Lucene search
+L

3080 matches found

Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-60047

Impact read character string and read string in src/zeroconf/ protocol/incoming.py sliced self.dataself.offset : self.offset + length and advanced self.offset by the declared length without checking it against self. data len. Python's slice silently returns fewer bytes when the end index runs pas...

6.5CVSS6.1AI score0.00318EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/07/10 9:29 p.m.6 views

CVE-2026-47261

A flaw was found in Wasmtime, a runtime for WebAssembly. This vulnerability allows an attacker to bypass intended access controls when a filesystem preopen is configured with read-only file permissions but also allows directory mutations. By using specific open flags, an attacker can truncate fil...

7.5CVSS6AI score0.00357EPSS
Exploits0References8
CVE
CVE
added 2026/07/10 8:42 p.m.13 views

CVE-2026-34196

CVE-2026-34196 concerns GPU-driver code: when non-privileged software makes improper GPU system calls, an integer overflow can cause two GPU virtual addresses to map to the same physical page. After freeing the first mapping and the physical page, the second mapping can be used to read/write to m...

7.8CVSS6.1AI score0.00118EPSS
Exploits0References1
OSV
OSV
added 2026/07/10 9:36 a.m.2 views

OPENSUSE-SU-2026:21297-1 Security update for uriparser

This update for uriparser fixes the following issues - CVE-2026-42371: numeric truncation in text range comparison when an application accepts URIs with a length in gigabytes bsc1262999. - CVE-2026-44927: truncation of ptrdifft to int in various places bsc1264578. - CVE-2026-44928: function famil...

5.3CVSS6.1AI score0.00211EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/07/10 12:0 a.m.15 views

EulerOS 2.0 SP12 : kernel (EulerOS-SA-2026-2595)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Input: alps - fix use-after-free bugs caused by dev3registerworkCVE-2025-68822 ext4: reject mount if bigalloc with sfirstdatablock !=...

9.8CVSS6.9AI score0.0138EPSS
Exploits15References167
OSV
OSV
added 2026/07/07 12:32 p.m.2 views

SUSE-SU-2026:22566-1 Security update for jq

This update for jq fixes the following issues: - CVE-2025-48060: improper handling of string data in jvstringempty can lead to heap buffer overflow and a crash when processing crafted input bsc1244116. - CVE-2026-32316: integer overflow within the jvpstringappend and jvpstringcopyreplacebad...

8.7CVSS6.3AI score0.00559EPSS
Exploits10References23
OSV
OSV
added 2026/07/02 3:40 p.m.8 views

GHSA-XWW8-GQVH-92X9 OpenClaw: Exec approval display truncation could hide the command being approved

Summary OpenClaw exec approvals could show a shortened command in the approval UI while keeping the full original command for execution. For very long commands, an approver could see and approve a benign-looking prefix while a hidden suffix remained part of the command that would run after...

8CVSS5.8AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.18 views

PT-2026-54046

Name of the Vulnerable Software and Affected Versions ImageMagick versions prior to 7.1.2-24 Description An incorrect policy check allows remote attackers to bypass path policy restrictions in sandboxed conversion services. This flaw enables the creation or truncation of files that are disallowed...

7.1CVSS5.9AI score0.00226EPSS
Exploits1References23
RedHat Linux
RedHat Linux
added 2026/06/29 3:13 p.m.12 views

gnutls: gnutls: Authentication Bypass via NUL Character in Username

A flaw was found in gnutls. Servers configured with RSA-PSK Rivest–Shamir–Adleman – Pre-Shared Key wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass...

9.8CVSS5.8AI score0.0105EPSS
Exploits0References5
OSV
OSV
added 2026/06/29 5:48 a.m.7 views

BIT-NODE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS7.1AI score0.00405EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/29 4:39 a.m.10 views

CVE-2026-53923

A flaw was found in vLLM. Integer truncation of tensor dimensions in vLLM's GGUF dequantize kernels leads to partial tensor processing. This results in the output tensor retaining previously used GPU memory, which, in multi-tenant inference deployments, can expose sensitive tensor data from other...

7.5CVSS5.7AI score0.00281EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53202

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware- supplied datasize is cast to signed int before being used...

7.8CVSS6.2AI score0.00153EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iomap: avoid potential null folio-mapping deref during error reporting When a buffered read fails, iomapfinishfolioread reports the error with...

7.5CVSS5.3AI score0.00359EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-53133

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/umem: Fix truncation for block sizes = 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across...

7.8CVSS6AI score0.00129EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:11 a.m.7 views

RDMA/umem: Fix truncation for block sizes >= 4G

...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
NVD
NVD
added 2026/06/26 2:16 a.m.11 views

CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS0.00405EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 2:16 a.m.6 views

ALPINE-CVE-2026-48930

A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

9.8CVSS6.2AI score0.00405EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/26 2:13 a.m.7 views

SUSE CVE-2026-53015

In the Linux kernel, the following vulnerability has been resolved: erofs: unify lcn as u64 for 32-bit platforms As sashiko reported 1, lcn was typed as unsigned long or unsigned int sometimes, which is only 32 bits wide on 32-bit platforms, which causes lcn lclusterbits to be truncated at 4 GiB...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/26 2:10 a.m.8 views

SUSE CVE-2026-53202

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix signed integer truncation in IPC receive Fix potential buffer overflow where firmware-supplied datasize is cast to signed int before being used in mint. Large unsigned values = 0x80000000 become negative, causing...

7.8CVSS6AI score0.00153EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/26 2:8 a.m.8 views

DNS Rebinding

Overview Affected versions of this package are vulnerable to DNS Rebinding in dns.lookup lib/dns.js and lookupAndConnect lib/net.js, which forward a hostname containing an embedded NUL byte to the native resolver bindings where the C string is truncated at the first NUL. An attacker can cause an...

9.8CVSS6.8AI score0.00405EPSS
Exploits0References2
Rows per page
Query Builder