Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-47783

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-20 May, 2026 | 05:43
Updated At-30 Jun, 2026 | 12:10
Rejected At-
Credits

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:20 May, 2026 | 05:43
Updated At:30 Jun, 2026 | 12:10
Rejected At:
▼CVE Numbering Authority (CNA)

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

Affected Products
Vendor
memcached
Product
memcached
Default Status
unaffected
Versions
Affected
  • From 0 before 1.6.42 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-208CWE-208 Observable Timing Discrepancy
Type: CWE
CWE ID: CWE-208
Description: CWE-208 Observable Timing Discrepancy
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
N/A
https://github.com/memcached/memcached/compare/1.6.41...1.6.42
N/A
https://github.com/memcached/memcached/wiki/ReleaseNotes1642
N/A
Hyperlink: https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
Resource: N/A
Hyperlink: https://github.com/memcached/memcached/compare/1.6.41...1.6.42
Resource: N/A
Hyperlink: https://github.com/memcached/memcached/wiki/ReleaseNotes1642
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
2. memcached: memcached: Username enumeration via timing side channel

A flaw was found in memcached. A remote attacker can exploit a timing side channel during Simple Authentication and Security Layer (SASL) password database authentication. This vulnerability allows an attacker to observe subtle timing differences, which could be used to enumerate valid usernames.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 10)
CPEs
  • cpe:/o:redhat:enterprise_linux:10.2
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux AppStream (v. 9)
CPEs
  • cpe:/a:redhat:enterprise_linux:9::appstream
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 6
CPEs
  • cpe:/o:redhat:enterprise_linux:6
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 7
CPEs
  • cpe:/o:redhat:enterprise_linux:7
Default Status
affected
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Enterprise Linux 8
CPEs
  • cpe:/o:redhat:enterprise_linux:8
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-208Observable Timing Discrepancy
Type: CWE
CWE ID: CWE-208
Description: Observable Timing Discrepancy
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

RHSA-2026:27842: Red Hat Enterprise Linux AppStream (v. 10)

RHSA-2026:27862: Red Hat Enterprise Linux AppStream (v. 9)

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Reported to Red Hat.2026-05-20 07:00:55
Made public.2026-05-20 05:43:46
Event: Reported to Red Hat.
Date: 2026-05-20 07:00:55
Event: Made public.
Date: 2026-05-20 05:43:46
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/security/cve/CVE-2026-47783
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2480089
issue-tracking
x_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json
x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:27842
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:27862
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-47783
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2480089
Resource:
issue-tracking
x_refsource_REDHAT
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json
Resource:
x_sadp-csaf-vex
Hyperlink: https://access.redhat.com/errata/RHSA-2026:27842
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:27862
Resource:
vendor-advisory
x_refsource_REDHAT
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:20 May, 2026 | 07:16
Updated At:30 Jun, 2026 | 03:20

In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.1HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

memcached
memcached
>>memcached>>Versions before 1.6.42(exclusive)
cpe:2.3:a:memcached:memcached:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-208Primarycve@mitre.org
CWE-208Secondary0b0ca135-0b70-47e7-9f44-1890c2a1c46c
CWE ID: CWE-208
Type: Primary
Source: cve@mitre.org
CWE ID: CWE-208
Type: Secondary
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fedcve@mitre.org
Patch
https://github.com/memcached/memcached/compare/1.6.41...1.6.42cve@mitre.org
Release Notes
https://github.com/memcached/memcached/wiki/ReleaseNotes1642cve@mitre.org
Release Notes
https://access.redhat.com/errata/RHSA-2026:278420b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/errata/RHSA-2026:278620b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://access.redhat.com/security/cve/CVE-2026-477830b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=24800890b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json0b0ca135-0b70-47e7-9f44-1890c2a1c46c
N/A
Hyperlink: https://github.com/memcached/memcached/commit/d13f282b4bce33a9c33b8a1bbf07f12114160fed
Source: cve@mitre.org
Resource:
Patch
Hyperlink: https://github.com/memcached/memcached/compare/1.6.41...1.6.42
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://github.com/memcached/memcached/wiki/ReleaseNotes1642
Source: cve@mitre.org
Resource:
Release Notes
Hyperlink: https://access.redhat.com/errata/RHSA-2026:27842
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:27862
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-47783
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2480089
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A
Hyperlink: https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-47783.json
Source: 0b0ca135-0b70-47e7-9f44-1890c2a1c46c
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

72Records found

CVE-2026-24660
Matching Score-8
Assigner-Talos
ShareView Details
Matching Score-8
Assigner-Talos
CVSS Score-8.1||HIGH
EPSS-0.56% / 42.69%
||
7 Day CHG+0.10%
Published-07 Apr, 2026 | 13:49
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

Action-Not Available
Vendor-librawLibRawRed Hat, Inc.
Product-librawLibRawRed Hat Enterprise Linux CRB (v. 8)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux 6
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2026-22853
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.66% / 47.13%
||
7 Day CHG+0.18%
Published-14 Jan, 2026 | 17:46
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
FreeRDP has a heap-buffer-overflow in ndr_read_uint8Array

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, RDPEAR’s NDR array reader does not perform bounds checking on the on‑wire element count and can write past the heap buffer allocated from hints, causing a heap buffer overflow in ndr_read_uint8Array. This vulnerability is fixed in 3.20.1.

Action-Not Available
Vendor-Red Hat, Inc.FreeRDP
Product-freerdpFreeRDPRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux CodeReady Linux Builder (v. 10)Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8Red Hat Enterprise Linux CodeReady Linux Builder EUS (v. 10.0)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-6387
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-99.51% / 99.94%
||
7 Day CHG~0.00%
Published-01 Jul, 2024 | 12:37
Updated-12 May, 2026 | 12:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openssh: regresshion - race condition in ssh allows rce/dos

A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period.

Action-Not Available
Vendor-amazonalmalinuxFreeBSD FoundationApple Inc.SonicWall Inc.Canonical Ltd.NetApp, Inc.OpenBSDSiemens AGSUSERed Hat, Inc.Debian GNU/LinuxNetBSDArista Networks, Inc.
Product-ontap_select_deploy_administration_utilitysma_6210_firmwarea150_firmware8300enterprise_linux_for_ibm_z_systemsa700sopensshenterprise_linux_for_arm_64_eussma_7210a9500_firmwarea800linux_enterprise_microa220_firmwarea400_firmwareenterprise_linux_for_power_little_endian_eusc800_firmwarea90_firmwarealmalinuxa9500a1k_firmwarefas2820sra_ex_7000_firmwareenterprise_linux_for_power_little_endiana250_firmwarea150enterprise_linux_server_aussra_ex_7000500f8700_firmwarea90sma_6210fas2750fas2820_firmwarea900_firmware500f_firmware8300_firmwaresma_7210_firmwarec800sma_8200v_firmwarefas2720openshift_container_platforme-series_santricity_os_controlleramazon_linuxubuntu_linuxc250enterprise_linux_for_arm_64eosbootstrap_osontapsma_6200_firmwarea1kmacosa70_firmwarefas2720_firmwareactive_iq_unified_managerfas2750_firmwaresma_7200_firmwarec400_firmwarehci_compute_nodea800_firmwarec250_firmwareenterprise_linux_eussma_7200c190debian_linuxfreebsda400a250c190_firmwarea700s_firmwaresma_8200vnetbsd8700enterprise_linux_for_ibm_z_systems_eusc400sma_6200a220ontap_toolsa70a900enterprise_linuxRed Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4.13Red Hat OpenShift Container Platform 4.15Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Ceph Storage 5Red Hat OpenShift Container Platform 4.14Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Ceph Storage 7Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Ceph Storage 6SIPLUS S7-1500 CPU 1518-4 PN/DP MFPIndustrial Edge Management OS (IEM-OS)SIMATIC S7-1500 CPU 1518F-4 PN/DP MFPSIMATIC S7-1500 CPU 1518-4 PN/DP MFPSINEMA Remote Connect ServerSINUMERIK ONESINAMICS IIoT module
CWE ID-CWE-364
Signal Handler Race Condition
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-12328
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.48% / 37.69%
||
7 Day CHG+0.03%
Published-16 Jun, 2026 | 11:53
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-12326
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.25% / 16.30%
||
7 Day CHG-0.04%
Published-16 Jun, 2026 | 11:52
Updated-30 Jun, 2026 | 03:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox 152 and Thunderbird 152

Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 6
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-825
Expired Pointer Dereference
CVE-2026-0545
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-8
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-8.1||HIGH
EPSS-4.39% / 90.13%
||
7 Day CHG+0.42%
Published-03 Apr, 2026 | 17:03
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing Authentication for Critical Function in mlflow/mlflow

In mlflow/mlflow, the FastAPI job endpoints under `/ajax-api/3.0/jobs/*` are not protected by authentication or authorization when the `basic-auth` app is enabled. This vulnerability affects the latest version of the repository. If job execution is enabled (`MLFLOW_SERVER_ENABLE_JOB_EXECUTION=true`) and any job function is allowlisted, any network client can submit, read, search, and cancel jobs without credentials, bypassing basic-auth entirely. This can lead to unauthenticated remote code execution if allowed jobs perform privileged actions such as shell execution or filesystem changes. Even if jobs are deemed safe, this still constitutes an authentication bypass, potentially resulting in job spam, denial of service (DoS), or data exposure in job results.

