Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3037 matches found

NVD
NVDadded 2026/04/03 4:16 p.m.3 views

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

8.6CVSS0.00375EPSS
Exploits0References8
UbuntuCve
UbuntuCveadded 2026/04/03 4:16 p.m.2 views

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

8.6CVSS5.7AI score0.00375EPSS
Exploits0References8
OSV
OSVadded 2026/04/03 4:16 p.m.1 views

UBUNTU-CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

8.6CVSS5.7AI score0.00375EPSS
Exploits0References9
ATTACKERKB
ATTACKERKBadded 2026/04/03 3:15 p.m.3 views

CVE-2026-23457

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix Content-Length u32 truncation in siphelptcp siphelptcp parses the SIP Content-Length header with simplestrtoul, which returns unsigned long, but stores the result in unsigned int clen. On 64-bit...

5.7AI score0.00375EPSS
Exploits0References9Affected Software1
CVE
CVEadded 2026/04/03 3:15 p.m.16 views

CVE-2026-23457

CVE-2026-23457 affects the Linux kernel netfilter nf_conntrack_sip parser (sip_help_tcp). The issue arises from parsing the SIP Content-Length header: the code uses simple_strtoul() return value (unsigned long) but stores it in an unsigned int clen, allowing truncation on 64-bit systems when Cont...

8.6CVSS5.7AI score0.00375EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/03 12:0 a.m.7 views

PT-2026-30151

Name of the Vulnerable Software and Affected Versions The Linux kernel affected versions not specified Description A flaw exists in the sip help tcp function within the netfilter module. This function parses the SIP Content-Length header using simple strtoul, which returns an unsigned long, but...

8.6CVSS5.3AI score0.00443EPSS
Exploits0References47
NVD
NVDadded 2026/04/02 8:16 p.m.0 views

CVE-2026-34840

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS0.00264EPSS
Exploits1References3
Cvelist
Cvelistadded 2026/04/02 6:52 p.m.31 views

CVE-2026-34840 OneUptime SSO: Multi-Assertion Identity Injection via Decoupled Signature Verification

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS0.00264EPSS
Exploits1References3
EUVD
EUVDadded 2026/04/02 6:52 p.m.2 views

EUVD-2026-18533

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation App/FeatureSet/Identity/Utils/SSO.ts has decoupled signature verification and identity extraction. isSignatureValid verifies the first element in the XML DOM using...

8.1CVSS5.9AI score0.00264EPSS
Exploits1References3
CVE
CVEadded 2026/04/02 6:52 p.m.6 views

CVE-2026-34840

CVE-2026-34840 – OneUptime SSO (SAML) decoupled signature verification . Prior to 10.0.42, OneUptime’s SSO.ts uses isSignatureValid() to verify only the first in the XML DOM with xml-crypto while getEmail() reads identity from assertion[0] via xml2js, enabling an attacker to prepend an unsigned ...

8.1CVSS5.9AI score0.00264EPSS
Exploits1References3Affected Software1
OSV
OSVadded 2026/04/02 12:19 a.m.6 views

OSV-2026-505 UNKNOWN READ in unsigned int Assimp::StreamReader<true, true>::Get<unsigned int>

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=498284131 Crash type: UNKNOWN READ Crash state: unsigned int Assimp::StreamReader::Get void Assimp::Blender::ConvertDispatcher void Assimp::Blender::Structure::ReadField...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/02 12:0 a.m.2 views

PT-2026-29882

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.42 Description OneUptime, an open-source monitoring and observability platform, had a flaw in its SAML SSO implementation located in App/FeatureSet/Identity/Utils/SSO.ts. The issue stemmed from a separation...

8.1CVSS5.9AI score0.00264EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2026/04/01 11:1 p.m.1 views

CVE-2026-34550

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccProfLib/IccIO.cpp caused by an implicit conversion from a negative signed integer to sizet unsigned, which changes the value. Th...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/04/01 11:0 p.m.2 views

CVE-2026-34548

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References1
Malwarebytes
Malwarebytesadded 2026/04/01 2:27 p.m.4 views

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop...

5.9AI score
Exploits0
EUVD
EUVDadded 2026/03/31 10:12 p.m.6 views

EUVD-2026-17715

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in IccProfLib/IccIO.cpp caused by an implicit conversion from a negative signed integer to sizet unsigned, which changes the value. Th...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3
CVE
CVEadded 2026/03/31 10:11 p.m.6 views

CVE-2026-34549

iccDEV contains an Undefined Behavior in IccUtil.cpp caused by invalid left shift on icUInt32Number when processing a crafted ICC profile. Affects versions prior to 2.3.1.6; the issue is fixed in 2.3.1.6. Public references indicate the UB is reported under UndefinedBehaviorSanitizer. There is no ...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2026/03/31 10:9 p.m.19 views

CVE-2026-34548 iccDEV: UB at IccUtilXml.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...

6.2CVSS0.00159EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2026/03/31 10:9 p.m.2 views

CVE-2026-34548 iccDEV: UB at IccUtilXml.cpp

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is an Undefined Behavior UB condition in the XML conversion tooling path iccToXml caused by an implicit conversion from a negative signed integer to icUInt32Number unsigned...

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3
CVE
CVEadded 2026/03/31 10:9 p.m.6 views

CVE-2026-34548

iccDEV contains an Undefined Behavior (UB) in the XML conversion tool path (iccToXml) caused by an implicit conversion from a negative signed integer to icUInt32Number, leading to value changes prior to version 2.3.1.6. The issue is patched in version 2.3.1.6.

6.2CVSS5.8AI score0.00159EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder