Lucene search
K

1352 matches found

RedHat Linux
RedHat Linux
added 2026/05/20 1:3 p.m.9 views

kernel: usbip: validate number_of_packets in usbip_pack_ret_submit()

A flaw was found in the Linux kernel's USB/IP subsystem. A malicious USB/IP server could exploit a vulnerability in the usbippackretsubmit function by sending a specially crafted RETSUBMIT response. This response, containing an oversized numberofpackets value, could cause a heap out-of-bounds...

9.8CVSS6.3AI score0.00311EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: In the blkzonewplugbiowork function, do not use submitbionoacctnocheck. Queues of zone write operations have already gone through all preparations in the submitbio path, including freeze protection. Submitting these operations...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: nilfs2: A potential use-after-free issue has been addressed in nilfsgccachesubmitreaddata. In nilfsgccachesubmitreaddata, the function brelsebh is called to decrement the reference count of bh when the call to nilfsdattranslate...

5.5CVSS6.2AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Nilfs2: Fixed a kernel bug caused by failing to clear the buffer delay flag. Syzbot reported that after Nilfs2 reads a corrupted file system image and becomes read-only, the BUGON check for the buffer delay flag in submitbhwbc ma...

5.5CVSS6.3AI score0.00237EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: erofs: Add GFPNOIO to the bio completion if necessary. The bio completion path in the process context e.g., dm-verity will directly call into decompression instead of triggering another workqueue context for minimal scheduling...

7.5CVSS5.7AI score0.00378EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed the issue where the fence was put before waiting in amdgpuamdkfdsubmitib. The amdgpuamdkfdsubmitib function submits a GPU job and obtains a fence from amdgpuibschedule. This fence is used to wait for the job to...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

MLflow 安全漏洞

MLflow is an open-source platform that simplifies machine learning development. It includes features like tracking experiments, packaging code for reproducible runs, and sharing and deploying models. Versions of mlflow prior to 3.9.0 contain security vulnerabilities. These vulnerabilities stem fr...

8.6CVSS7.5AI score0.01502EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.13 views

PT-2026-40899

Name of the Vulnerable Software and Affected Versions InfusedWoo Pro versions prior to 5.1.3 Description The InfusedWoo Pro plugin for WordPress allows unauthenticated attackers to perform Arbitrary File Read via the 'popup submit' endpoint. This allows web requests to be made to arbitrary...

7.5CVSS5.9AI score0.00271EPSS
Exploits0References5
NVD
NVD
added 2026/05/13 6:16 a.m.11 views

CVE-2026-2725

Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" ta...

6CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 6:32 a.m.10 views

EUVD-2026-28528

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS5.9AI score0.00463EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/08 4:0 a.m.34 views

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS0.00463EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/08 4:0 a.m.9 views

CVE-2026-8137 Totolink X5000R formDdns sub_458E40 buffer overflow

A vulnerability has been found in Totolink X5000R 9.1.0u.6369B20230113. This vulnerability affects the function sub458E40 of the file /boafrm/formDdns. The manipulation of the argument submit-url leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclos...

9CVSS7.5AI score0.00463EPSS
Exploits0References5
CVE
CVE
added 2026/05/08 4:0 a.m.14 views

CVE-2026-8137

The CVE-2026-8137 entry affects Totolink X5000R (firmware 9.1.0u.6369_B20230113). The vulnerable component is the function sub_458E40 in /boafrm/formDdns, where manipulation of the submit-url argument causes a buffer overflow. Remote exploitation is possible, and the exploit has been disclosed pu...

9CVSS7.5AI score0.00463EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.10 views

TOTOLINK X5000R 缓冲区错误漏洞

The TOTOLINK X5000R is a router produced by TOTOLINK, a Chinese electronics company. The version 9.1.0u.6369B20230113 of the Totolink X5000R contains a buffer error vulnerability. This vulnerability stems from improper handling of the submit-url parameter in the function sub458E40 within the...

9CVSS7.7AI score0.00463EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/07 2:21 a.m.12 views

SUSE CVE-2026-31757

In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usbsubmiturb fails in usbioprobe, the previously allocated URB is never freed, causing a memory leak. Fix this by jumping to errfreeurb label to properly release the UR...

5.8AI score0.00121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/06 8:37 p.m.9 views

CVE-2026-43180

A flaw was found in the Linux kernel's kaweth USB network driver. The kawethsetrxmode function incorrectly manipulates the transmit TX queue, allowing it to be re-enabled while a USB Request Block URB is still active. This can result in the same URB being submitted twice, leading to a kernel...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.6 views

CVE-2026-43580

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute...

7.7CVSS5.9AI score0.00264EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/06 7:49 p.m.32 views

CVE-2026-43580 OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions

OpenClaw before 2026.4.10 contains an incomplete navigation guard vulnerability that allows attackers to trigger navigation without complete SSRF policy enforcement. Browser press/type style interactions, including pressKey and type submit flows, can bypass post-action security checks to execute...

7.7CVSS0.00264EPSS
Exploits0References5
NVD
NVD
added 2026/05/06 12:16 p.m.9 views

CVE-2026-43180

In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kawethsetrxmode kawethsetrxmode, the ndosetrxmode callback, calls netifstopqueue and netifwakequeue. These are TX queue flow control functions unrelated to RX multicast...

7.8CVSS0.00129EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/05 9:15 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview @evomap/evolver is an A GEP-powered self-evolution engine for AI agents. Features automated log analysis and Genome Evolution Protocol GEP for auditable, reusable evolution assets. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling vi...

6.9CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder