Lucene search
+L
AlpinelinuxRecent

13055 matches found

alpinelinux
alpinelinux
added 2026/01/12 5:39 p.m.8 views

CVE-2025-68471

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending 2 unsolicited announcements with CNAME resource records 2 seconds apart...

6.5CVSS6.7AI score0.00353EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/01/12 5:38 p.m.4 views

CVE-2025-68468

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

6.5CVSS6.7AI score0.00331EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/12 5:31 p.m.5 views

CVE-2025-68276

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, an unprivileged local users can crash avahi-daemon with wide-area disabled by creating record browsers with the AVAHILOOKUPUSEWIDEAREA flag set via D-Bus. This can ...

5.5CVSS6.7AI score0.0014EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/11 11:2 a.m.8 views

CVE-2025-15506

A vulnerability was found in AcademySoftwareFoundation OpenColorIO up to 2.5.0. This issue affects the function ConvertToRegularExpression of the file src/OpenColorIO/FileRules.cpp. Performing a manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has...

4.8CVSS6.5AI score0.00165EPSS
Exploits0References9
alpinelinux
alpinelinux
added 2026/01/10 1:32 p.m.6 views

CVE-2026-0822

A vulnerability was identified in quickjs-ng quickjs up to 0.11.0. This issue affects the function jstypedarraysort of the file quickjs.c. The manipulation leads to heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The...

8.8CVSS7.2AI score0.0041EPSS
Exploits1References8
alpinelinux
alpinelinux
added 2026/01/10 1:2 p.m.5 views

CVE-2026-0821

A vulnerability was determined in quickjs-ng quickjs up to 0.11.0. This vulnerability affects the function jstypedarrayconstructor of the file quickjs.c. Executing a manipulation can lead to heap-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed a...

9.8CVSS7AI score0.00443EPSS
Exploits1References8
alpinelinux
alpinelinux
added 2026/01/10 6:11 a.m.12 views

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS7.1AI score0.00077EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/01/10 5:59 a.m.2 views

CVE-2026-22701

filelock is a platform-independent file lock for Python. Prior to version 3.20.3, a TOCTOU race condition vulnerability exists in the SoftFileLock implementation of the filelock package. An attacker with local filesystem access and permission to create symlinks can exploit a race condition betwee...

5.3CVSS5.9AI score0.00115EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/10 5:53 a.m.5 views

CVE-2026-22693

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

5.3CVSS7.1AI score0.00377EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2026/01/09 7:57 a.m.4 views

CVE-2025-69195

A flaw was found in GNU Wget2. This vulnerability, a stack-based buffer overflow, occurs in the filename sanitization logic when processing attacker-controlled URL paths, particularly when filename restriction options are active. A remote attacker can exploit this by providing a specially crafted...

8.8CVSS6.1AI score0.00291EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/01/09 7:53 a.m.3 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

9.8CVSS6AI score0.00707EPSS
Exploits1References2
alpinelinux
alpinelinux
added 2026/01/08 6:34 p.m.2 views

CVE-2026-21860

Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.5, Werkzeug's safejoin function allows path segments with Windows device names that have file extensions or trailing spaces. On Windows, there are special device names such as CON, AUX, etc that are implicitly present...

6.3CVSS5.9AI score0.00424EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/08 3:33 p.m.8 views

CVE-2025-68151

CoreDNS is a DNS server that chains plugins. Prior to version 1.14.0, multiple CoreDNS server implementations gRPC, HTTPS, and HTTP/3 lack critical resource-limiting controls. An unauthenticated remote attacker can exhaust memory and degrade or crash the server by opening many concurrent...

8.7CVSS7.3AI score0.01132EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/08 10:8 a.m.4 views

CVE-2025-15224

When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent...

3.1CVSS6.6AI score0.00413EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2026/01/08 10:8 a.m.7 views

CVE-2025-15079

When doing SSH-based transfers using either SCP or SFTP, and setting the knownhosts file, libcurl could still mistakenly accept connecting to hosts not present in the specified file if they were added as recognized in the libssh global knownhosts file...

5.3CVSS6.5AI score0.00457EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2026/01/08 10:7 a.m.6 views

CVE-2025-14819

When doing TLS related transfers with reused easy or multi handles and altering the CURLSSLOPTNOPARTIALCHAIN option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcur...

5.3CVSS6.3AI score0.00679EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/08 10:7 a.m.5 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.6AI score0.00611EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2026/01/08 10:7 a.m.4 views

CVE-2025-14017

When doing multi-threaded LDAPS transfers LDAP over TLS with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally...

6.3CVSS6.7AI score0.00106EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/08 10:0 a.m.6 views

CVE-2025-13034

When using CURLOPTPINNEDPUBLICKEY option with libcurl or --pinnedpubkey with the curl tool,curl should check the public key of the server certificate to verify the peer. This check was skipped in a certain condition that would then make curl allow the connection without performing the proper chec...

5.9CVSS6.5AI score0.00227EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/01/07 11:37 p.m.9 views

CVE-2026-21869

llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the ndiscard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fill...

9.8CVSS6.5AI score0.00438EPSS
Exploits1References1
alpinelinux
alpinelinux
added 2026/01/07 10:30 p.m.5 views

CVE-2025-69262

pnpm is a package manager. Versions 6.25.0 through 10.26.2 have a Command Injection vulnerability when using environment variable substitution in .npmrc configuration files with tokenHelper settings. An attacker who can control environment variables during pnpm operations could achieve Remote Cod...

7.8CVSS7.6AI score0.00949EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/01/07 10:9 p.m.11 views

CVE-2026-21441

urllib3 is an HTTP client library for Python. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loading the entire response body into memory at once. urllib3 can perform decoding or decompression based on the HTTP...

8.9CVSS6.6AI score0.02667EPSS
Exploits0References114
alpinelinux
alpinelinux
added 2026/01/07 9:53 p.m.8 views

CVE-2025-69264

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

9.8CVSS8.7AI score0.01023EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/01/07 9:31 p.m.7 views

CVE-2025-69263

pnpm is a package manager. Versions 10.26.2 and below store HTTP tarball dependencies and git-hosted tarballs in the lockfile without integrity hashes. This allows the remote server to serve different content on each install, even when a lockfile is committed. An attacker who publishes a package...

8.8CVSS7.1AI score0.0031EPSS
Exploits1
alpinelinux
alpinelinux
added 2026/01/07 9:14 p.m.6 views

CVE-2025-13151

Stack-based buffer overflow in libtasn1 version: v4.20.0. The function fails to validate the size of input data resulting in a buffer overflow in asn1expendoctetstring...

7.5CVSS7.4AI score0.01109EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2026/01/07 8:26 p.m.4 views

CVE-2026-22185

OpenLDAP Lightning Memory-Mapped Database LMDB versions up to and including 0.9.14, prior to commit 8e1fda8, contain a heap buffer underflow in the readline function of mdbload. When processing malformed input containing an embedded NUL byte, an unsigned offset calculation can underflow and cause...

4.6CVSS6.5AI score0.00127EPSS
Exploits0References5
alpinelinux
alpinelinux
added 2026/01/07 8:25 p.m.8 views

CVE-2026-22184

zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz...

8.6CVSS7.3AI score0.00381EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/06 11:57 p.m.5 views

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

8.8CVSS5.7AI score0.06545EPSS
Exploits2
alpinelinux
alpinelinux
added 2026/01/06 4:36 p.m.3 views

CVE-2025-69364

Missing Authorization vulnerability in Cloudways Breeze breeze allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Breeze: from n/a through = 2.2.21...

5.3CVSS7AI score0.0023EPSS
Exploits0References2
alpinelinux
alpinelinux
added 2026/01/05 11:47 p.m.3 views

CVE-2025-69230

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, reading multiple invalid cookies can lead to a logging storm. If the cookies attribute is accessed in an application, then an attacker may be able to trigger a storm of warning-level logs...

6.9CVSS6.7AI score0.00332EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 11:37 p.m.5 views

CVE-2025-69229

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. In versions 3.13.2 and below, handling of chunked messages can result in excessive blocking CPU usage when receiving a large number of chunks. If an application makes use of the request.read method in an endpoint, it...

8.7CVSS6.6AI score0.00338EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 11:30 p.m.5 views

CVE-2025-69228

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a request to be crafted in such a way that an AIOHTTP server's memory fills up uncontrollably during processing. If an application includes a handler that uses the Request.post method, ...

8.7CVSS6.7AI score0.00347EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 11:19 p.m.4 views

CVE-2025-69227

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow for an infinite loop to occur when assert statements are bypassed, resulting in a DoS attack when processing a POST body. If optimizations are enabled -O or PYTHONOPTIMIZE=1, and the...

8.7CVSS7AI score0.00337EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 11:16 p.m.4 views

CVE-2025-69225

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below contain parser logic which allows non-ASCII decimals to be present in the Range header. There is no known impact, but there is the possibility that there's a method to exploit a request...

6.9CVSS6.8AI score0.00236EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 10:52 p.m.3 views

CVE-2025-69226

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below enable an attacker to ascertain the existence of absolute path components through the path normalization logic for static files meant to prevent path traversal. If an application uses...

6.3CVSS6.7AI score0.00313EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 10:35 p.m.3 views

CVE-2025-69224

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below of the Python HTTP parser may allow a request smuggling attack with the presence of non-ASCII characters. If a pure Python version of AIOHTTP is installed i.e. without the usual C extensions ...

6.5CVSS7AI score0.00213EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/05 10:0 p.m.4 views

CVE-2025-69223

AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Versions 3.13.2 and below allow a zip bomb to be used to execute a DoS against the AIOHTTP server. An attacker may be able to send a compressed request that when decompressed by AIOHTTP could exhaust the host's memory...

7.5CVSS7AI score0.00487EPSS
Exploits0
alpinelinux
alpinelinux
added 2026/01/02 7:5 p.m.5 views

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

5.5CVSS6.9AI score0.0007EPSS
Exploits1References3
alpinelinux
alpinelinux
added 2026/01/02 12:0 a.m.5 views

CVE-2025-67268

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/drivernmea2000.c file. The hnd129540 function, which handles NMEA2000 PGN 129540 GNSS Satellites in View packets, fails to validate the user-supplied satellite count against the size of the skyview...

9.8CVSS8AI score0.00674EPSS
Exploits2References9
alpinelinux
alpinelinux
added 2026/01/02 12:0 a.m.4 views

CVE-2025-67269

An integer underflow vulnerability exists in the nextstate function in gpsd/packet.c of gpsd versions prior to commit ffa1d6f40bca0b035fc7f5e563160ebb67199da7. When parsing a NAVCOM packet, the payload length is calculated using lexer-length = sizetc - 4 without checking if the input byte c is le...

7.5CVSS5.8AI score0.0047EPSS
Exploits2References8
alpinelinux
alpinelinux
added 2026/01/01 4:39 a.m.4 views

CVE-2025-69413

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

5.3CVSS7.2AI score0.00356EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2025/12/31 11:20 p.m.17 views

CVE-2025-69412

KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...

3.4CVSS6.9AI score0.00241EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2025/12/31 6:39 p.m.3 views

CVE-2025-34468

libcoap versions up to and including 4.3.5, prior to commit 30db3ea, contain a stack-based buffer overflow in address resolution when attacker-controlled hostname data is copied into a fixed 256-byte stack buffer without proper bounds checking. A remote attacker can trigger a crash and potentiall...

9.8CVSS8.3AI score0.00637EPSS
Exploits0References4
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.1 views

CVE-2025-15279

FontForge GUtils BMP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.6AI score0.00259EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.6 views

CVE-2025-15278

FontForge GUtils XBM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious...

7.8CVSS7.8AI score0.00263EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.4 views

CVE-2025-15277

FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.6AI score0.00259EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.4 views

CVE-2025-15276

FontForge SFD File Parsing Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7.7AI score0.00329EPSS
Exploits1References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.7 views

CVE-2025-15280

FontForge SFD File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or...

8.8CVSS7.6AI score0.00532EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.3 views

CVE-2025-15275

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.6AI score0.0058EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/12/31 6:59 a.m.4 views

CVE-2025-15274

FontForge SFD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FontForge. User interaction is required to exploit this vulnerability in that the target must visit a...

8.8CVSS7.6AI score0.00579EPSS
Exploits0References1
Total number of security vulnerabilities13055