Lucene search
+L

13332 matches found

CVE
CVE
added 56 minutes ago1 views

CVE-2026-64086

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/adm1266 include PEC byte in pmbusblockxfer read buffer adm1266pmbusblockxfer sets up the read transaction with .buf = data-readbuf, .len = ADM1266PMBUSBLOCKMAX + 2, but readbuf in struct adm1266data is declared as u8...

Exploits0References8
CVE
CVE
added 1 hour ago2 views

CVE-2026-63928

In the Linux kernel, the following vulnerability has been resolved: USB: serial: omninet: fix memory corruption with small endpoint Make sure that the bulk-out buffers are at least as large as the hardcoded transfer size to avoid user-controlled slab corruption should a malicious device report a...

5.6AI score
Exploits0References8
CVE
CVE
added 1 hour ago2 views

CVE-2026-63900

In the Linux kernel, the following vulnerability has been resolved: USB: serial: keyspan: fix missing indat transfer sanity check Add the missing sanity check on the size of usa49wg indat transfers to avoid parsing stale or uninitialised slab data...

5.4AI score
Exploits0References8
CVE
CVE
added 1 hour ago3 views

CVE-2026-63898

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mctu232: fix memory corruption with small endpoint The driver overrides the maximum transfer size for a specific device which only accepts 16 byte packets for its 32 byte bulk-out endpoint. Make sure to never increas...

5.6AI score
Exploits0References8
CVE
CVE
added 1 hour ago6 views

CVE-2026-63897

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mctu232: fix missing interrupt-in transfer sanity check Add the missing sanity check on the size of interrupt-in transfers to avoid parsing stale or uninitialised slab data and leaking it to user space...

5.4AI score
Exploits0References8
Nuclei
Nuclei
added 13 hours ago34 views

Apache2 - Transfer-Encoding Chunked XSS

Apache2 PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 contain a reflected cross-site scripting vulnerability caused by mishandling of chunked transfer-encoding requests in sapi/apache2handler/sapiapache2.c. Attackers can execute malicious scripts via crafted...

6.1CVSS6.5AI score0.04103EPSS
Exploits1References5
NVD
NVD
added yesterday7 views

CVE-2026-53994

ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...

7.7CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday31 views

CVE-2026-53994 ProFTPD mod_sftp Heap Buffer Overflow via Unsigned Integer Underflow and Size Truncation

ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...

7.7CVSS
Exploits0References3
EUVD
EUVD
added yesterday6 views

EUVD-2026-45396

ProFTPD modsftp contains a heap-based buffer overflow reachable by an authenticated SFTP user. The fxppacketread function accepts the attacker-supplied 32-bit big-endian SFTP packet length without a minimum sanity check. A value of 0 causes an unsigned subtraction elsewhere in the read path to...

7.7CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added 2 days ago38 views

CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS0.00362EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2 days ago9 views

CVE-2026-59252

Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer feepayer: true, the MPP.Methods.Tempo payment meth...

8.2CVSS5.9AI score0.00362EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2 days ago7 views

EEF-CVE-2026-59252 Missing gas_limit validation in mpp Tempo fee-payer enables wallet drain

Summary Improper Validation of Specified Quantity in Input in ZenHive mpp allows an unauthenticated remote client to drain the fee-payer wallet, resulting in denial of service for legitimate clients. When the mpp Elixir library is configured as fee payer fee\payer: true, the MPP.Methods.Tempo...

8.2CVSS6.1AI score0.00362EPSS
Exploits0References4
NCSC
NCSC
added 2 days ago12 views

Vulnerabilities in SAP-products

SAP has identified vulnerabilities in the following SAP NetWeaver Application Server ABAP, SAP Approuter, SAP Commerce Cloud, SAP NetWeaver Application Server Java, SAProuter, SAP Change and Transport System Attach Tool, SAP NetWeaver Enterprise Portal, SAP S/4HANA modules, SAP Fiori Launchpad, S...

9.9CVSS7.1AI score0.01339EPSS
Exploits7References1
NVD
NVD
added 2 days ago8 views

CVE-2026-41993

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS0.00108EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago11 views

EUVD-2026-45138

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS6.1AI score0.00108EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-41993

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS0.00108EPSS
Exploits0References1
CVE
CVE
added 2 days ago14 views

CVE-2026-41993

TXOne Networks CVE-2026-41993 involves an Improper Access Control in the Removable Media Validation function. A local attacker with administrator privileges can bypass the file lockdown mechanism, enabling unauthorized file transfers to the victim device. Affected versions: SafePortAgent prior to...

6.7CVSS6.1AI score0.00108EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2 days ago7 views

CVE-2026-41993

Improper Access Control vulnerability in the Removable Media Validation function of TXOne Networks products allows a local attacker with administrator privileges to bypass the file lockdown mechanism, resulting in unauthorized file transfer to the victim device. The attacker needs to deploy...

6.7CVSS6.1AI score0.00108EPSS
Exploits0References2Affected Software1
CVE
CVE
added 3 days ago10 views

CVE-2026-54340

CVE-2026-54340 affects the h2o HTTP server (HTTP/2) and describes an HTTP/2 state amplification issue where HPACK decompression amplification combines with Slowloris-style stream stalling. Amplified decoded header state can be retained by stalled HTTP/2 streams; depending on configuration, additi...

7.5CVSS6AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 3 days ago9 views

CVE-2026-44982

CrowdSec offers crowdsourced protection against malicious IPs. From 1.5.0 until 1.7.8, pkg/appsec/request.go NewParsedRequestFromRequest allocated a request body buffer from maxr.ContentLength, 0, so HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests without a content-length...

7.2CVSS0.00217EPSS
Exploits0References5
Rows per page
Query Builder