CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

57 matches found

CVE-2026-46167

A flaw was found in the Linux kernel's usblp driver. A local user, interacting with a malicious printer, could exploit this vulnerability. When the LPGETSTATUS ioctl is used and a printer responds with zero bytes, the driver may return uninitialized kernel memory. This leads to information...

5.5CVSS5.8AI score0.00024EPSS

Exploits0References4

OSV•added 6 days ago•2 views

UBUNTU-CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

5.8AI score0.00024EPSS

Exploits0References8

CNNVD•added 2026/05/20 12:0 a.m.•3 views

NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.6.2 to 1.25.0 of NLnet Labs Unbound, there is a buffer error vulnerability. This vulnerability stems from a potential stack overflow during the DNSCrypt packet reading process. Malicious attackers can...

8.2CVSS6AI score0.00058EPSS

Exploits0References2

OSV•added 2026/05/10 6:16 a.m.•4 views

UBUNTU-CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00021EPSS

Exploits0References4

OSV•added 2026/05/02 12:0 p.m.•0 views

RUSTSEC-2026-0127 Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

5.9AI score

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2009-0326

Malware in sbrugna...

4.9CVSS4.5AI score0.0008EPSS

Exploits1References41

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2020-0168

Malware in sbrugna...

7.5CVSS7.6AI score0.00098EPSS

Exploits1References17

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2016-9486

Malware in sbrugna...

5.5CVSS6.5AI score0.00034EPSS

Exploits0References12

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2024-23047

Malicious code in bioql PyPI...

5.5CVSS7.2AI score0.00008EPSS

Exploits0References6

SUSE CVE•added 2025/06/17 11:38 p.m.•1 views

SUSE CVE-2025-49178

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...

4.7CVSS6.5AI score0.00229EPSS

Exploits0References17

OSV•added 2025/06/17 3:15 p.m.•1 views

AZL-64259 CVE-2025-49178 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-2

5.5CVSS7.1AI score0.00229EPSS

Exploits0References1

OSV•added 2025/06/17 12:0 a.m.•0 views

UBUNTU-CVE-2025-49178

5.5CVSS7AI score0.00229EPSS

Exploits0References4

RedhatCVE•added 2025/05/21 10:40 p.m.•3 views

CVE-2002-2415

Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero null bytes sent via UDP to a running service...

6.8CVSS6.6AI score0.0085EPSS

Exploits1References1

Veracode•added 2025/05/09 3:54 a.m.•7 views

Address Spoofing

base-x is vulnerable to Address spoofing. The vulnerability is due to improper handling of leading zero bytes during encoding, which allows an attacker to create visually similar addresses and mislead users into sending funds to unintended recipients...

8.7CVSS6.6AI score0.00377EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2024/11/12 9:4 a.m.•0 views

libvirt: Crash of virtinterfaced via virConnectListInterfaces()

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...

6.2CVSS5.8AI score0.00077EPSS

Exploits0References5

SUSE CVE•added 2024/10/16 2:50 a.m.•2 views

SUSE CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

4.8CVSS9.4AI score0.00162EPSS

Exploits1References7

Microsoft CVE•added 2024/09/11 7:0 a.m.•1 views

In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended.

...

5.3CVSS9.3AI score0.00131EPSS

Exploits1

Cvelist•added 2024/08/05 2:21 p.m.•15 views

CVE-2024-23357 NULL Pointer Dereference in HLOS

Transient DOS while importing a PKCS8-encoded RSA key with zero bytes modulus...

6.2CVSS0.00113EPSS

Exploits0References1

Vulnrichment•added 2024/08/05 2:21 p.m.•14 views

CVE-2024-23357 NULL Pointer Dereference in HLOS

Transient DOS while importing a PKCS8-encoded RSA key with zero bytes modulus...

6.2CVSS6.9AI score0.00113EPSS

Exploits0References1

OSV•added 2024/08/02 7:16 a.m.•0 views

UBUNTU-CVE-2024-42459

In the Elliptic package 6.5.6 for Node.js, EDDSA signature malleability occurs because there is a missing signature length check, and thus zero-valued bytes can be removed or appended...

5.3CVSS6.7AI score0.00131EPSS

Exploits1References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by