Lucene search
K

418139 matches found

EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38842

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix strparser anchor skb leak on offload RX setup failure When tlssetdeviceoffloadrx fails at tlsdevadd, the error path calls tlsswfreeresourcesrx to clean up the SW context that was initialized by tlssetswoffload. This...

5.8AI score0.00506EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38840

In the Linux kernel, the following vulnerability has been resolved: crypto: afalg - Cap AEAD AD length to 0x80000000 In order to prevent arithmetic overflows when checking the TX buffer size, cap the associated data length to 0x80000000...

5.7AI score0.0014EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38844

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix error cleanup in xeexecqueuecreateioctl Two error handling issues exist in xeexecqueuecreateioctl: 1. When xehwenginegroupaddexecqueue fails, the error path jumps to putexecqueue which skips xeexecqueuekill. If the VM...

5.8AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38850

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...

5.7AI score0.00543EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•3 views

EUVD-2026-38852

In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: fix queue limit check to include reordered packets The queue limit check in netemenqueue uses q-tlen which only counts packets in the internal tfifo. Packets placed in sch-q by the reorder path qdiscenqueuehead...

5.7AI score0.00184EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38838

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: fix missing expect put in obj eval nftctexpectobjeval allocates an expectation and may call nfctexpectrelated, but never drops its local reference. Add nfctexpectputexp before return to balance allocation...

5.7AI score0.00184EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38856

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: join hook list via splicelistrcu in commit phase Publish new hooks in the list into the basechain/flowtable using splicelistrcu to ensure netlink dump list traversal via rcu is safe while concurrent ruleset...

5.7AI score0.00122EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38862

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix MSGZEROCOPY pinned-pages accounting virtiotransportinitzcopyskb uses iter-count as the size argument for msgzerocopyrealloc, which in turn passes it to mmaccountpinnedpages for RLIMITMEMLOCK accounting. However,...

5.7AI score0.00173EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38818

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

5.7AI score0.00132EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38827

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...

5.9AI score0.00093EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38833

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure When ttmttswapout fails, the current code calls ttmresourceaddbulkmove followed by ttmresourcemovetolrutail to restore the resource's bulkmove membership. However,...

5.8AI score0.00167EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38814

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sendsigio and sendsigurg when a process group receives a signal. When FASYNC is configured for a proces...

5.8AI score0.00612EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38828

In the Linux kernel, the following vulnerability has been resolved: ceph: put folios not suitable for writeback The batch holds references to the folios see filemapgetfolios, foliobatchrelease, so we need to folioput the folios we remove. Tested on v6.18...

5.8AI score0.00359EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38834

In the Linux kernel, the following vulnerability has been resolved: drm: Replace old pointer to new idr Commit 5e28b7b94408 introduced a logical error by failing to replace the newly generated IDR pointer to old id's pointer at the correct location within the "change handle" logic; this resulted ...

5.8AI score0.00186EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38835

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlinkdata On 32-bit architectures, the infinite loop is as follows: len = p-ErrorDataLength == 0xfffffff8 u8 next = p-ErrorContextData + len next == p On 32-bit...

5.7AI score0.00398EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•3 views

EUVD-2026-38819

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by the attach, before the actual full bo init step in xedmabufinitobj...

6AI score0.00132EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38824

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in cephxdecrypt In cephxdecrypt, a part of the buffer p is interpreted as a cephxencryptheader, and the magic field of this struct is accessed. This happens without any guarantee that t...

5.9AI score0.00359EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38829

In the Linux kernel, the following vulnerability has been resolved: ceph: fix BUGON in cephbuildxattrsblob due to stale blob size The generic/642 test-case can reproduce the kernel crash: 40243.605254 ------------ cut here ------------ 40243.605956 kernel BUG at fs/ceph/xattr.c:918! 40243.607142...

5.7AI score0.00198EPSS
Exploits0References5
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•3 views

EUVD-2026-38836

In the Linux kernel, the following vulnerability has been resolved: KVM: s390: pci: fix GAIT table indexing due to double-scaling pointer arithmetic kvms390pciaifenable, kvms390pciaifdisable, and aenhostforward index the GAIT by manually multiplying the index with sizeofstruct zpcigaite. Since...

5.7AI score0.0018EPSS
Exploits0References7
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38820

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARNON in iommugroupsetdomainnofail due to reset In iommugroupsetdomaininternal, concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments ...

