Search Results (23108 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47149 1 Silicon Labs 1 Emberznet 2026-06-26 N/A
In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.
CVE-2026-47154 1 Silicon Labs 1 Emberznet 2026-06-26 N/A
In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.
CVE-2026-57235 1 Sparklemotion 1 Nokogiri 2026-06-26 5.9 Medium
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.
CVE-2026-57436 1 Sparklemotion 1 Nokogiri 2026-06-26 3.7 Low
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. This vulnerability is fixed in 1.19.4.
CVE-2026-12844 1 Drolsky 1 List::someutils::xs 2026-06-26 7.5 High
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.
CVE-2026-56766 1 Vanhauser-thc 1 Thc-hydra 2026-06-26 8.8 High
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an excessively long domain string, causing base64-encoded response data to overflow a 500-byte stack buffer by 18 to 330 bytes, enabling remote code execution on systems without stack protection.
CVE-2026-56770 1 Schwehr 1 Libais 2026-06-26 7.5 High
libais through 0.15 VdmStream::AddLine uses an unchecked sentinel value as a vector index when processing AIS sentences with empty or out-of-range sequential message IDs. Remote attackers can crash services or vessel systems by sending crafted AIVDM sentences over VHF marine radio or IP feeds, causing out-of-bounds memory access and potential corruption.
CVE-2026-56789 1 Tomojitakasu 1 Rtklib 2026-06-26 6.5 Medium
RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.
CVE-2026-45441 2 Magepeopleteam, Wordpress 2 Wpevently, Wordpress 2026-06-26 7.5 High
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
CVE-2026-49078 2 Wordpress, Wptravelengine 2 Wordpress, Wp Travel Engine 2026-06-26 7.5 High
Unauthenticated Other Vulnerability Type in WP Travel Engine <= 6.7.10 versions.
CVE-2026-46752 1 Apache 1 Kvrocks 2026-06-26 N/A
Redis Lua HEAP overflow in cjson library vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.0.4 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
CVE-2026-9088 1 Redhat 2 Build Keycloak, Build Of Keycloak 2026-06-26 2.7 Low
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This allows the administrator to view user attributes that are explicitly configured to be denied, leading to information disclosure.
CVE-2026-9803 1 Redhat 3 Build Keycloak, Build Of Keycloak, Keycloak 2026-06-26 5.3 Medium
A flaw was found in Keycloak's ClientRegistrationAuth component. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted POST request with a malformed 'Authorization: Bearer' header to any client registration endpoint. This can lead to an ArrayIndexOutOfBoundsException, causing the server to return an HTTP 500 error and resulting in a Denial of Service (DoS) for the affected service.
CVE-2026-9801 1 Redhat 2 Build Keycloak, Build Of Keycloak 2026-06-26 4.9 Medium
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a malformed LDAP password policy response during a password authentication request, the attacker can trigger an OutOfMemoryError. This causes the Keycloak Java Virtual Machine (JVM) to terminate, leading to a denial of service (DoS) for all realms on the affected node.
CVE-2026-9704 1 Redhat 2 Build Keycloak, Build Of Keycloak 2026-06-26 6.8 Medium
A flaw was found in Keycloak. An authenticated user with low privileges can exploit this vulnerability by sending an oversized subject_token JSON Web Token (JWT) to the TokenEndpoint. When the token exceeds a 4000-character limit, it is silently dropped, causing the system to fall back to client credentials. This allows the user to gain the permissions of the client's service account, leading to privilege escalation.
CVE-2026-47729 1 Squid-cache 1 Squid 2026-06-26 6.5 Medium
A flaw was found in Squid. Due to improper input validation, an out-of-bounds read can occur in the FTP gateway. This issue allows an authenticated and trusted client to read memory from random transactions when accessing a misbehaving FTP server using the Squid gateway feature.
CVE-2026-50012 1 Squid-cache 1 Squid 2026-06-26 5.5 Medium
A flaw was found in Squid. Due to improper input validation, a heap-based buffer overflow can occur when processing cache digests. This issue allows a trusted server to cause a denial of service when sending specially crafted replies to cache_digest request messages.
CVE-2026-52964 1 Linux 1 Linux Kernel 2026-06-26 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Bound MIDI 2.0 endpoint descriptor scans The USB MIDI 2.0 endpoint parser has the same descriptor walking pattern as the legacy MIDI parser. It validates bLength against bNumGrpTrmBlock before reading baAssoGrpTrmBlkID[], but not against the remaining bytes in the endpoint-extra scan. A malformed device can therefore make later baAssoGrpTrmBlkID[] reads consume bytes past the walked descriptor. Reject zero-length and overlong descriptors while walking endpoint extras.
CVE-2026-53074 1 Linux 1 Linux Kernel 2026-06-26 6.4 Medium
In the Linux kernel, the following vulnerability has been resolved: bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb bpf_prog_test_run_skb() calls eth_type_trans() first and then uses skb->protocol to initialize sk family and address fields for the test run. For IPv4 and IPv6 packets, it may access ip_hdr(skb) or ipv6_hdr(skb) even when the provided test input only contains an Ethernet header. Reject the input earlier if the Ethernet frame carries IPv4/IPv6 EtherType but the L3 header is too short. Fold the IPv4/IPv6 header length checks into the existing protocol switch and return -EINVAL before accessing the network headers.
CVE-2026-54092 1 Filebrowser 1 Filebrowser 2026-06-26 6.5 Medium
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing, crashes, heavily lags any container created, and has even made my docker daemon start to send errors with status code 500 even after the container was destroyed. This vulnerability is fixed in 2.63.6.