Lucene search
K
FreebsdRecent

6577 matches found

FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•8 views

Mozilla -- Incorrect boundary conditions

https://bugzilla.mozilla.org/showbug.cgi?id=2022554 reports: Incorrect boundary conditions in the Graphics: WebGPU component...

8.8CVSS5.9AI score0.00304EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•10 views

Mozilla -- Memory safety bugs

Mozilla reports: Memory safety bugs present in Firefox ESR, Firefox ESR , Thunderbird ESR, and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code...

9.8CVSS6AI score0.0034EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•7 views

Mozilla -- Incorrect boundary conditions, integer overflow

https://bugzilla.mozilla.org/showbug.cgi?id=2017867 reports: Incorrect boundary conditions, integer overflow in the Graphics: Text component...

8.8CVSS5.9AI score0.0035EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•21 views

chromium -- security fixes

Chrome Releases reports: This update includes multiple security fixes: Critical: CVE-2026-5858: Heap buffer overflow in WebML. CVE-2026-5859: Integer overflow in WebML. High: CVE-2026-5860: Use after free in WebRTC. CVE-2026-5861: Use after free in V8. CVE-2026-5862: Inappropriate implementation ...

9.8CVSS7.5AI score0.00608EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•8 views

gstreamer1 -- multiple vulnerabilities

The GStreamer project reports multiple security vulnerabilities fixed in the 1.28.2 release: Several security vulnerabilities were addressed, including: H.264 video parser NULL pointer dereference when freeing SPS/MVC data. Integer overflows in the AV1 LEB128 parser, H.266/VVC video parser, and W...

9.1CVSS7.6AI score0.00208EPSS
Exploits0References10
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•11 views

Mozilla -- Memory safety bugs

https://bugzilla.mozilla.org/buglist.cgi?bugid=2022369%2C2023026%2C2023545%2C2023555%2C2023958%2C2025422%2C2025468%2C2025492%2C2025505 reports: Memory safety bugs present in Firefox ESR 140.9.0, Thunderbird ESR 140.9.0, Firefox 149.0.1 and Thunderbird 149.0.1. Some of these bugs showed evidence o...

9.8CVSS6AI score0.00329EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/04/07 12:0 a.m.•6 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Seven vulnerabilities in OpenSSL library. Highest classification Moderate...

9.8CVSS5.9AI score0.00981EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/04/06 12:0 a.m.•20 views

python -- more webbrowser.open() command injection vulnerabilities

Seth Larson reports: CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open There is a HIGH severity vulnerability affecting CPython. Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypasse...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2026/04/04 12:0 a.m.•11 views

py-strawberry-graphql -- Multiple vulnerabilities

The Strawberry GraphQL project reports: Strawberry up until version 0.312.3 is vulnerable to an authentication bypass on WebSocket subscription endpoints. The legacy graphql-ws subprotocol handler does not verify that a 'connectioninit' handshake has been completed before processing start...

7.5CVSS5.6AI score0.00424EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2026/04/04 12:0 a.m.•5 views

powerdns-recursor -- vulnerabilities

PowerDNS Team reports: CVE-2026-3361: ZoneToCache can poison the cache CVE-2026-40012: Information about ECS zero scoped answers might leak to clients that use a specific ECS CVE-2026-42005: Unbounded resource consumption in internal webserver CVE-2026-42387: Insufficient input validation in...

6.4CVSS5.8AI score0.00479EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/31 12:0 a.m.•8 views

chromium -- security fixes

Chrome Releases reports: This update includes 21 security fixes: 493952652 High CVE-2026-5273: Use after free in CSS. Reported by Anonymous on 2026-03-18 491732188 High CVE-2026-5272: Heap buffer overflow in GPU. Reported by inspector-ambitious on 2026-03-11 488596746 High CVE-2026-5274: Integer...

9.6CVSS6.2AI score0.05036EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/31 12:0 a.m.•5 views

DNSdist -- vulnerabilities

https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html reports: CVE-2026-0396: HTML injection in the web dashboard CVE-2026-0397: Information disclosure via CORS misconfiguration CVE-2026-24028: Out-of-bounds read when parsing DNS packets via Lua CVE-2026-24029: DN...