Action-Not Available
Vendor-lfprojectsmlflowRed Hat, Inc.
Product-mlflowmlflow/mlflowRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2024-5564
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.17% / 63.47%
||
7 Day CHG~0.00%
Published-31 May, 2024 | 18:31
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libndp: buffer overflow in route information length field

A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.0 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat Enterprise Linux 7 Extended Lifecycle SupportRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.6 Update Services for SAP SolutionsRed Hat Enterprise Linux 8.6 Telecommunications Update ServiceRed Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-51427
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.3||HIGH
EPSS-0.53% / 40.80%
||
7 Day CHG+0.16%
Published-19 May, 2026 | 00:00
Updated-30 Jun, 2026 | 03:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in ModelScope 1.25.0 allowing attackers to execute arbitrary code via crafted module listed in the configuration file (dey_mini.yaml) under the key ['nnet']['module'].

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-n/aRed Hat OpenShift AI (RHOAI)
CWE ID-CWE-502
Deserialization of Untrusted Data
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2023-32254
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.94% / 85.41%
||
7 Day CHG~0.00%
Published-10 Jul, 2023 | 15:11
Updated-13 Feb, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tree connection race condition remote code execution vulnerability

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.

Action-Not Available
Vendor-n/aRed Hat, Inc.Linux Kernel Organization, IncNetApp, Inc.Fedora Project
Product-linux_kernelh500shci_management_nodeh410sh300sh700sRed Hat Enterprise Linux 6kernelRed Hat Enterprise Linux 7FedoraRed Hat Enterprise Linux 9Red Hat Enterprise Linux 8
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2026-0891
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.41% / 33.27%
||
7 Day CHG+0.03%
Published-13 Jan, 2026 | 13:30
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147

Memory safety bugs present in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux AppStream EUS (v. 10.0)Red Hat Enterprise Linux AppStream EUS (v.9.6)Red Hat Enterprise Linux AppStream AUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.6)Red Hat Enterprise Linux 7Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)Red Hat Enterprise Linux AppStream TUS (v.8.8)Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)Red Hat Enterprise Linux AppStream E4S (v.9.2)Red Hat Enterprise Linux AppStream AUS (v. 8.2)Red Hat Enterprise Linux AppStream TUS (v.8.6)Red Hat Enterprise Linux AppStream E4S (v.8.8)Red Hat Enterprise Linux AppStream EUS (v.9.4)Red Hat Enterprise Linux AppStream AUS (v.8.4)Red Hat Enterprise Linux AppStream E4S (v.9.0)
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-14657
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.4||MEDIUM
EPSS-1.16% / 63.24%
||
7 Day CHG~0.00%
Published-13 Nov, 2018 | 19:00
Updated-05 Aug, 2024 | 09:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Keycloak 4.2.1.Final, 4.3.0.Final. When TOPT enabled, an improper implementation of the Brute Force detection algorithm will not enforce its protection measures.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onkeycloaklinuxkeycloak
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2026-24781
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-9.8||CRITICAL
EPSS-1.16% / 63.14%
||
7 Day CHG+0.17%
Published-04 May, 2026 | 16:33
Updated-30 Jun, 2026 | 12:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
vm2: Sandbox Breakout Through Inspect

vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.11.0.

Action-Not Available
Vendor-vm2_projectpatriksimekRed Hat, Inc.
Product-vm2vm2Red Hat Developer Hub 1.9Red Hat Developer Hub
CWE ID-CWE-653
Improper Isolation or Compartmentalization
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-5987
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.44% / 69.94%
||
7 Day CHG~0.00%
Published-07 Jul, 2025 | 14:24
Updated-30 Jun, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Libssh: invalid return code for chacha20 poly1305 with openssl backend

A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in libssh not properly detecting the error returned by the OpenSSL library. This issue can lead to undefined behavior, including compromised data confidentiality and integrity or crashes.

Action-Not Available
Vendor-libsshRed Hat, Inc.
Product-libsshRed Hat OpenShift Container Platform 4.18Red Hat OpenShift Container Platform 4.16Red Hat Enterprise Linux 9.4 Extended Update SupportRed Hat Enterprise Linux 7Red Hat Enterprise Linux 9.2 Update Services for SAP SolutionsRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 6Red Hat OpenShift Container Platform 4.15Red Hat OpenShift Container Platform 4.20Red Hat OpenShift Container Platform 4.14Red Hat OpenShift Container Platform 4.17Red Hat OpenShift Container Platform 4.13Red Hat Enterprise Linux 8Red Hat OpenShift Container Platform 4.19
CWE ID-CWE-393
Return of Wrong Status Code
CVE-2023-4853
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-8.1||HIGH
EPSS-1.21% / 64.85%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 09:47
Updated-07 Nov, 2025 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quarkus: http security policy bypass