5.7AI score0.00131EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•3 views

EUVD-2026-38832

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading...

5.7AI score0.00175EPSS
Exploits0References6
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38826

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in osdmapdecode When decoding osdstate and osdweight from an incoming osdmap in osdmapdecode, both are decoded for each osd, i.e., map-maxosd times. The cephdecodeneed check only accoun...

5.7AI score0.00544EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38830

In the Linux kernel, the following vulnerability has been resolved: ceph: fix a buffer leak in cephsetxattr The oldblob in cephsetxattr can store ci-ixattrs.preallocblob value during the retry. However, it is never called the cephbufferput for the oldblob object. This patch fixes the issue of the...

6AI score0.00184EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38999

Missing Authentication for Critical Function CWE-306 in the RegisterView apps/accounts/views.py, exposed at POST /api/auth/register/, in MailerUp 1.0.1 allows a remote, unauthenticated attacker to self-register a working account on instances where registration is intended to be restricted, becaus...

8.8CVSS6AI score0.00406EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38821

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 1 SMP NOPTI Call Trace: dorawspinlock+0xaa/0x...

5.7AI score0.00133EPSS
Exploits0References4
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38817

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttmboshrink infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad "drm/ttm: Fix ttmboswapout infinite LRU walk on swapout failure" to the ttmboshrink path. Move delbulkmove from before the backup to...

5.8AI score0.00162EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38825

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential null-ptr-deref in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. When decoding this CRUSH map in crushdecode, an array of maxbuckets CRUSH buckets is...

5.7AI score0.0053EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38823

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...

5.8AI score0.00377EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•3 views

EUVD-2026-38822

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decodechooseargs A message of type CEPHMSGOSDMAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain chooseargs that get decoded in...

5.7AI score0.0053EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38831

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI endpoint descriptor scans sndusbmidigetmsinfo validates the internal MIDIStreaming endpoint descriptor size before using baAssocJackID, but the descriptor walker can still return a class-specific...

5.7AI score0.00184EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38837

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

5.7AI score0.00147EPSS
Exploits0References8
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38815

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtrportremove In qrtrportremove, the socket reference count is decremented via sockput before the port is removed from the qrtrports XArray and before the RCU grace period...

5.7AI score0.00135EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38816

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2CTIMEOUT ioctl While fuzzing with Syzkaller, a persistent scheduletimeout: wrong timeout value warning was observed, accompanied by SMBus controller state machine corruption. The I2CTIMEOUT...

5.8AI score0.00185EPSS
Exploits0References9
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38797

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESHBEDLEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices. Attackers can send a single...

9.1CVSS5.9AI score0.00542EPSS
Exploits1References5
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38801

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The userdefinedfunction.body field of an OnDemandFeatureView spec is decoded from...

9.8CVSS6.8AI score0.00862EPSS
Exploits1References5
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•4 views

EUVD-2026-38813

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...

5.8AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•9 views

EUVD-2026-38809

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References2
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38803

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38808

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38805

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38800

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38802

A Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38799

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer...

4.8CVSS5.8AI score0.00239EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•7 views

EUVD-2026-38807

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•6 views

EUVD-2026-38798

A Reflected Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component...

5.1CVSS5.8AI score0.00268EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38806

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component...

4.6CVSS5.9AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:32 p.m.•5 views

EUVD-2026-38796

A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.getavatar function...

4.6CVSS5.8AI score0.00256EPSS
Exploits0References3
EUVD
EUVD
•added 2026/06/24 6:23 p.m.•6 views

EUVD-2026-39031

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context of a logged-in Administrative user, resulting in numerous potential issues. The Client header durin...

5.7CVSS6.1AI score0.00194EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 6:22 p.m.•4 views

EUVD-2026-39030

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal SubtitleEncoder.cs, line 382 interpolates the subtitle file path into FFmpeg...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References1
EUVD
EUVD
•added 2026/06/24 6:21 p.m.•3 views

EUVD-2026-39029

Jellyfin is an open source self hosted media server. Prior to 10.11.10, a specifically crafted MKV file containing forged filename tags can be leveraged to exploit missing path sanitization during playback. Jellyfin treats the MKV file name tag on MKV attachments as trusted and passes it...

6.3CVSS5.9AI score0.00258EPSS
Exploits0References1
Total number of security vulnerabilities418139