Lucene search
K

5234 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 3:33 p.m.16 views

CVE-2026-46191

A flaw was found in the Linux kernel's framebuffer console fbcon component. When console rotation fails, the fbconrotatefont function may keep an old font buffer that is too small for the rotated font. A local user printing to the rotated console with a high character code can trigger an...

7.1CVSS6AI score0.00131EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/05/28 12:6 a.m.11 views

pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 §4.1.11 MUST violation)

A missing verification step has been discovered in PyJWT. PyJWT does not validate the crit Critical Header Parameter defined in RFC 7515 §4.1.11. When a JWS token contains a crit array listing extensions that PyJWT does not understand, the library accepts the token instead of rejecting it. This...

7.5CVSS5.7AI score0.00269EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-44090

pam usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the address of a stack-local variable. This violates the PAM re-entrancy requirement and creates a data...

5.7CVSS5.8AI score0.00116EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.12 views

pam_usb 代码问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.9.1 contained code vulnerabilities. This vulnerability stemmed from the fact that the src/log.c file contained a process-level static pointer; each PAM ca...

5.7CVSS5.9AI score0.00116EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/05/26 3:57 a.m.14 views

xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS6AI score0.0038EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.16 views

PT-2026-42695

Name of the Vulnerable Software and Affected Versions Plonky3 versions prior to 0.4.3 Plonky3 versions prior to 0.5.3 Description An attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This...

8.9CVSS5.4AI score0.00108EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Firefox and Thunderbird

If the Content Security Policy blocks frame navigation, the full destination of a redirect served within the frame is reported in the violation report; instead of just the original frame URI. This could be used to disclose sensitive information contained in such URIs. This vulnerability affects...

4.3CVSS6.4AI score0.01212EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Media: wl128x – Fix for atomicity violation in fmcsendcmd An atomicity violation occurs when the fmcsendcmd function is executed simultaneously with the modification of the fmdev-respskb value. Consider a scenario where, after...

5.5CVSS6.4AI score0.00213EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

When a user opened the Web Extensions context menu, the Web Extension could access the post-redirect URL of the clicked element. If the Web Extension did not have the necessary WebRequest permissions for the hosts involved in the redirection, this would constitute a same-origin violation, allowin...

4.3CVSS6AI score0.00329EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in binutils

The readelf.c file in GNU Binutils 2.32 contains an integer overflow vulnerability that allows attackers to trigger a write access violation in the byteputlittleendian function in elfcomm.c through an ELF file, as demonstrated by readelf...

5.5CVSS6.4AI score0.01481EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in WebKit2GTK

This issue has been addressed through improved enforcement of iframe sandboxing policies. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, and iPadOS 14.4. Maliciously crafted web content may violate...

6.5CVSS7AI score0.01515EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

As specified in the W3C Content Security Policy draft, when creating a violation report, “User agents need to ensure that the source file is the URL requested by the page, with pre-redirecting. If this is not possible, user agents must strip the URL to its origin to prevent unintentional leakage....

4.3CVSS6.6AI score0.01212EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.19 views

PT-2026-41677

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...

5.9AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 6:16 p.m.14 views

CVE-2026-44000

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...

7.2CVSS0.002EPSS
Exploits1References1
Circl
Circl
added 2026/05/11 8:29 p.m.5 views

GHSA-44QJ-VH8C-5354

creationtimestamp| type| source ---|---|--- 2026-05-11 20:29:17+00:00| seen| https://gist.github.com/tw89Coder/cd011dc1842625f821c171e41e812fbc...

5.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/08 5:57 p.m.13 views

CVE-2025-71300

A flaw was found in the Linux kernel, specifically within the OP-TEE Open Portable Trusted Execution Environment integration with U-Boot. The U-Boot's OP-TEE logic automatically injects a reserved-memory node into the kernel device tree. However, a manually defined OP-TEE node in zynqmp.dtsi...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/08 1:15 p.m.45 views

CVE-2025-71300 Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

0.00138EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 1:15 p.m.4 views

CVE-2025-71300 Revert "arm64: zynqmp: Add an OP-TEE node to the device tree"

In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-TEE logic in U-Boot automatically injects a reserved-memory node along with optee firmware node to...

5.5CVSS5.9AI score0.00138EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel where the presence of a manually defined OP-TEE node in zynqmp.dtsi interferes with the U-Boot logic. U-Boot normally automatically injects a...

5.5CVSS5.5AI score0.00138EPSS
Exploits0References16
OSV
OSV
added 2026/05/07 2:50 p.m.8 views

JLSEC-2026-458

FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNTSizeRequest...

7.5CVSS5.8AI score0.02816EPSS
Exploits0References16
Rows per page
Query Builder