Lucene search
K

162631 matches found

RedHat Linux
RedHat Linux
added 2026/06/03 7:49 a.m.5 views

crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation

A flaw was found in Go's crypto/x509 package. A remote attacker could exploit this by presenting a specially crafted certificate chain containing a large number of policy mappings. This inefficient validation process consumes excessive resources, which can lead to a denial of service DoS for...

7.5CVSS7.2AI score0.00349EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/03 3:28 a.m.12 views

Important: Red Hat Security Advisory: samba security update

An update for samba is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9.8CVSS5.9AI score0.12797EPSS
Exploits7References4
SUSE CVE
SUSE CVE
added 2026/06/03 2:23 a.m.15 views

SUSE CVE-2026-44740

Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...

7.5CVSS5.7AI score0.00295EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2026-34055

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
NVD
NVD
added 2026/06/03 12:16 a.m.17 views

CVE-2026-9732

The EmergencyWP – Dead Man's switch & legacy deliverance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the formsettingsui settings save handler, procedural include scope functio...

4.3CVSS0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/03 12:16 a.m.11 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS0.00208EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/03 12:0 a.m.10 views

EUVD-2025-210055

An out-of-bounds read in the ext4extbinsearchidx function in src/ext4extent.c of the lwext4 1.0.0 library allows attackers to cause a denial of service by supplying a specially crafted ext4 filesystem image. The vulnerability occurs due to insufficient validation of extent header fields before...

6.5CVSS5.8AI score0.0028EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-45939

Missing input validation in the rfapiRibBi2Ri function rfapi rib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score0.00335EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.5 views

CVE-2026-37460

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score0.00335EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-46267

Name of the Vulnerable Software and Affected Versions Net::CIDR::Set versions prior to 0.21 Description The software fails to validate IP addresses. The add function calls the encode function to parse addresses; if the input does not resemble netmasks or network ranges, it is treated as a single ...

7.5CVSS5.8AI score0.00329EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/03 12:0 a.m.25 views

EUVD-2026-34083

Missing input validation in the rfapiRibBi2Ri function rfapirib.c of FRRouting FRR stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service DoS via supplying a crafted BGP UPDATE message...

5.8AI score0.00335EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.9 views

RockyLinux 10 : galera and mariadb11.8 (RLSA-2026:19021)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:19021 advisory. MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSONSCHEMAVALID function vulnerability CVE-2026-32710 Tenable has extracted the preceding...

9.9CVSS5.9AI score0.00856EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.10 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : rsync vulnerabilities (USN-8349-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8349-1 advisory. Calum Hutton discovered that rsync contained a heap-based out-of-bounds read when handling file transfers. A remote...

8.1CVSS6AI score0.0078EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:0 a.m.7 views

CVE-2026-36460

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

5.8AI score0.0018EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.10 views

PT-2026-45962

crypton-x509-validation and crypton-x509 do not enforce X.509 Name Constraints The crypton-x509-validation and crypton-x509 libraries did not enforce the X.509 Name Constraints extension during certificate validation. The Name Constraints extension is a critical X.509 extension that restricts the...

5.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.11 views

PT-2026-45921

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.13 views

PT-2026-46100

Impact In versions = 1.5.0, = 2.74.1 Workarounds If upgrading is not immediately possible, avoid passing untrusted URLs into remote fetch functionality. References - Fix release: v2.74.1...

8.6CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.12 views

PT-2026-46083

Certain URLs passed to the redirect function can trigger an open redirect to an external domain depending on the level of validation done by the application prior to returning the redirect. !NOTE This does not impact your React Router application if you are using Declarative Mode...

8.7CVSS5.8AI score0.00162EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

lwext4 安全漏洞

lwext4 is an embedded library developed by Grzegorz Kostka for microcontrollers, which provides ext2/3/4 file systems. Version 1.0.0 of lwext4 contains a security vulnerability. This vulnerability stems from the lack of validation for lbsize in the ext4blocksetlbsize function, resulting in a zero...

5.5CVSS5.3AI score0.00155EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

MBS多款产品 输入验证错误漏洞

MBS Single-A and other products are a series of industrial communication gateways developed by the German company MBS. Several MBS products have a vulnerability related to input validation errors. This vulnerability stems from the insufficient input validation provided by the ugw-logstop method,...

8.1CVSS5.5AI score0.0037EPSS
Exploits0References1
Rows per page
Query Builder