Lucene search
+L

1116 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: mm/hugetlb: restored global reservations to the subpool The commit a833a693a490 “mm: hugetlb: fixed incorrect fallback for the subpool” fixed an underflow error caused by incorrectly attributing globally requested pages to the...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: Added validation for the used length. This addition ensures that the used length is validated which may come from an untrusted device, to prevent data corruption or loss...

7.8CVSS6.2AI score0.0026EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Validated rec-used in the journal-replay file record check. The checkfilerecord function validates rec-total against the record size, but never validates rec-used. The doaction journal-replay handlers read rec-used from...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References1
OSV
OSV
added 2026/05/20 12:0 a.m.10 views

UBUNTU-CVE-2026-29518

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References6
OSV
OSV
added 2026/05/14 3:10 a.m.3 views

CVE-2026-46445

SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection...

7.1CVSS6AI score0.00239EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/13 6:30 p.m.13 views

EUVD-2026-29981

NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttpsslmodule module when the sslverifyclient directive is set to "on" or "optional," and the sslocsp directive is set to "on" or the leaf parameters are configured with a resolver. With this configuration, an unauthenticated attacke...

6.3CVSS5.8AI score0.00677EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 12:0 a.m.34 views

CVE-2026-31249

CosyVoice contains an insecure deserialization vulnerability (CWE-502) in its data processing tool make_parquet_list.py. The script loads PyTorch .pt files (utterance embeddings, speaker embeddings, speech tokens) with torch.load() without enabling weights_only=True, allowing the deserialization ...

7.3CVSS6.1AI score0.0021EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/08 5:13 p.m.14 views

EUVD-2026-27131

@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 5:13 p.m.19 views

@fastify/accepts-serializer Vulnerable to Denial of Service via Unbounded Accept Header Cache Growth

Impact @fastify/accepts-serializer cached serializer-selection results keyed by the request Accept header without a size limit or eviction policy. A remote unauthenticated client could send many distinct but matching Accept header variants to make the cache grow unbounded. Under sustained load,...

7.5CVSS5.8AI score0.00284EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.9 views

CVE-2026-43286

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 "mm: hugetlb: fix incorrect fallback for subpool" fixed an underflow error for hstate-resvhugepages caused by incorrectly attributing globally requeste...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 2:16 p.m.9 views

UBUNTU-CVE-2026-43286

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 "mm: hugetlb: fix incorrect fallback for subpool" fixed an underflow error for hstate-resvhugepages caused by incorrectly attributing globally requeste...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/08 1:11 p.m.44 views

CVE-2026-43286 mm/hugetlb: restore failed global reservations to subpool

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 "mm: hugetlb: fix incorrect fallback for subpool" fixed an underflow error for hstate-resvhugepages caused by incorrectly attributing globally requeste...

0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/05/08 1:11 p.m.22 views

CVE-2026-43286

The CVE-2026-43286 entry is resolved in the Linux kernel’s hugetlb subsystem (mm/hugetlb). A fix for an underflow in hstate->resv_huge_pages was introduced by commit a833a693a490 to correct fallback behavior for subpools, but it created a new issue where the subpool’s used_hpages could remain ...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/08 1:11 p.m.2 views

CVE-2026-43286 mm/hugetlb: restore failed global reservations to subpool

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 "mm: hugetlb: fix incorrect fallback for subpool" fixed an underflow error for hstate-resvhugepages caused by incorrectly attributing globally requeste...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.12 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the failure of global reserved pages and the incorrect adjustment of the usedhpages counter in...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the hugetlb memory management where failed global reservations are not correctly restored to the subpool. Specifically, when globally requested pages cannot be acquire...

5.8AI score0.00121EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/06 8:54 p.m.8 views

CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 8:54 p.m.31 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin for .NET (Zipkin exporter) has an unbounded remote endpoint cache in versions up to 1.15.2, where keys derived from span attributes can grow without bound in high-cardinality scenarios, leading to memory growth and degraded availability. The issue is addressed in ver...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:54 p.m.5 views

CVE-2026-41310

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/06 8:54 p.m.7 views

CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth

OpenTelemetry.Exporter.Zipkin is the .NET Zipkin exporter for OpenTelemetry. In versions 1.15.2 and earlier, the Zipkin exporter remote endpoint cache accepts unbounded key growth derived from span attributes. In high-cardinality scenarios, a process using Zipkin export for client or producer spa...

5.3CVSS6AI score0.00311EPSS
Exploits0References4
Rows per page
Query Builder