Lucene search
K

2021 matches found

OSV
OSV
added 2026/05/12 3:25 p.m.8 views

CLSA-2026-1778599539 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.9 views

Unity Linux 20.1060e / 20.1070e Security Update: flatpak (UTSA-2026-017590)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017590 advisory. Flatpak before 1.0.7, and 1.1.x and 1.2.x before 1.2.3, exposes /proc in the applyextra script sandbox, which allows attackers to modify a host-side executable file...

8.2CVSS7.1AI score0.00466EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28682

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

5.8AI score0.00444EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/08 3:17 p.m.12 views

CVE-2026-43470

In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3proccreate if dalias is a dir If we found an alias through nfs3docreate/nfsaddorobtain /dsplicealias which happens to be a dir dentry, we don't return any error, and simply forget about this alias, but t...

5.5CVSS5.7AI score0.00116EPSS
Exploits0References6
OSV
OSV
added 2026/05/08 3:16 p.m.11 views

UBUNTU-CVE-2026-43376

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

9.8CVSS5.7AI score0.00444EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.6 views

CVE-2026-43376

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free by using callrcu for oplockinfo ksmbd currently frees oplockinfo immediately using kfree, even though it is accessed under RCU read-side critical sections in places like opinfoget and procshowfiles. Sinc...

9.8CVSS5.8AI score0.00444EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.28 views

CVE-2026-43178 procfs: fix possible double mmput() in do_procmap_query()

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

7.8CVSS0.00132EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.10 views

CVE-2026-43178

In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput in doprocmapquery When user provides incorrectly sized buffer for build ID for PROCMAPQUERY we return with -ENAMETOOLONG error. After recent changes this condition happens later, after we unlocke...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/06 11:27 a.m.18 views

CVE-2026-43178

In the Linux kernel, the procfs component has a vulnerability in do_procmap_query() that can trigger a double mmput() of an mm_struct when a user passes an incorrectly sized buffer for PROCMAP_QUERY's build ID. The root cause is a change that defers cleanup after unlocking mmap_lock and per-VMA, ...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.8 views

PT-2026-37518

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the procfs component within the do procmap query function. When a user provides an incorrectly sized buffer for the build ID during a PROCMAP QUERY, the system returns a...

7.8CVSS5.8AI score0.00132EPSS
Exploits0References6
Amazon
Amazon
added 2026/05/05 12:0 a.m.17 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories CVE-2025-68736 In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context CVE-2026-23102 In the Linu...

9.4CVSS5.8AI score0.00433EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/05/04 4:10 p.m.106 views

Exploit for CVE-2025-40271

🔴 CVE-2025-40271: Vulnerabilidad Crítica de Uso-After-Free en...

5.8AI score0.00519EPSS
Exploits3
OSV
OSV
added 2026/05/04 12:30 a.m.6 views

GHSA-9F6M-65V9-X9G2 MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.3CVSS6.7AI score0.00284EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/04 12:30 a.m.11 views

Access Control Bypass

Overview MindsDB is a MindsDB server, provides server capabilities to mindsdb native python library Affected versions of this package are vulnerable to Access Control Bypass via the exec function in the mindsdb/integrations/handlers/byomhandler/procwrapper.py component. An attacker can gain...

7.5CVSS7.1AI score0.00284EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/04 12:30 a.m.19 views

MindsDB has an Improper Access Control Issue

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/04 12:16 a.m.8 views

CVE-2026-7711

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS0.00284EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.13 views

MindsDB 访问控制错误漏洞

MindsDB is a joint query engine developed by MindsDB Corporation, designed specifically for AI agents and large language models. It can handle questions related to PB-level enterprise data. MindsDB versions 26.01 and earlier contained a access control vulnerability. This vulnerability stemmed fro...

7.5CVSS7.1AI score0.00284EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2026/05/04 12:0 a.m.97 views

Linux Kernel proc_readdir_de() 6.18-rc5 - Local Privilege Escalation

Exploit Title: Linux Kernel procreaddirde 6.18-rc5 - Local Privilege Escalation CVE: CVE-2025-40271 Date: 2026-03-19 Exploit Author: Aviral Srivastava Vendor: Linux Kernel kernel.org Affected: 3.14+ through 6.18-rc5 bug predates version tracking Fixed in stable: 5.10.247, 6.1.159, 6.12.73, 6.18-r...

7.8CVSS7AI score0.12966EPSS
Exploits9
Cvelist
Cvelist
added 2026/05/03 11:30 p.m.34 views

CVE-2026-7711 MindsDB Engine proc_wrapper.py exec unrestricted upload

A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file mindsdb/integrations/handlers/byomhandler/procwrapper.py of the component Engine Handler. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit ha...

7.5CVSS0.00284EPSS
Exploits0References4
CVE
CVE
added 2026/05/03 11:30 p.m.21 views

CVE-2026-7711

Summary: CVE-2026-7711 affects MindsDB Engine up to 26.01, specifically the function exec in mindsdb/integrations/handlers/byom_handler/proc_wrapper.py. The underlying issue enables remote manipulation via the exec path that could allow unrestricted upload. Public exploit code is noted, and the a...

7.5CVSS6.7AI score0.00284EPSS
Exploits0References4
Rows per page
Query Builder