Lucene search
K

60408 matches found

OSV
OSV
added 2026/03/25 10:0 p.m.2 views

GHSA-F7XC-5852-FJ99 Saloon has a Fixture Name Path Traversal Vulnerability

Impact Users with MockResponse fixtures that use path traversal. Patches Upgrade to Saloon v4+ Upgrade guide: https://docs.saloon.dev/upgrade/upgrading-from-v3-to-v4 Description Fixture names were used to build file paths under the configured fixture directory without validation. A name containin...

6.3CVSS5.8AI score0.00566EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/25 8:4 p.m.9 views

Zoraxy: Authenticated Path Traversal in Config Import leads to RCE

Authenticated Path Traversal to RCE via Configuration Import Summary An authenticated path traversal vulnerability in the configuration import endpoint allows an authenticated user to write arbitrary files outside the config directory, which can lead to RCE by creating a plugin. Details The...

8.8CVSS6.2AI score0.00434EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/25 6:38 p.m.2 views

Off-by-one Error

Overview Affected versions of this package are vulnerable to Off-by-one Error via the FcFontCapabilities function in fcfreetype.c. An attacker can cause a one-byte out-of-bounds write, potentially leading to a crash or execution of arbitrary code by supplying crafted input that triggers the...

7.8CVSS6.3AI score0.00125EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15934

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

5.9CVSS5.9AI score0.00125EPSS
Exploits0References4
OSV
OSV
added 2026/03/25 5:17 p.m.2 views

DEBIAN-CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

5.9CVSS5.9AI score0.00125EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.7 views

SUSE CVE-2026-23302

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...

5.7AI score0.00089EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/25 4:56 p.m.6 views

SUSE CVE-2026-23316

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/25 4:54 p.m.22 views

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

5.9CVSS0.00125EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:54 p.m.13 views

CVE-2026-34085

CVE-2026-34085 affects fontconfig before 2.17.1. The vulnerability is an off-by-one error in allocation during sfnt capability handling, causing a one-byte out-of-bounds write in FcFontCapabilities within fcfreetype.c. Consequences include potential crash or code execution. The available connecte...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/03/25 4:54 p.m.6 views

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

7.8CVSS5.9AI score0.00125EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/03/25 4:54 p.m.2 views

CVE-2026-34085

fontconfig before 2.17.1 has an off-by-one error in allocation during sfnt capability handling, leading to a one-byte out-of-bounds write, and potentially a crash or code execution. This is in FcFontCapabilities in fcfreetype.c...

7.8CVSS5.5AI score0.00125EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/25 12:48 p.m.3 views

CVE-2026-23316

A flaw was found in the Linux kernel's handling of multipath hash seeds on ARM64 architectures. This vulnerability can lead to a system crash kernel panic when the kernel is compiled with specific optimizations, such as Clang with Link-Time Optimization LTO, due to an alignment fault during memor...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/25 12:30 p.m.4 views

EUVD-2026-15363

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.8AI score0.00119EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 12:30 p.m.13 views

EUVD-2026-15263

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

5.7AI score0.00122EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/25 11:53 a.m.4 views

SUSE CVE-2026-4679

Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: High...

8.8CVSS6AI score0.0034EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/25 11:50 a.m.4 views

CVE-2026-23288

A flaw was found in the Linux kernel's accel/amdxdna component. This vulnerability occurs when clearing a command header with memset before verifying the available slot space, which can be smaller than the header size. This can lead to an out-of-bounds write and memory corruption. An attacker cou...

5.8AI score0.0012EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 11:16 a.m.2 views

CVE-2026-23316

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: fix ARM64 alignment fault in multipath hash seed struct sysctlfibmultipathhashseed contains two u32 fields userseed and mpseed, making it an 8-byte structure with a 4-byte alignment requirement. In...

5.5CVSS0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 11:16 a.m.3 views

CVE-2026-23302

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...

4.7CVSS0.00089EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23302

In the Linux kernel, the following vulnerability has been resolved: net: annotate data-races around sk-skdataready,writespace skmsg and probably other layers are changing these pointers while other cpus might read them concurrently. Add corresponding READONCE/WRITEONCE annotations for UDP, TCP an...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.7 views

CVE-2026-23372

In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel txwork before socket teardown In rawsockrelease, cancel any pending txwork and purge the write queue before orphaning the socket. rawsocktxwork runs on the system workqueue and calls nfcdataexchange which...

7.8CVSS6AI score0.00132EPSS
Exploits0References8
Rows per page
Query Builder