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

Action-Not Available
Vendor-quarkusRed Hat, Inc.
Product-jboss_middleware_text-only_advisoriesintegration_service_registryintegration_camel_kbuild_of_optaplannerquarkusprocess_automation_manageropenshift_container_platformenterprise_linuxjboss_middlewareopenshift_serverlessbuild_of_quarkusdecision_managerintegration_camel_quarkusRHINT Service Registry 2.5.4 GARed Hat Camel Extensions for Quarkus 2.13.3-1Red Hat OpenShift Serverless 1.30RHINT Camel-K-1.10.2Red Hat build of Quarkus 2.13.8.SP2Red Hat Process Automation 7RHEL-8 based Middleware ContainersRed Hat build of OptaPlanner 8RHPAM 7.13.4 asyncOpenshift Serverless 1 on RHEL 8
CWE ID-CWE-148
Improper Neutralization of Input Leaders
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-5419
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-3.7||LOW
EPSS-0.38% / 29.93%
||
7 Day CHG+0.05%
Published-01 Jun, 2026 | 19:26
Updated-29 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal

A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9.4 Update Services for SAP SolutionsRed Hat Update Infrastructure 5Red Hat OpenShift Container Platform 4Red Hat Discovery 2Red Hat Enterprise Linux 7Red Hat Hardened ImagesRed Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9.6 Extended Update SupportRed Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 6
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2026-27856
Matching Score-6
Assigner-Open-Xchange
ShareView Details
Matching Score-6
Assigner-Open-Xchange
CVSS Score-7.4||HIGH
EPSS-0.39% / 31.10%
||
7 Day CHG+0.10%
Published-27 Mar, 2026 | 08:10
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Doveadm credentials are verified using direct comparison which is susceptible to timing oracle attack. An attacker can use this to determine the configured credentials. Figuring out the credential will lead into full access to the affected component. Limit access to the doveadm http service port, install fixed version. No publicly available exploits are known.

Action-Not Available
Vendor-Open-Xchange AGDovecotRed Hat, Inc.
Product-dovecotOX Dovecot ProRed Hat Enterprise Linux Server Optional (v. 7 ELS)Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux Server (v. 7 ELS)Red Hat Enterprise Linux 6
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-287
Improper Authentication
CVE-2024-3296
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.41% / 33.34%
||
7 Day CHG~0.00%
Published-04 Apr, 2024 | 13:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 9Red Hat Enterprise Linux 8
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2024-2467
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.52% / 40.10%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 16:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Perl-crypt-openssl-rsa: side-channel attack in pkcs#1 v1.5 padding mode (marvin attack)

A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 6openssl
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2023-5981
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5.9||MEDIUM
EPSS-1.26% / 65.95%
||
7 Day CHG~0.00%
Published-28 Nov, 2023 | 11:49
Updated-25 Mar, 2026 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gnutls: timing side-channel in the rsa-psk authentication

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.

Action-Not Available
Vendor-Debian GNU/LinuxGNUFedora ProjectRed Hat, Inc.
Product-debian_linuxfedoralinuxgnutlsRed Hat Enterprise Linux 7Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat Enterprise Linux 6Red Hat Enterprise Linux 8.8 Extended Update SupportRHODF-4.15-RHEL-9Red Hat Enterprise Linux 9Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8RHOL-5.8-RHEL-9
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2026-41588
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9||CRITICAL
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-08 May, 2026 | 14:51
Updated-12 May, 2026 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key()

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py — check_sign_in_key(). This issue has been patched via commit 2f68e16.

Action-Not Available
Vendor-inducerinducer
Product-relaterelate
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-208
Observable Timing Discrepancy
CVE-2023-25529
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-8||HIGH
EPSS-0.52% / 40.07%
||
7 Day CHG~0.00%
Published-20 Sep, 2023 | 00:08
Updated-02 Aug, 2024 | 11:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA DGX H100 BMC and DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering.

Action-Not Available
Vendor-NVIDIA Corporation
Product-dgx_h100_firmwaredgx_h100DGX A100 BMCDGX H100 BMC
CWE ID-CWE-208
Observable Timing Discrepancy
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-29995
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.1||HIGH
EPSS-1.46% / 70.38%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 17:30
Updated-10 Jul, 2025 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kerberos Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_21h2windows_10_1809windows_server_2016windows_server_2012windows_server_2008windows_10_1507windows_11_21h2windows_10_22h2windows_server_2022windows_11_22h2windows_server_2019windows_10_1607Windows Server 2022Windows Server 2012 R2 (Server Core installation)Windows Server 2016 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2019Windows Server 2016Windows Server 2012 (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 22H2Windows Server 2012Windows 10 Version 1507Windows 10 Version 1607Windows 10 Version 21H2
CWE ID-CWE-208
Observable Timing Discrepancy
  • Previous
  • 1
  • 2
  • Next
Details not found