13332 matches found
CVE-2026-64086
In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/adm1266 include PEC byte in pmbusblockxfer read buffer adm1266pmbusblockxfer sets up the read transaction with .buf = data-readbuf, .len = ADM1266PMBUSBLOCKMAX + 2, but readbuf in struct adm1266data is declared as u8...
CVE-2026-63928
In the Linux kernel, the following vulnerability has been resolved: USB: serial: omninet: fix memory corruption with small endpoint Make sure that the bulk-out buffers are at least as large as the hardcoded transfer size to avoid user-controlled slab corruption should a malicious device report a...
CVE-2026-63900
In the Linux kernel, the following vulnerability has been resolved: USB: serial: keyspan: fix missing indat transfer sanity check Add the missing sanity check on the size of usa49wg indat transfers to avoid parsing stale or uninitialised slab data...
CVE-2026-63898
In the Linux kernel, the following vulnerability has been resolved: USB: serial: mctu232: fix memory corruption with small endpoint The driver overrides the maximum transfer size for a specific device which only accepts 16 byte packets for its 32 byte bulk-out endpoint. Make sure to never increas...
CVE-2026-63897
In the Linux kernel, the following vulnerability has been resolved: USB: serial: mctu232: fix missing interrupt-in transfer sanity check Add the missing sanity check on the size of interrupt-in transfers to avoid parsing stale or uninitialised slab data and leaking it to user space...
Apache2 - Transfer-Encoding Chunked XSS
Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...
CVE-2026-53994
ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...
CVE-2026-53994 ProFTPD mod_sftp Heap Buffer Overflow via Unsigned Integer Underflow and Size Truncation
ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...
EUVD-2026-45396
ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...
CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
CVE-2026-59252
Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...
EEF-CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain
Summary Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer fee\payer: true, the MPP.Methods.Tempo...
Vulnerabilities in SAP-products
SAP has identified vulnerabilities in the following SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, S...
CVE-2026-41993
Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...
EUVD-2026-45138
Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...
CVE-2026-41993
Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...
CVE-2026-41993
TXOne Networks CVE-2026-41993 involves an Improper Access Control in the Removable Media Validation function. A local attacker with administrator privileges can bypass the file lockdown mechanism, enabling unauthorized file transfers to the victim device. Affected versions: SafePortAgent prior to...
CVE-2026-41993
Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...
CVE-2026-54340
CVE-2026-54340 affects the h2o HTTP server (HTTP/2) and describes an HTTP/2 state amplification issue where HPACK decompression amplification combines with Slowloris-style stream stalling. Amplified decoded header state can be retained by stalled HTTP/2 streams; depending on configuration, additi...
CVE-2026-44982
CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from maxr.ContentLength, 0, so HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests without a content-length...