Lucene search
K

4670 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.9 views

CVE-2026-52808

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS0.00478EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 9:14 p.m.10 views

CVE-2026-54067

SiYuan (prior to v3.7.0) is affected by a stored XSS in renderSnippet() where a CSS snippet containing breaks out of the surrounding tag during insertion, enabling injected JavaScript in the renderer. In Electron builds with nodeIntegration: true, this can reach Node APIs (e.g., child_process) a...

9.9CVSS6AI score0.00307EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:27 p.m.22 views

CVE-2026-52808 Gogs: Write-level collaborators can mutate admin-only repository settings via API

Gogs is an open source self-hosted Git service. Prior to 0.14.3, three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent...

7.1CVSS0.00478EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:30 p.m.10 views

CVE-2026-53129

The CVE-2026-53129 fix in the Linux kernel addresses a use-after-free in the mb_cache shrink path. Specifically, mb_cache_destroy() previously freed cache memory after scheduling c_shrink_work, but did not cancel the pending work item, risking mb_cache_shrink_worker() accessing freed memory if th...

5.7AI score0.00157EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38971

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix potential deadlock in mt7925rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...

5.7AI score0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.27 views

CVE-2026-53101 wifi: mt76: mt7921: fix potential deadlock in mt7921_roc_abort_sync

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...

0.00166EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38969

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix potential deadlock in mt7921rocabortsync rocabortsync can deadlock with rocwork. rocwork holds dev-mt76.mutex, while cancelworksync waits for rocwork to finish. If the caller already owns the same mutex,...

5.7AI score0.00166EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/24 10:35 a.m.4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.7AI score0.00154EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.35 views

CVE-2026-9619 Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential deadlock exists in the mt7921 roc abort sync function within the mt76 wireless driver. The issue occurs when roc abort sync calls cancel work sync, which waits for roc work t...

5.8AI score0.00166EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:3 p.m.7 views

Gogs's write-level collaborators can mutate admin-only repository settings via API

Summary Three API endpoints — PATCH /api/v1/repos/:owner/:repo/issue-tracker, PATCH /api/v1/repos/:owner/:repo/wiki, and POST /api/v1/repos/:owner/:repo/mirror-sync — are gated by reqRepoWriter rather than reqRepoAdmin. The equivalent operations in the web UI sit behind reqRepoAdmin, which requir...

7.1CVSS6AI score0.00478EPSS
Exploits0References5Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/23 3:38 p.m.7 views

Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
OSV
OSV
added 2026/06/23 3:38 p.m.8 views

MAL-2026-6336 Malicious code in sync-external (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dc297a0deaba794fdbfccc280a79c7cc895f21fc4e0122b1fba1bc4759b66c3f The package ships an obfuscated JavaScript file at shim/index.js using hex-style identifier mangling 0x391f3f, 0x3eff0a, 0x534564, etc. characteristi...

5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.11 views

PT-2026-51626

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description An authorization bypass exists where three API endpoints are protected by write-level middleware instead of administrator-level middleware. This allows a collaborator with write access to perfor...

7.1CVSS5.9AI score0.00478EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/22 2:43 a.m.4 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.7AI score0.0014EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/22 2:43 a.m.5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter. A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for...

7.8CVSS5.7AI score0.00154EPSS
Exploits0References7
Microsoft KB
Microsoft KB
added 2026/06/22 12:0 a.m.14 views

Azure File Sync Agent V22.4 - June 2026

Azure File Sync Agent V22.4 - June 2026 This article describes the improvements and issues that are fixed in the Azure File Sync Agent v22.4 release that is dated June 2026. Additionally, this article contains installation instructions for this release. Improvements and issues that are fixed Serv...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This issue is addressed by the commit 443a98e649b4 “soundwire: bus: use pmruntimeresumeandget”. The calls to pmruntimeresumeandget are changed back to...

5.3AI score0.00166EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fixed a reference leak in amdgpuuserqwaitioctl. Also, removed the reference to syncobj and timeline fence when aborting the ioctl, as the output array became too small. Selected from the commit...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ax25: Fixing use-after-free bugs caused by ax25dsdeltimer. When the ax25 device is being detached, the ax25devdevicedown function calls ax25dsdeltimer to clean up the slavetimer. When the timer handler is running, the...

7.8CVSS5.8AI score0.00232EPSS
Exploits0References2
Rows per page
Query Builder