Lucene search
K
AlpinelinuxRecent

13033 matches found

AlpineLinux
AlpineLinux
•added 2026/04/28 1:49 p.m.•3 views

CVE-2026-7320

Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1...

7.5CVSS5.8AI score0.00323EPSS
Exploits0References6
AlpineLinux
AlpineLinux
•added 2026/04/28 9:22 a.m.•6 views

CVE-2026-41636

Uncontrolled Recursion vulnerability in Apache Thrift Node.js bindings This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.7CVSS5.8AI score0.00469EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:21 a.m.•7 views

CVE-2026-41607

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

9.1CVSS5.8AI score0.00967EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:21 a.m.•6 views

CVE-2026-41606

Uncontrolled Recursion vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.5CVSS5.8AI score0.01144EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:20 a.m.•5 views

CVE-2026-41605

Integer Overflow or Wraparound vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.7CVSS5.8AI score0.00967EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:20 a.m.•5 views

CVE-2026-41604

Out-of-bounds Read vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS5.8AI score0.00954EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:19 a.m.•6 views

CVE-2026-41603

Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

8.2CVSS5.8AI score0.00593EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:19 a.m.•7 views

CVE-2026-41602

Integer Overflow or Wraparound vulnerability in Apache Thrift TFramedTransport Go language implementation This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue...

7.5CVSS5.8AI score0.01163EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 9:11 a.m.•6 views

CVE-2025-48431

Mismatched Memory Management Routines vulnerability in Apache Thrift cglib language bindings. This issue affects Apache Thrift: before 0.23.0. Users are recommended to upgrade to version 0.23.0, which fixes the issue. Description: Specially crafted requests can crash an cglib-based Thrift server...

7.5CVSS5.8AI score0.01079EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 6:0 a.m.•8 views

CVE-2026-7233

A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fzsubsetcffforgids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly...

6.1CVSS4.1AI score0.00238EPSS
Exploits1References6
AlpineLinux
AlpineLinux
•added 2026/04/28 1:35 a.m.•10 views

CVE-2026-40475

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/28 12:0 a.m.•6 views

CVE-2026-41526

In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path t...

7.8CVSS5.8AI score0.0017EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2026/04/28 12:0 a.m.•7 views

CVE-2026-42167

modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM...

8.1CVSS6.3AI score0.04438EPSS
Exploits7
AlpineLinux
AlpineLinux
•added 2026/04/27 5:50 a.m.•8 views

CVE-2026-42371

uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes...

5.1CVSS5.8AI score0.00172EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/24 6:32 p.m.•9 views

CVE-2026-41414

Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...

7.4CVSS5.9AI score0.00281EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/24 4:54 p.m.•3 views

CVE-2026-41079

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

5.4CVSS5.4AI score0.00409EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/24 4:51 p.m.•5 views

CVE-2026-41411

Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file is passed through wildcard expansion to resolve environment variables and wildcards. If the filena...

6.6CVSS5.4AI score0.00501EPSS
Exploits0References3
AlpineLinux
AlpineLinux
•added 2026/04/24 4:45 p.m.•8 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.4AI score0.00324EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/24 2:24 a.m.•3 views

CVE-2026-40254

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...

6.1CVSS5.5AI score0.002EPSS
Exploits1References1
AlpineLinux
AlpineLinux
•added 2026/04/24 1:46 a.m.•6 views

CVE-2026-32952

go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using ntlmssp.Negotiator as an HTTP transport. Version 0.1.1 patches the issue...

7.5CVSS5.8AI score0.01027EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/23 10:19 p.m.•9 views

CVE-2026-6732

A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition XSD validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that...

7.5CVSS5.7AI score0.00632EPSS
Exploits1
AlpineLinux
AlpineLinux
•added 2026/04/23 8:39 p.m.•6 views

CVE-2026-6941

radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a...

7.8CVSS5.5AI score0.00198EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/23 8:26 p.m.•12 views

CVE-2026-6940

radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files...

7.1CVSS5.5AI score0.00218EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/23 4:12 p.m.•18 views

CVE-2026-6920

Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.4AI score0.00211EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/23 4:12 p.m.•4 views

CVE-2026-6919

Use after free in DevTools in Google Chrome prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

9.6CVSS5.3AI score0.00285EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/23 2:54 p.m.•2 views

CVE-2026-34003

A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash,...

7.8CVSS5.7AI score0.0025EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/23 2:54 p.m.•5 views

CVE-2026-34001

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially...

7.8CVSS5.7AI score0.00264EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/23 2:53 p.m.•3 views

CVE-2026-33999

A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of servi...

