Lucene search
+L

275 matches found

osv
osv
added 2 days ago4 views

SUSE-SU-2026:2989-1 Security update for the Linux Kernel (Live Patch 40 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise Kernel 5.14.21-150500.55.166 fixes various security issues The following security issues were fixed: - CVE-2026-31758: usb: usbtmc: Flush anchored URBs in usbtmcrelease bsc1264094. - CVE-2026-43037: ip6tunnel: clear skb2-cb in ip4ip6err bsc1265197. -...

9.8CVSS6.2AI score0.00563EPSS
Exploits4References23
cvelist
cvelist
added 6 days ago29 views

CVE-2026-54149 MaxKB MCP tool import validation bypass allows post-authentication remote code execution

MaxKB is an open-source AI assistant for enterprise. Prior to 2.10.0-lts, MaxKB tool import functionality in apps/tools/serializers/tool.py and MCP referencing mode in apps/application/chatpipeline/step/chatstep/impl/basechatstep.py do not consistently validate MCP transport type, allowing an...

8.8CVSS0.00384EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.8 views

PT-2026-56562

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An authenticated MQTT client can subscribe to the internal $MQTT.deliver.pubrel subject family. This action allows the client to bypass configured subscribe...

4.3CVSS6.1AI score0.00349EPSS
Exploits0References11
redhat
redhat
added 2026/06/22 10:59 a.m.26 views

kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg()

A flaw was found in the Linux kernel's Controller Area Network CAN ISO-TP isotp module. This vulnerability, known as a use-after-free, occurs when the system attempts to free a memory region while it is still being used. A local attacker could trigger this condition by sending a signal that...

7.8CVSS7AI score0.00104EPSS
Exploits0References5
nessus
nessus
added 2026/06/18 12:0 a.m.10 views

Siemens RUGGEDCOM RST2428P Incorrect Bitwise Shift of Integer (CVE-2025-40281)

In the Linux kernel, the following vulnerability has been resolved: sctp: prevent possible shift-out-of-bounds in sctptransportupdaterto syzbot reported a possible shift-out-of- bounds 1 Blamed commit added rtoalphamax and rtobetamax set to 1000. It is unclear if some sctp users are setting very...

5.9AI score0.00189EPSS
Exploits0References3
nvd
nvd
added 2026/06/12 4:16 p.m.17 views

CVE-2026-40677

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution...

7.7CVSS0.00435EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/05/28 4:2 a.m.15 views

CVE-2026-45865

A flaw was found in the Linux kernel's Message Control Transport Protocol MCTP over I2C Inter-Integrated Circuit implementation. A local attacker could exploit this vulnerability by performing I2C reads on an MCTP-I2C device. This could lead to the disclosure of uninitialized stack memory,...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References4
astralinux
astralinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: tipc: fixed a kernel panic that occurred when enabling a bearer. When enabling a bearer on a node, a kernel panic was observed: 4.498085 RIP: 0010:tipcmonprep+0x4e/0x130 tipc ... 4.520030 Call Trace: 4.520689 4.521236...

5.5CVSS5.4AI score0.00259EPSS
Exploits0References2
patchstack
patchstack
added 2026/05/18 5:0 p.m.17 views

NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport

NPM: dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport vulnerability discovered by ? in WordPress Npm dynoxide versions = 0.9.3, 0.9.13...

5.8AI score
Exploits0References4Affected Software1
redhatcve
redhatcve
added 2026/05/09 1:0 a.m.17 views

CVE-2026-43457

A flaw was found in the Linux kernel's Management Component Transport Protocol MCTP over I2C receive path. When the midev-allowrx flag is false, a newly allocated network buffer skb is not properly freed. This memory leak can lead to a gradual exhaustion of system memory, potentially allowing a...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References4
debiancve
debiancve
added 2026/05/08 2:22 p.m.8 views

CVE-2026-43455

In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key-lock in mctpflowprepareoutput mctpflowprepareoutput checks key-dev and may call mctpdevsetkey, but it does not hold key-lock while doing so. mctpdevsetkey and mctpdevreleasekey are annotated with...

5.5CVSS5.7AI score0.00114EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/05/08 12:0 a.m.16 views

PT-2026-39118

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the Linux kernel within the MCTP Management Component Transport Protocol I2C receive path. When the midev-allow rx variable is set to false, the newly allocated s...

5.8AI score0.00114EPSS
Exploits0References9
cnnvd
cnnvd
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the mctpflowprepareoutput function in the mctp route component. This function does not hold a...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
debiancve
debiancve
added 2026/05/01 2:15 p.m.6 views

CVE-2026-43029

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix soft lockup in mptcprecvmsg syzbot reported a soft lockup in mptcprecvmsg 0. When receiving data with MSGPEEK | MSGWAITALL flags, the skb is not removed from the skreceivequeue. This causes skwaitdata to always find...

7.5CVSS5.7AI score0.00329EPSS
Exploits0
vulnrichment
vulnrichment
added 2026/05/01 12:0 a.m.3 views

CVE-2026-37537

collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...

8.1CVSS5.9AI score0.0022EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/01 12:0 a.m.2 views

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

9.8CVSS5.9AI score0.00416EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/05/01 12:0 a.m.3 views

CVE-2026-37537

collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 2023-03-08 contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8t index = data0 - 1. When data0 sequence number from CAN frame is 0, index underflows...

8.1CVSS5.9AI score0.0022EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/05/01 12:0 a.m.9 views

Open SAE J1939 数字错误漏洞

Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles from the individual developer Daniel Mårtensson. Open SAE J1939 suffers from a numeric error vulnerability that stems from an integer underflow in the SAEJ1939ReadTransportProtocolDataTransfer function, which allow...

9.8CVSS5.9AI score0.00416EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/01 12:0 a.m.6 views

CVE-2026-37534

Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe 2025-11-30 in SAEJ1939ReadTransportProtocolDataTransfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame...

5.9AI score0.00416EPSS
Exploits0References2
cve
cve
added 2026/05/01 12:0 a.m.18 views

CVE-2026-37535

OpenXC isotp-c (up to commit 5a5d19245f65189202719321facd49ce6f5d46ac, 2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler. The 4‑bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious C...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References3
Rows per page
Query Builder