8.2CVSS5.8AI score0.01028EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/31 12:0 a.m.•9 views

Mbed TLS -- vulnerabilities

https://mbed-tls.readthedocs.io/en/latest/security-advisories/ reports: Client impersonation while resuming a TLS 1.3 session CVE-2026-34873 Entropy on Linux can fall back to /dev/urandom CVE-2026-34871 PSA random generator cloning CVE-2026-25835 Compiler-induced constant-time violations...

9.8CVSS5.9AI score0.00426EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/30 12:0 a.m.•6 views

MongoDB Server -- CWE-617: Reachable Assertion

https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/29 12:0 a.m.•8 views

Roundcube -- SVG Attribute Bypass

The Roundcube project reports:...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/27 12:0 a.m.•12 views

Grafana -- Public dashboards discloses all direct mode datasources

https://grafana.com/security/security-advisories/cve-2026-27877 reports: When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-source...

7.5CVSS5.8AI score0.00309EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/27 12:0 a.m.•10 views

Grafana -- OpenFeature evaluation API reads input data with no bounds

https://grafana.com/security/security-advisories/cve-2026-27880 reports: The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes...

7.5CVSS6AI score0.00772EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/27 12:0 a.m.•9 views

Grafana -- Query resampling can cause unbounded memory allocations

https://grafana.com/security/security-advisories/cve-2026-27879 reports: A resample query can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/27 12:0 a.m.•12 views

Grafana -- Grafana Testdata datasource can issue unbounded memory allocations

https://grafana.com/security/security-advisories/cve-2026-28375 reports: A testdata data-source can be used to trigger out-of-memory crashes in Grafana...

6.5CVSS5.8AI score0.00376EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/27 12:0 a.m.•9 views

Grafana -- RCE on Grafana via sqlExpressions

https://grafana.com/security/security-advisories/cve-2026-27876 reports: A chained attack via SQL Expressions and a Grafana Enterprise plugin can lead to a remote arbitrary code execution impact RCE. This is enabled by a feature in Grafana OSS, so all users are always recommended to update to avo...

9.1CVSS6.6AI score0.01929EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/26 12:0 a.m.•12 views

openexr -- multiple vulnerabilities

Cary Phillips reports: OpenEXR 3.4.9 addresses the following CVEs: CVE-2026-34589 DWA Lossy Decoder Heap Out-of-Bounds Write CVE-2026-34588 Signed 32-bit Overflow in PIZ Decoder Leads to OOB Read/Write CVE-2026-34380 Signed integer overflow undefined behavior in undopxr24impl may allow bounds-che...

8.8CVSS5.9AI score0.00482EPSS
Exploits5References2
FreeBSD
FreeBSD
•added 2026/03/26 12:0 a.m.•7 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-33433 BasicAuth/DigestAuth Identity Spoofing via Non-Canonical headerField CVE-2026-33186 authorization bypass via missing leading slash in :path...

9.1CVSS5.8AI score0.01557EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2026/03/26 12:0 a.m.•9 views

Grafana -- Grafana MSSQL Data Source Plugin: Restriction Bypass Leading to OOM DoS

https://grafana.com/security/security-advisories/cve-2026-33375 reports: The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user Viewer to bypass API restrictions and trigger a catastrophic Out-Of-Memory OOM memory exhaustion, crashing the host container...

6.5CVSS5.8AI score0.00434EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/25 12:0 a.m.•7 views

FreeBSD -- pf silently ignores certain rules

Problem Description: A regression in the way hashes were calculated caused rules containing the address range syntax x.x.x.x - y.y.y.y that only differ in the address ranges involved to be silently dropped as duplicates. Only the first of such rules is actually loaded into pf. Ranges expressed...

5.8AI score0.0025EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/25 12:0 a.m.•4 views

FreeBSD -- Remote denial of service via null pointer dereference

Problem Description: On a system exposing an NVMe/TCP target, a remote client can trigger a kernel panic by sending a CONNECT command for an I/O queue with a bogus or stale CNTLID. Impact: An attacker with network access to the NVMe/TCP target can trigger an unauthenticated Denial of Service...

