CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

59 matches found

Vulnrichment•added 2026/06/04 5:22 p.m.•6 views

CVE-2026-41207 netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on failures

The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDFexpand returns non-NULL on failure. The byte is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a...

6.9CVSS5.5AI score0.00193EPSS

Exploits0References2

RedhatCVE•added 2026/05/28 9:9 p.m.•10 views

CVE-2026-46167

A flaw was found in the Linux kernel's usblp driver. A local user, interacting with a malicious printer, could exploit this vulnerability. When the LPGETSTATUS ioctl is used and a printer responds with zero bytes, the driver may return uninitialized kernel memory. This leads to information...

5.5CVSS5.8AI score0.00128EPSS

Exploits0References4

OSV•added 2026/05/28 10:16 a.m.•5 views

UBUNTU-CVE-2026-46167

In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblpctrlmsg will collapse the usbcontrolmsg return value to 0/-errno, discarding the actual number of bytes transferre...

5.5CVSS5.8AI score0.00128EPSS

Exploits0References8

CNNVD•added 2026/05/20 12:0 a.m.•7 views

NLnet Labs Unbound 缓冲区错误漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. In versions 1.6.2 to 1.25.0 of NLnet Labs Unbound, there is a buffer error vulnerability. This vulnerability stems from a potential stack overflow during the DNSCrypt packet reading process. Malicious attackers can...

8.2CVSS6AI score0.00337EPSS

Exploits0References2

OSV•added 2026/05/10 6:16 a.m.•5 views

UBUNTU-CVE-2026-6104

In PHP versions 8.4. before 8.4.21 and 8.5. before 8.5.6, when an encoding name containing an embedded NUL byte is passed to mbconvertencoding or related mbstring functions, the code incorrectly assumes that when strncasecmp returns 0 it means the strings have the same length. This can lead to...

9.1CVSS5.9AI score0.00436EPSS

Exploits0References4

OSV•added 2026/05/02 12:0 p.m.•3 views

RUSTSEC-2026-0127 Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

5.9AI score

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•5 views

EUVD-2016-9486

Malware in sbrugna...

5.5CVSS6.5AI score0.00426EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-0326

Malware in sbrugna...

4.9CVSS4.5AI score0.00499EPSS

Exploits1References41

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2020-0168

Malware in sbrugna...

7.5CVSS7.6AI score0.01359EPSS

Exploits1References17

EUVD•added 2025/10/03 8:7 p.m.•8 views

EUVD-2024-23047

Malicious code in bioql PyPI...

5.5CVSS7.2AI score0.00248EPSS

Exploits0References6

SUSE CVE•added 2025/06/17 11:38 p.m.•2 views

SUSE CVE-2025-49178

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service...

4.7CVSS6.5AI score0.00199EPSS

Exploits0References17

OSV•added 2025/06/17 3:15 p.m.•6 views

AZL-64259 CVE-2025-49178 affecting package xorg-x11-server-Xwayland for versions less than 24.1.6-2

5.5CVSS7.1AI score0.00199EPSS

Exploits0References1

OSV•added 2025/06/17 12:0 a.m.•0 views

UBUNTU-CVE-2025-49178

5.5CVSS7AI score0.00199EPSS

Exploits0References4

RedhatCVE•added 2025/05/21 10:40 p.m.•4 views

CVE-2002-2415

Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero null bytes sent via UDP to a running service...

6.8CVSS6.6AI score0.01342EPSS

Exploits1References1

Veracode•added 2025/05/09 3:54 a.m.•11 views

Address Spoofing

base-x is vulnerable to Address spoofing. The vulnerability is due to improper handling of leading zero bytes during encoding, which allows an attacker to create visually similar addresses and mislead users into sending funds to unintended recipients...

8.7CVSS6.6AI score0.00354EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2024/11/12 9:4 a.m.•1 views

libvirt: Crash of virtinterfaced via virConnectListInterfaces()

A flaw was found in libvirt. A refactor of the code fetching the list of interfaces for multiple APIs introduced a corner case on platforms where allocating 0 bytes of memory results in a NULL pointer. This corner case would lead to a NULL-pointer dereference and subsequent crash of virtinterface...

6.2CVSS5.8AI score0.00242EPSS

Exploits0References5

SUSE CVE•added 2024/10/16 2:50 a.m.•4 views

SUSE CVE-2024-48948

The Elliptic package 6.5.7 for Node.js, in its for ECDSA implementation, does not correctly verify valid signatures if the hash contains at least four leading 0 bytes and when the order of the elliptic curve's base point is smaller than the hash, because of an truncateToN anomaly. This leads to...

4.8CVSS9.4AI score0.00556EPSS

Exploits1References7

Microsoft CVE•added 2024/09/11 7:0 a.m.•3 views

In the Elliptic package 6.5.6 for Node.js EDDSA signature malleability occurs because there is a missing signature length check and thus zero-valued bytes can be removed or appended.

...

5.3CVSS9.3AI score0.00302EPSS

Exploits1