7.8CVSS5.9AI score0.0038EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/23 7:29 a.m.•7 views

CVE-2026-41564

CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking. The Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519 and Crypt::PK::X25519 modules seed a per-object PRNG state in their constructors and reuse it without fork detection. A...

7.5CVSS5.3AI score0.00447EPSS
Exploits0References4
AlpineLinux
AlpineLinux
•added 2026/04/23 4:30 a.m.•5 views

CVE-2026-41989

Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcrypkdecrypt...

6.7CVSS5.6AI score0.0018EPSS
Exploits0References5
AlpineLinux
AlpineLinux
•added 2026/04/23 12:3 a.m.•6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.8CVSS5.6AI score0.09199EPSS
Exploits2
AlpineLinux
AlpineLinux
•added 2026/04/22 11:57 p.m.•4 views

CVE-2026-41176

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint options/set is exposed without AuthRequired: true, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and pri...

9.8CVSS5.3AI score0.34734EPSS
Exploits1References3
AlpineLinux
AlpineLinux
•added 2026/04/22 9:44 p.m.•4 views

CVE-2026-40517

radare2 prior to 6.1.4 contains a command injection vulnerability in the PDB parser's printgvars function that allows attackers to execute arbitrary commands by crafting a malicious PDB file with newline characters in symbol names. Attackers can inject arbitrary radare2 commands through unsanitiz...

8.4CVSS6.1AI score0.01051EPSS
Exploits1References4
AlpineLinux
AlpineLinux
•added 2026/04/22 2:23 p.m.•4 views

CVE-2026-35328

This candidate has been reserved by an organization or individual " "that will use it when announcing a new security problem. When the candidate has been " "publicized, the details for this candidate will be provided...

Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 2:1 p.m.•6 views

CVE-2026-33611

An operator allowed to use the REST API can cause the Authoritative server to produce invalid HTTPS or SVCB record data, which can in turn cause LMDB database corruption, if using the LMDB backend...

6.5CVSS5.8AI score0.00423EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 2:0 p.m.•2 views

CVE-2026-33610

A rogue primary server may cause file descriptor exhaustion and eventually a denial of service, when a PowerDNS secondary server forwards a DNS update request to it...

7.5CVSS5.8AI score0.00393EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 2:0 p.m.•8 views

CVE-2026-33609

Incomplete escaping of LDAP queries when running with 8bit-dns enabled allows users to perform queries of internal domain subtrees...

6.5CVSS5.8AI score0.00242EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 2:0 p.m.•3 views

CVE-2026-33608

An attacker can send a notify request that causes a new secondary domain to be added to the bind backend, but causes said backend to update its configuration to an invalid one, leading to the backend no longer able to run on the next restart, requiring manual operation to fix it...

9.8CVSS5.8AI score0.00383EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:48 p.m.•4 views

CVE-2026-33593

A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query...

7.5CVSS5.7AI score0.00381EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:48 p.m.•3 views

CVE-2026-33594

A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection...

7.5CVSS6AI score0.00371EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:47 p.m.•3 views

CVE-2026-33595

A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection...

7.5CVSS5.8AI score0.00371EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:47 p.m.•3 views

CVE-2026-33597

PRSD detection denial of service...

7.5CVSS5.7AI score0.00348EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:47 p.m.•4 views

CVE-2026-33596

A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend...

6.5CVSS5.7AI score0.00169EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:46 p.m.•4 views

CVE-2026-33598

A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress or getAddressListByDomain on a packet cache...

9.1CVSS5.8AI score0.01073EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:46 p.m.•5 views

CVE-2026-33599

A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade Lua option to newServer or autoupgrade YAML settings. DDR upgrade is not enabled by default...

8.1CVSS5.7AI score0.00283EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:45 p.m.•5 views

CVE-2026-33602

A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service...

8.2CVSS5.7AI score0.00731EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:45 p.m.•2 views

CVE-2026-33254

An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default...

7.5CVSS5.7AI score0.00371EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 1:39 p.m.•6 views

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

7.1CVSS5.7AI score0.00108EPSS
Exploits0References2
AlpineLinux
AlpineLinux
•added 2026/04/22 9:40 a.m.•4 views

CVE-2026-33262

An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default...

5.9CVSS5.3AI score0.00418EPSS
Exploits0
AlpineLinux
AlpineLinux
•added 2026/04/22 9:40 a.m.•11 views

CVE-2026-33261

A zone transition from NSEC to NSEC3 might trigger an internal inconsistency and cause a denial of service...

5.9CVSS5.2AI score0.00228EPSS
Exploits0
Total number of security vulnerabilities13033