Lucene search
K

162546 matches found

CVE
CVE
added 2026/06/03 3:49 p.m.16 views

CVE-2026-46261

CVE-2026-46261 relates to the Linux kernel wpcm-fiu SPI driver. The issue is a potential NULL pointer dereference when platform_get_resource_byname() returns NULL, if the NULL is dereferenced by resource_size(). The patch moves the fiu->memory_size assignment to occur after the error check for...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/03 3:49 p.m.17 views

CVE-2026-46260

The CVE-2026-46260 entry is supported by multiple connected sources detailing a kernel IPv6 out-of-bounds read when creating an IPv6 route with RTA_NH_ID, due to fib6_info not containing trailing fib6_nh and an unsafe read of iter->fib6_nh. The fix adds a check of iter->nh before dereferenc...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/03 3:25 p.m.8 views

kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err()

A flaw was found in the Linux kernel's IPv6 tunnel implementation. A remote attacker could exploit this flaw by sending malicious ICMPv6 error messages to cause a stack-based buffer overflow in the kernel's IPv4-over-IPv6 tunnel error handling code. This could result in a kernel crash denial of...

9.8CVSS6.4AI score0.00563EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/03 3:25 p.m.9 views

kernel: smb: client: validate the whole DACL before rewriting it in cifsacl

A flaw was found in the Linux kernel's Server Message Block SMB client, specifically within the cifsacl functionality. A malicious SMB server could provide a malformed Discretionary Access Control List DACL that claims to contain more Access Control Entries ACEs than are actually present. This...

8.8CVSS5.8AI score0.00259EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/03 3:6 p.m.11 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6AI score0.00134EPSS
Exploits1References1
EUVD
EUVD
added 2026/06/03 3:6 p.m.14 views

EUVD-2026-34104

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6.6AI score0.00134EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:6 p.m.5 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS6.6AI score0.00134EPSS
Exploits1References2
CVE
CVE
added 2026/06/03 3:6 p.m.24 views

CVE-2026-6657

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

8.8CVSS6.6AI score0.00134EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 3:6 p.m.43 views

CVE-2026-6657 CORS Origin Validation Bypass in jupyter-server

A vulnerability in jupyter-server versions 1.12.0 through 2.17.0 allows an attacker to bypass CORS origin validation when the alloworiginpat configuration is used. The issue arises from the use of re.match for validating the Origin header, which only anchors at the start of the string. This allow...

6.1CVSS0.00134EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2026/06/03 2:28 p.m.8 views

net/url: Incorrect parsing of IPv6 host literals in net/url

The Go standard library function net/url.Parse insufficiently validated the host/authority component and accepted some invalid URLs by effectively treating garbage before an IP-literal as ignorable. The function should have rejected this as invalid...

7.5CVSS5.8AI score0.00728EPSS
Exploits0References8
NVD
NVD
added 2026/06/03 2:16 p.m.14 views

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS0.00335EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 2:16 p.m.5 views

DEBIAN-CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.5AI score0.00335EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 2:16 p.m.13 views

CVE-2025-70101

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

6.5CVSS0.0028EPSS
Exploits1References4
OSV
OSV
added 2026/06/03 2:16 p.m.6 views

UBUNTU-CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

7.5CVSS5.2AI score0.00335EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/06/03 2:14 p.m.78 views

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

No d...

10CVSS7AI score0.99999EPSS
Exploits347
Snyk
Snyk
added 2026/06/03 1:41 p.m.12 views

CRLF Injection

Overview laravel/framework is a PHP framework for web artisans. Affected versions of this package are vulnerable to CRLF Injection in the validateEmail function, and Address.php, which are used by the default email rule. An attacker can modify outbound email contents by injecting malicious string...

6.9CVSS5.5AI score0.00048EPSS
Exploits0References2
OSV
OSV
added 2026/06/03 1:30 p.m.8 views

HSEC-2026-0008 crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints

crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...

9.1CVSS5.9AI score0.00223EPSS
Exploits0References2
NVD
NVD
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS0.00494EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.14 views

CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 1:16 p.m.18 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
Rows per page
Query Builder