7.5CVSS5.9AI score0.00367EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/25 12:0 a.m.•12 views

Gitlab -- vulnerabilities

Gitlab reports: Improper Handling of Parameters issue in Jira Connect installations impacts GitLab CE/EE Cross-Site Request Forgery issue in GLQL API impacts GitLab CE/EE HTML Injection in vulnerability report impacts GitLab EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Improper...

8.8CVSS5.9AI score0.00478EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/25 12:0 a.m.•7 views

FreeBSD -- TCP: remotely exploitable DoS vector (mbuf leak)

Problem Description: When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. Impact: If an attacker is either on path with an established TCP...

7.5CVSS5.7AI score0.01121EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/25 12:0 a.m.•8 views

FreeBSD -- Remote code execution via RPCSEC_GSS packet validation

Problem Description: Each RPCSECGSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notabl...

8.8CVSS6.8AI score0.01915EPSS
Exploits3
FreeBSD
FreeBSD
•added 2026/03/25 12:0 a.m.•9 views

dnsmasq -- multiple vulnerabilities

Simon Kelley reports: Today, 11th May 2026 CERT is releasing a set of six CVEs for serious security vulnerabilities in dnsmasq. These are all long-standing bugs which apply to pretty much all non-ancient versions. Christopher Cullen and Molly Jaconski write, in Vulnerability Note VU471747:...

8.8CVSS6.3AI score0.07237EPSS
Exploits4References2
FreeBSD
FreeBSD
•added 2026/03/24 12:0 a.m.•7 views

(lib)tiff -- Integer Overflow or Wraparound

PrymEvol and Quang Luong reports: A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrec...

7.8CVSS6.1AI score0.00553EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/24 12:0 a.m.•8 views

Mozilla -- Multiple vulnerabilities

CVE-2026-4688: Sandbox escape due to use-after-free in Disability Access APIs. CVE-2026-4695: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4697: Incorrect boundary conditions in the Audio/Video: Web Codecs component. CVE-2026-4700: Mitigation bypass in the...

10CVSS7.3AI score0.00687EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/24 12:0 a.m.•10 views

Mozilla -- Multiple vulnerabilities

CVE-2026-4721: Memory safety bugs. Potential arbitrary code execution. CVE-2026-4709: Incorrect boundary conditions in the Audio/Video: GMP component. CVE-2026-4707: Incorrect boundary conditions in the Graphics: Canvas2D component. CVE-2026-4706: Incorrect boundary conditions in the Graphics:...

10CVSS7.4AI score0.00773EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/24 12:0 a.m.•7 views

Mozilla -- Multiple vulnerabilities

CVE-2026-4729: Memory safety bugs CVE-2026-4728: Spoofing issue in the Privacy: Anti-Tracking component. CVE-2026-4727: Denial-of-service in the Libraries component in NSS. CVE-2026-4726: Denial-of-service in the XML component. CVE-2026-4725: Sandbox escape due to use-after-free in the Graphics:...

10CVSS5.8AI score0.0053EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/03/23 12:0 a.m.•9 views

Python -- configparser vulnerable to excessive CPU use

Stan Ulbrych reports: configparser.RawConfigParser.OPTCRE,OPTCRENV regexes are vulnerable to quadratic backtracking...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/23 12:0 a.m.•8 views

chromium -- security fixes

Chrome Releases reports: This update includes 8 security fixes: 485397284 High CVE-2026-4673: Heap buffer overflow in WebAudio. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on 2026-02-18 488188166 High CVE-2026-4674: Out of bounds read in CSS. Reported by Syn4pse on 2026-02-27 488270257 High...

8.8CVSS6AI score0.00504EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/20 12:0 a.m.•14 views

Python -- The webbrowser.open() API allows leading dashes

https://github.com/python/cpython/pull/143931 reports: The webbrowser.open API would accept leading dashes in the URL which could be handled as command line options for certain web browsers. New behavior rejects leading dashes. Users are recommended to sanitize URLs prior to passing to...

7.1CVSS5.8AI score0.00308EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/20 12:0 a.m.•8 views

Python -- HTTP proxy CONNECT tunnel does not sanitize CR/LF

Seth Larson reports: HTTP proxy via "CONNECT" tunneling doesn't sanitize CR/LF CVE-2026-1502...

