Lucene search
K

38434 matches found

Cvelist
Cvelist
added 2026/03/25 10:26 a.m.21 views

CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

0.00123EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:26 a.m.4 views

CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.6AI score0.00123EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/03/25 10:26 a.m.8 views

CVE-2026-23298

CVE-2026-23298 affects the Linux kernel can: ucan subsystem. A zero-length message on a broken ucan device causes an infinite loop in ucan_read_bulk_callback(), hanging the system. The issue is linked to a historical fix in the kvaser_usb driver (commit 0c73772cd2b8) addressing a similar infinite...

5.5CVSS5.6AI score0.00123EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/25 10:26 a.m.10 views

CVE-2026-23298 can: ucan: Fix infinite loop from zero-length messages

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References9
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.6 views

CVE-2026-23298

In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set to 0, then the driver will loop for forever in ucanreadbulkcallback, hanging the system. If the lengt...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
NVD
NVD
added 2026/03/25 9:16 a.m.4 views

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS0.01361EPSS
Exploits0References9
AlpineLinux
AlpineLinux
added 2026/03/25 8:46 a.m.9 views

CVE-2026-3608

Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error. This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2...

7.5CVSS7.5AI score0.01361EPSS
Exploits0
CVE
CVE
added 2026/03/25 8:46 a.m.28 views

CVE-2026-3608

CVE-2026-3608 affects Kea daemons (kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, kea-dhcp6). A maliciously crafted message over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow. Affected versions: 2.6.0–2.6.4 and 3.0.0–3.0.2. Exploitation details a...

7.5CVSS5.8AI score0.01361EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/03/25 8:2 a.m.6 views

Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources

...

9.1CVSS5.8AI score0.0042EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 12:28 a.m.7 views

SUSE CVE-2026-25921

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, overwritable LFS object across different repos leads to supply-chain attack, all LFS objects are vulnerable to be maliciously overwritten by malicious attackers. This issue has been patched in version 0.14.2...

9.3CVSS6.6AI score0.00327EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:27 a.m.4 views

SUSE CVE-2026-27116

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, a reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.4 views

SUSE CVE-2026-28512

Pocket ID is an OIDC provider that allows users to authenticate with their passkeys to your services. From 2.0.0 to before 2.4.0, a flaw in callback URL validation allowed crafted redirecturi values containing URL userinfo @ to bypass legitimate callback pattern checks. If an attacker can trick a...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.6 views

PT-2026-28123

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

5.4CVSS5.4AI score0.00284EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/03/25 12:0 a.m.3 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS7.3AI score0.0036EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.4 views

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. Vulnerabilities exist in versions 9.20.0 to 9.20.20, 9.21.0 to 9.21.19, and 9.20.9-S1 to 9.20.20-S1 of ISC BIND 9. These vulnerabilities stem from the reuse of resources after handling DNS queries signed with SIG0; thi...

5.4CVSS7.5AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.3 views

PT-2026-27827

Name of the Vulnerable Software and Affected Versions Elated-Themes Amoli versions through 1.0 Description A flaw exists in Elated-Themes Amoli that allows for PHP Local File Inclusion due to improper control of filename for include/require statements. This issue enables the inclusion of local...

8.1CVSS5.9AI score0.00504EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.8 views

PT-2026-28156

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.3, missing authorization in the AJAX deletion endpoint interface/forms/procedure order/handle deletions.php allows any authenticated user, regardless of role, to...

7.1CVSS5.8AI score0.00415EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27927

Name of the Vulnerable Software and Affected Versions eyecix Addon Jobsearch Chat versions through 3.0 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-Site Scripting XSS. This issue impacts the Addon Jobsearc...

7.1CVSS5.9AI score0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28175

Name of the Vulnerable Software and Affected Versions PrestaShop versions prior to 8.2.5 PrestaShop versions prior to 9.1.0 Description PrestaShop, an open source e-commerce web application, experiences an issue due to improper use of its validation framework. No workarounds are currently...

2CVSS5.8AI score0.00237EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.9 views

WordPress plugin Kiddy 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00403EPSS
Exploits0References1
Rows per page
Query Builder