Lucene search
K

22766 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/26 6:57 p.m.6 views

CVE-2026-52783

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS5.6AI score0.00129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/26 6:57 p.m.29 views

CVE-2026-52783 OpenProject: Information Disclosure (cleartext storage of data) on localhost through memcached via Others "storage.<id>.httpx_access_token" leads to Sensitive Data Exposure

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth accesstoken plaintext to Rails.cache under the deterministic key storage..httpxaccesstoken, repopulated continuously by an...

8.2CVSS0.00129EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 6:34 p.m.7 views

CVE-2026-53064

A flaw was found in the Linux kernel's device-mapper dm-cache component. When dm-cache operates in passthrough mode, a race condition can occur during concurrent write operations to the same cached block. This can lead to a null-pointer dereference in the invalidatecomplete function, potentially...

5.5CVSS5.7AI score0.00176EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 4:33 p.m.35 views

CVE-2026-48529 GitHub MCP Server: Lockdown mode singleton in HTTP server causes cross-user GraphQL client confusion

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS0.00205EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 4:33 p.m.6 views

CVE-2026-48529

GitHub MCP Server is GitHub's official MCP Server. From 0.22.0 until 1.1.2, when running in HTTP mode with --lockdown-mode enabled, the RepoAccessCache is implemented as a process-global singleton initialized with the first authenticated user's GraphQL client. All subsequent requests from differe...

6CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/26 4:33 p.m.20 views

CVE-2026-48529

GitHub MCP Server (versions 0.22.0–1.1.2) in HTTP mode with --lockdown-mode stores RepoAccessCache as a process-global singleton initialized with the first authenticated user’s GraphQL client. All subsequent requests reuse that singleton, causing lockdown queries to run with the first user’s toke...

6CVSS5.8AI score0.00205EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/26 4:31 p.m.10 views

CVE-2026-53063

A flaw was found in the Linux kernel's device-mapper dm cache component. Incomplete logic within the invalidateremove function, which handles write operations after cache invalidation, can lead to a system hang. This occurs because the function sets up remapping for write operations but fails to...

5.5CVSS5.7AI score0.0018EPSS
Exploits0References4
NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-54834

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2026-45257

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

7.8CVSS0.00154EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 2:52 p.m.3 views

EUVD-2026-39678

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.30 views

CVE-2026-54834 WordPress Object Cache 4 everyone plugin <= 2.3.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone = 2.3.2 versions...

7.5CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.15 views

CVE-2026-54834

CVE-2026-54834 affects the WordPress Object Cache 4 everyone plugin (≤ 2.3.2). Unauthenticated sensitive data exposure is described; no exploitation details or root-cause are provided in the connected documents. CVSSv3.1 base score 7.5 (HIGH) with network attack vector and no user interaction. No...

7.5CVSS5.8AI score0.00294EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:50 p.m.33 views

CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:50 p.m.118 views

CVE-2026-45257

CVE-2026-45257 : FreeBSD KTLS receive path decrypts in place, enabling an unprivileged local user to overwrite a file’s page cache via sendfile(2) data over a loopback connection when KTLS receive is enabled. This can corrupt the backing file and allow privilege escalation by overwriting setuid/t...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/26 2:17 p.m.11 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

9.8CVSS0.00196EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2026/06/26 1:57 p.m.22 views

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW ," is an out-of-bounds write in the packet-editing action actpedit that corrupts shared page-cache memory. A public, working exploit appeare...

6.1AI score0.00259EPSS
Exploits9
Cvelist
Cvelist
added 2026/06/26 1:1 p.m.36 views

CVE-2026-53914

In JetBrains Kotlin before 2.4.20 code execution was possible via unsafe deserialization in the build cache metadata...

6.7CVSS0.00196EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 1:1 p.m.99 views

CVE-2026-53914

CVE-2026-53914 affects JetBrains Kotlin prior to 2.4.20, where unsafe deserialization in the build cache metadata allows code execution. The NVD notes a high-severity, network-vector vulnerability with critical impact to confidentiality, integrity, and availability; local context in CVSS from CNA...

9.8CVSS6.2AI score0.00196EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 11:19 a.m.13 views

CVE-2026-53060

A flaw was found in the Linux kernel's device-mapper dm cache metadata. This memory leak vulnerability occurs when the dmcachemetadataabort function fails to acquire the root lock because the block manager is read-only, leading to the improper release of a temporary block manager. A local attacke...

5.5CVSS5.8AI score0.00184EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 7:44 a.m.7 views

CVE-2026-53174

A flaw was found in the Linux kernel's overlay filesystem ovl component. Specifically, an issue in the ovliteratemerged function incorrectly stores an error pointer even after a successful cache operation. This can lead to the function returning a misleading non-zero error, potentially causing...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References4
Rows per page
Query Builder