Lucene search
K

38424 matches found

OSV
OSV
added 2026/03/26 11:16 a.m.3 views

UBUNTU-CVE-2026-23397

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

7.1CVSS5.8AI score0.00117EPSS
Exploits0References9
The Hacker News
The Hacker News
added 2026/03/26 11:7 a.m.7 views

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in Recent Mass Attacks

The kernel exploit for two security vulnerabilities used in the recently uncovered Apple iOS exploit kit known as Coruna is an updated version of the same exploit that was used in the Operation Triangulation campaign back in 2023, according to new findings from Kaspersky. "When Coruna was first...

7.8CVSS7.3AI score0.51517EPSS
Exploits3
CVE
CVE
added 2026/03/26 10:22 a.m.12 views

CVE-2026-23397

CVE-2026-23397 affects the Linux kernel nfnetlink_osf fingerprint matching. The issue arises when parsing TCP option fingerprints: add-time checks for option lengths are insufficient, allowing a zero-length option to bypass bounds checks and potentially trigger a fault in nf_osf_match_one() (kern...

7.1CVSS5.8AI score0.00117EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:22 a.m.3 views

CVE-2026-23397

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

5.7AI score0.00117EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/03/26 10:22 a.m.21 views

CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

0.00117EPSS
Exploits0References8
OSV
OSV
added 2026/03/26 10:22 a.m.3 views

CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints

In the Linux kernel, the following vulnerability has been resolved: nfnetlinkosf: validate individual option lengths in fingerprints nfnlosfaddcallback validates optnum bounds and string NUL-termination but does not check individual option length fields. A zero-length option causes nfosfmatchone ...

7.1CVSS5.8AI score0.00117EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/03/26 9:17 a.m.3 views

SUSE CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS5.8AI score0.0036EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 8:35 a.m.4 views

CVE-2026-23379

A flaw was found in the Linux kernel's net/sched: ets module. A local user can exploit an integer overflow vulnerability when the system calculates weighted round-robin WRR weights for network traffic. This overflow can lead to a divide-by-zero error, causing the kernel to panic and resulting in ...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References4
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:7 a.m.3 views

net/sched: ets: fix divide by zero in the offload path

...

5.5CVSS5.8AI score0.00119EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:4 a.m.6 views

can: ucan: Fix infinite loop from zero-length messages

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Securelist
Securelist
added 2026/03/26 8:0 a.m.6 views

Coruna: the framework used in Operation Triangulation

Introduction On March 4, 2026, Google and iVerify published reports about a highly sophisticated exploit kit targeting Apple iPhone devices. According to Google, the exploit kit was first discovered in targeted attacks conducted by a customer of an unnamed surveillance vendor. It was later used b...

7.8CVSS7.8AI score0.51517EPSS
Exploits3
Snyk
Snyk
added 2026/03/26 7:34 a.m.6 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in HTTP/2 servers that triggers when a client sends WINDOWUPDATE frames on stream 0 that cause the flow control window to exceed $2^31-1$. Although the server responds with a GOAWAY...

6.9CVSS6.3AI score0.00454EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:17 a.m.3 views

CVE-2026-33526

A flaw was found in Squid. A remote attacker can exploit a heap Use-After-Free vulnerability when handling ICP Internet Cache Protocol traffic. This allows them to perform a reliable and repeatable Denial of Service DoS attack, making the Squid service unavailable. This attack is limited to...

9.2CVSS5.8AI score0.08942EPSS
Exploits0References6
Fedora
Fedora
added 2026/03/26 2:31 a.m.5 views

[SECURITY] Fedora 44 Update: dotnet9.0-9.0.115-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

5.7AI score
Exploits0
Snyk
Snyk
added 2026/03/26 2:24 a.m.5 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the unserialize process of the AccessTokenAuthenticator class when restoring OAuth token state from cache or storage using PHP's unserialize with allowedclasses = true. An attacker can achieve...

9.8CVSS6.4AI score0.00622EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/26 12:25 a.m.30 views

CVE-2026-33183 Saloon has a Fixture Name Path Traversal Vulnerability

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, fixture names were used to build file paths under the configured fixture directory without validation. A name containing path segments e.g. ../traversal or ../../etc/passwd resulted in a pat...

9.3CVSS0.00566EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/26 12:22 a.m.1 views

CVE-2026-33182 Saloon is vulnerable to SSRF and credential leakage via absolute URL in endpoint overriding base URL

Saloon is a PHP library that gives users tools to build API integrations and SDKs. Prior to version 4.0.0, when building the request URL, Saloon combined the connector's base URL with the request endpoint. If the endpoint was a valid absolute URL, the code used that URL as-is and ignored the base...

8.7CVSS5.9AI score0.0042EPSS
Exploits0References2
Slackware Linux
Slackware Linux
added 2026/03/26 12:0 a.m.7 views

[slackware-security] tigervnc

New tigervnc packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/tigervnc/tigervnc-1.16.1-i586-1slack15.0.txz: Upgraded. The bug fix release TigerVNC 1.16.1 is now available. This release is primarily a...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.8 views

Code-Projects Online Food Ordering System SQL注入漏洞

The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...

7.5CVSS7.2AI score0.00259EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.7 views

Timo 安全漏洞

Timo is a backend management system developed by auntvt. Version Timo 2.0.3 has a security vulnerability, which stems from a cross-site scripting vulnerability in the title field. Attackers can execute attacks through specially crafted links...

6.1CVSS5.7AI score0.00166EPSS
Exploits1References1
Rows per page
Query Builder