Lucene search
K

13308 matches found

OSV
OSV
added 2026/06/22 12:0 a.m.7 views

UBUNTU-CVE-2026-50195

Unknown description...

9.9CVSS5.8AI score0.00354EPSS
Exploits0References5
OSV
OSV
added 2026/06/22 12:0 a.m.5 views

UBUNTU-CVE-2026-53489

Unknown description...

8.2CVSS5.8AI score0.00208EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 9:16 a.m.11 views

CVE-2026-12788

A vulnerability was determined in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This vulnerability affects unknown code of the file /adpweb/a/base/barcodeDetail/import of the component XML Parser. This manipulation causes xml external entity reference. It is possible to...

6.5CVSS0.00237EPSS
Exploits0References5
NVD
NVD
added 2026/06/21 8:16 a.m.13 views

CVE-2026-12782

A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been...

8.5CVSS0.00109EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/21 7:30 a.m.9 views

EUVD-2026-38151

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. This affects an unknown part of the component testConnection Endpoint. The manipulation of the argument jdbcUrl results in deserialization. The attack may be performed from remote. The exploit has...

6.5CVSS6AI score0.00242EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.13 views

SUSE CVE-2026-48618

A flaw in Node.js TLS hostname handling can cause Node.js unicode dot separator handling can lead to tls wildcard-depth authentication bypass due to resolver and verifier hostname normalization mismat. This can lead to confidentiality impact or bypass of the intended security boundary under...

7.4CVSS7.1AI score0.00674EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.11 views

SUSE CVE-2026-48931

A flaw in Node.js HTTP Agent can cause a client to accept as valid a response that is send before the client has sent the request. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

3.7CVSS6.2AI score0.00371EPSS
Exploits1References7
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.12 views

SUSE CVE-2026-48933

A flaw in Node.js WebCrypto implementation can crash the process if the input of subtle.encrypt is a multiple of 2GiB. This vulnerability affects all supported release lines: Node.js 22, Node.js 24, and Node.js 26...

7.5CVSS7.1AI score0.0251EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.10 views

SUSE CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS6AI score0.00154EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.13 views

SUSE CVE-2026-54273

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, no limit was present on the number of pipelined requests that could be queued. An attacker may be able to use pipelined requests to use excessive amounts of memory, potentially leading to DoS. This...

7.5CVSS5.8AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:29 a.m.12 views

SUSE CVE-2026-54274

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, if an attacker sends large incomplete websocket frame payloads, it may be possible to bypass the usual size limits on memory use. This vulnerability is fixed in 3.14.1...

8.7CVSS5.8AI score0.00305EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.9 views

SUSE CVE-2026-54280

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to 3.14.1, payload resources are not closed correctly when a client disconnects in the middle of a write. If a payload is using an open file or similar limited resource, then an attacker may be able to cause...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.13 views

SUSE CVE-2026-54530

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/20 2:28 a.m.11 views

SUSE CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS5.8AI score0.00123EPSS
Exploits0References3
CVE
CVE
added 2026/06/19 7:28 p.m.36 views

CVE-2026-48772

ProxySQL (versions 2.0.0–3.0.8) is vulnerable to a PROXY protocol v1 UNKNOWN frame bypass. The frontend accepts the PROXY UNKNOWN header and, despite the spec requiring ignoring the address fields, ProxySQL parses them via sscanf and writes a spoofed source address into the session, feeding i...

10CVSS5.8AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 7:28 p.m.21 views

CVE-2026-48772 ProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACL

ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the PROXY UNKNOWN \r\n PP1 frame as a well-formed PROXY protocol header. The HAProxy PROXY protocol v1 specification says that when the protocol token is UNKNOW...

10CVSS0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:22 p.m.17 views

CVE-2026-48139

CVE-2026-48139 describes a NULL pointer dereference in NI grpc-device’s data moniker service that may allow a remote attacker to cause a denial of service by triggering a crash. Exploitation requires providing an unknown value to the data moniker service; affected versions are NI grpc-device 2.17...

8.7CVSS5.9AI score0.00343EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in snmptt

Before version 1.4.2 of SNMPTT, attackers could execute shell code through EXEC, PREXEC, or unknowntrapexec...

9.8CVSS7.9AI score0.02016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: caif: A memory leak has been fixed in cfctrllinkuprequest. When linktype is unknown, or kzalloc fails in cfctrllinkuprequest, pkt is not released. Add a release process to the error handling logic...

5.5CVSS5.9AI score0.00136EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ima: fixed a reference leak in asymmetricverify Do not leak a reference to the key if its algorithm is unknown...

5.5CVSS5.9AI score0.00268EPSS
Exploits0References2
Rows per page
Query Builder