Lucene search
+L

63 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/30 4:20 p.m.5 views

CVE-2026-10653

The Zephyr netbuf library lib/netbuf/buf.c manipulated both of its reference counts -- the per-header buf-ref and the per-data-block refcount at the start of each variable/heap data allocation -- with plain non-atomic C operators buf-ref++, if --buf-ref 0, if --refcount. The API is documented as...

8.1CVSS6AI score0.00237EPSS
Exploits1References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.25 views

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_ResumeParser from within handlers in cases of a policy violation. Thus, a use-after-free can occur (similar to the CVE-2026-50219 situation).

...

5.9CVSS5.8AI score0.00218EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/21 3:58 p.m.34 views

CVE-2026-56412

libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in cases of a policy violation. Thus, a use-after-free can occur. NOTE: this issue exists because of an incomplete fix for CVE-2026-50219...

4.9CVSS0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.8 views

CVE-2026-46183

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree with damonsysfslock damonsysfsquotgoal-path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters on,offline committing to...

5.8AI score0.0012EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/27 8:57 a.m.11 views

BIT-RUBY-2026-46727

An issue was discovered in Ruby 4 before 4.0.5. A race condition leading to a use-after-free in the pthread-based getaddrinfo timeout handler rbgetaddrinfo in ext/socket/raddrinfo.c allows a remote attacker who can delay DNS responses near the user-specified timeout to crash a Ruby process that...

8.1CVSS5.8AI score0.00478EPSS
Exploits0References3
Hacker One
Hacker One
added 2026/05/20 7:31 p.m.8 views

curl: CVE-2026-10536: HTTP/2 stream-dependency tree UAF

Use-after-free in curleasyreset with HTTP/2 stream-dependency tree Hi all, We've found an issue in lib/easy.c where curleasyreset bypasses dataprioritycleanup before clearing data-set, leaving the HTTP/2 stream-dependency tree with dangling pointers to the reset handle. The current curleasyreset ...

9.8CVSS5.8AI score0.00891EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: can: peakpci: peakpciremove: fixed UAF. When removing the peekpci module, referencing chan again after releasing dev can lead to UAF. This issue was fixed by delaying the release of dev. The following log indicates this issue:...

8.4CVSS6.1AI score0.00236EPSS
Exploits0References2
NVD
NVD
added 2026/05/06 12:16 p.m.6 views

CVE-2026-43237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

7.8CVSS0.00124EPSS
Exploits0References3
OSV
OSV
added 2026/05/01 2:15 p.m.2 views

CVE-2026-43027 netfilter: nf_conntrack_helper: pass helper to expect cleanup

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrackhelper: pass helper to expect cleanup nfconntrackhelperunregister calls nfctexpectiteratedestroy to remove expectations belonging to the helper being unregistered. However, it passes NULL instead of the help...

7.8CVSS6AI score0.00131EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.13 views

MiracleLinux 9 : thunderbird-140.9.1-1.el9_7.ML.1 (AXSA:2026-483:08)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-483:08 advisory. libpng: libpng: Arbitrary code execution due to use-after-free vulnerability CVE-2026-33416 libpng: libpng: Information disclosure and denial of...

9.8CVSS6.6AI score0.01052EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Mozilla Thunderbird < 140.10

The version of Thunderbird installed on the remote Windows host is prior to 140.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-34 advisory. - Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10...

9.8CVSS5.9AI score0.04938EPSS
Exploits1References26
RedHat Linux
RedHat Linux
added 2026/04/08 5:18 a.m.6 views

freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface

A heap buffer use after free has been discovered in FreeRDP. urbselectinterface can free the device's MS config on error but later code still dereferences it, leading to a use after free in libusbudevselectinterface...

8.7CVSS6AI score0.00467EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:15 p.m.9 views

CVE-2026-23428

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of shareconf in compound request smb2getksmbdtcon reuses work-tcon in compound requests without validating tcon-tstate. ksmbdtreeconnlookup checks tstate == TREECONNECTED on the initial lookup path, but...

5.7AI score0.00331EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/04/03 3:15 p.m.2 views

CVE-2026-23428 ksmbd: fix use-after-free of share_conf in compound request

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of shareconf in compound request smb2getksmbdtcon reuses work-tcon in compound requests without validating tcon-tstate. ksmbdtreeconnlookup checks tstate == TREECONNECTED on the initial lookup path, but...

9.8CVSS6.6AI score0.00331EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.29 views

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2026-1280)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrlCVE-2025-40261 cifs: fix session state check in reconnect to avoid use-after-free...

7.8CVSS6.9AI score0.00519EPSS
Exploits7References407
OSV
OSV
added 2026/03/09 5:48 p.m.3 views

MGASA-2026-0052 Updated rootcerts, nss & firefox packages fix security vulnerabilities

Incorrect boundary conditions in the WebRTC: Audio/Video component. CVE-2026-2757 Use-after-free in the JavaScript: GC component. CVE-2026-2758 Incorrect boundary conditions in the Graphics: ImageLib component. CVE-2026-2759 Sandbox escape due to incorrect boundary conditions in the Graphics:...

10CVSS5.8AI score0.00604EPSS
Exploits0References5
OSV
OSV
added 2026/03/04 1:15 p.m.6 views

UBUNTU-CVE-2026-23231

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix use-after-free in nftablesaddchain nftablesaddchain publishes the chain to table-chains via listaddtailrcu in nftchainadd before registering hooks. If nftablesregisterhook then fails, the error path calls...

7.8CVSS5.7AI score0.00788EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000589)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000589 advisory. Use-after-free vulnerability in the pathopenat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or...

4.6CVSS7.2AI score0.00436EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.2 views

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004752)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004752 advisory. The root cause of this vulnerability is that the ioctl$DRMIOCTLMODEDESTROYDUMB can decrease refcount of drmvgemgemobject created in vgemgemdumbcreate concurrently, a...

7.8CVSS6.8AI score0.00294EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.9 views

TencentOS Server 3: webkit2gtk3 (TSSA-2025:0999)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0999 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS8.5AI score0.32483EPSS
Exploits8References7
Rows per page
Query Builder