-1: Exim vulnerabilities

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...

9.8CVSS6.2AI score0.00373EPSS
Exploits0
OSV
OSV
added 2026/05/04 11:50 a.m.7 views

USN-8228-1 exim4 vulnerabilities

It was discovered that Exim incorrectly handled parsing malformed JSON in message headers. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2026-40685 It was discovered that Exim incorrectly handled processing of UTF-8 trailing characters. A remote attacker could...

9.8CVSS6AI score0.00373EPSS
Exploits0References4
OSV
OSV
added 2026/05/02 1:13 a.m.6 views

CLSA-2026-1777544831 libarchive: Fix of CVE-2021-31566

CVE-2021-31566: extend backport with upstream 8a1bd5c and ede459d2 to close the trailing-slash variant of the fixup-list symlink-follow attack...

7.8CVSS6.8AI score0.00366EPSS
Exploits0References1
OSV
OSV
added 2026/04/30 10:41 a.m.5 views

CLSA-2026-1777545655 vim: Fix of 10 CVEs

CVE-2021-3928: in suggesttriewalk only credit a non-word-char boundary with SCORENONWORD when preword is non-empty, so spell suggestions do not read uninitialized memory behind preword. - CVE-2021-3974: in nfaregmatch NFAMARK / NFAMARKGT / NFAMARKLT, save reginput - regline and re-fetch regline...

7.8CVSS6.8AI score0.01842EPSS
Exploits10References1
OSV
OSV
added 2026/04/30 9:18 a.m.6 views

CLSA-2026-1777540724 cups: Fix of CVE-2023-4504

CVE-2023-4504: fix heap-based buffer overflow in cups raster-interpret PPD PostScript scanner; scanps in filter/interpret.c now returns NULL on a lone trailing backslash escape sequence rather than reading past the buffer terminator...

7CVSS6AI score0.00663EPSS
Exploits2References1
CVE
CVE
added 2026/04/30 12:0 a.m.17 views

CVE-2026-40686

CVE-2026-40686 affects Exim before 4.99.2 when utf8 operators are enabled. The vulnerability is an out-of-bounds read triggered by large UTF-8 trailing characters in malformed UTF-8 header data, with the potential for information disclosure via an error message produced during handling of an unre...

5.3CVSS5.1AI score0.00246EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/29 12:0 p.m.5 views

CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

5.3CVSS6AI score0.00246EPSS
Exploits0References3
OSV
OSV
added 2026/04/29 12:0 p.m.3 views

UBUNTU-CVE-2026-40686

In Exim before 4.99.2, when utf8 operators are enabled, there is an out-of-bounds read if large UTF-8 trailing characters are present malformed UTF-8 header data. Information might be divulged within an error message produced during handling of an unrelated e-mail message...

5.3CVSS6AI score0.00246EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/28 12:31 a.m.10 views

Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

6.9CVSS5.7AI score0.00251EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/28 12:31 a.m.11 views

GHSA-F5FM-9JMP-C88R Duplicate Advisory: OpenClaw: Trailing-dot localhost CDP hosts could bypass remote loopback protections

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fh32-73r9-rgh5. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing...

6.9CVSS5.8AI score0.00251EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 12:16 a.m.8 views

CVE-2026-41372

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS0.00251EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/27 11:24 p.m.7 views

EUVD-2026-25952

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS5.3AI score0.00251EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/27 11:24 p.m.31 views

CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS0.00251EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/27 11:24 p.m.5 views

CVE-2026-41372 OpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP Discovery

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS5.3AI score0.00251EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 11:24 p.m.14 views

CVE-2026-41372

Technical details such as affected products, versions, root cause, and remediation are not publicly available in the provided documents. Monitor for updates from NVD, CVE lists, and vendor advisories.

6.9CVSS5.3AI score0.00251EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:24 p.m.2 views

CVE-2026-41372

OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose...

6.9CVSS5.3AI score0.00251EPSS
Exploits0References4
OSV
OSV
added 2026/04/27 4:25 p.m.5 views

CLSA-2026-1777307149 libarchive: Fix of CVE-2021-31566

CVE-2021-31566: extend backport with upstream 8a1bd5c and ede459d2 to close the trailing-slash variant of the fixup-list symlink-follow attack...

7.8CVSS7.1AI score0.00366EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:9 a.m.6 views

xfrm: clear trailing padding in build_polexpire()

...

5.5CVSS5.8AI score0.00114EPSS
Exploits0
Rows per page
Query Builder