5.7CVSS5.8AI score0.00562EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/19 12:0 a.m.•10 views

UniFi Network Application - Multiple vulnerabilities

https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b reports: An Authenticated NoSQL Injection vulnerability found in UniFi Network Application could allow a malicious actor with authenticated access to the network to escalate privileges. A...

10CVSS5.7AI score0.15601EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2026/03/19 12:0 a.m.•9 views

traefik -- Multiple vulnerabilities

The traefik project releases a new version addressing multiple CVEs: CVE-2026-32595 BasicAuth Middleware Timing Attack CVE-2026-32305 Potential mTLS Bypass via Fragmented TLS ClientHello CVE-2026-32695 Details not yet available...

8.3CVSS5.8AI score0.00463EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/03/18 12:0 a.m.•5 views

nghttp2 -- CWE-617: Reachable Assertion

https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6 reports: nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API nghttp2sessionterminatesessi...

7.5CVSS5.9AI score0.00775EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/18 12:0 a.m.•18 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/18 12:0 a.m.•11 views

chromium -- security fixes

Chrome Releases reports: This update includes 26 security fixes: 475877320 Critical CVE-2026-4439: Out of bounds memory access in WebGL. Reported by Goodluck on 2026-01-15 485935305 Critical CVE-2026-4440: Out of bounds read and write in WebGL. Reported by c6eed09fc8b174b0f3eebedcceb1e792 on...

8.8CVSS6.2AI score0.00415EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/03/18 12:0 a.m.•6 views

jenkins -- multiple vulnerabilities

Jenkins Security Advisory 2026-03-18: SECURITY-3657 / CVE-2026-33001: Arbitrary file write vulnerability through specially crafted archives in Jenkins High SECURITY-3674 / CVE-2026-33002: DNS rebinding vulnerability in WebSocket CLI origin validation in Jenkins High...

8.8CVSS6AI score0.01161EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/13 12:0 a.m.•9 views

OpenSSL -- key agreement vulnerability

The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group Low An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword...

6.5CVSS5.8AI score0.00435EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/13 12:0 a.m.•7 views

chromium -- security fix

Chrome Releases reports: This update includes 1 security fix: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google Threat Analysis Group on 2026-03-10...

8.8CVSS5.8AI score0.01629EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/03/12 12:0 a.m.•12 views

chromium -- security fixes

Chrome Releases reports: This update includes 2 security fixes: 491421267 High CVE-2026-3909: Out of bounds write in Skia. Reported by Google on 2026-03-10 491410818 High CVE-2026-3910: Inappropriate implementation in V8. Reported by Google on 2026-03-10...

8.8CVSS5.8AI score0.02EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2026/03/11 12:0 a.m.•12 views

curl -- Multiple vulnerabilties

The curl project reports: use after free in SMB connection reuse wrong proxy connection reuse with credentials token leak with redirect and netrc bad reuse of HTTP Negotiate connection...

7.5CVSS5.8AI score0.00715EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2026/03/11 12:0 a.m.•12 views

Gitlab -- vulnerabilities

Gitlab reports: Cross-site Scripting issue in Markdown placeholder processing impacts GitLab CE/EE Denial of Service issue in GraphQL API impacts GitLab CE/EE Denial of Service issue in repository archive endpoint impacts GitLab CE/EE Denial of Service issue in protected branches API impacts GitL...

8.7CVSS5.8AI score0.00523EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/10 12:0 a.m.•7 views

chromium -- security fixes

Chrome Releases reports: This update includes 29 security fixes: 483445078 Critical CVE-2026-3913: Heap buffer overflow in WebML. Reported by Tobias Wienand on 2026-02-10 481776048 High CVE-2026-3914: Integer overflow in WebML. Reported by cinzinga on 2026-02-04 483971526 High CVE-2026-3915: Heap...

9.6CVSS6AI score0.00417EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/10 12:0 a.m.•3 views

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2018400 reports: Same-origin policy bypass in the CSS Parsing and Computation component...

6.5CVSS5.8AI score0.00112EPSS
Exploits0References1
Total number of security vulnerabilities6577