Lucene search
K

22 matches found

OSV
OSV
added 3 days ago1 views

ROOT-OS-UBUNTU-2204-CVE-2025-40261 CVE-2025-40261 in rootio-linux - Patched by Root

Root has patched CVE-2025-40261 in the rootio-linux package for Root:Ubuntu:22.04. Multiple fixed versions available...

5.8AI score0.00171EPSS
Exploits0
SUSE Linux
SUSE Linux
added 2026/05/18 8:16 a.m.7 views

Security update for php-composer2

This update for php-composer2 fixes the following issues CVE-2026-40176: command injection via malicious Perforce repository definition bsc1262254. CVE-2026-40261: command injection via malicious Perforce source reference/url bsc1262255. Changes for php-composer2: version update to 2.2.27 align...

7.8CVSS7.6AI score0.03255EPSS
Exploits4References20
RedhatCVE
RedhatCVE
added 2026/04/16 6:55 p.m.6 views

CVE-2026-40261

A flaw was found in Composer. Perforce::syncCodeBase appends the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Mitigation To mitigate this issue, only run...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/04/16 12:0 a.m.4 views

Fedora 43 : composer (2026-02c1f66b6a)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-02c1f66b6a advisory. Version 2.9.7 - 2026-04-14 Fixes regression calling custom script command aliases that are called a substring of a composer command 12802 ---- Versi...

8.8CVSS6AI score0.01688EPSS
Exploits4References3
UbuntuCve
UbuntuCve
added 2026/04/15 9:17 p.m.5 views

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References2
OSV
OSV
added 2026/04/15 9:17 p.m.8 views

UBUNTU-CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

8.8CVSS6.1AI score0.01688EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.3 views

PT-2026-32621

Name of the Vulnerable Software and Affected Versions Composer versions 1.0 through 2.2.26 Composer versions 2.3 through 2.9.5 Description A command injection issue exists in the Perforce VCS driver of Composer, a dependency manager for PHP. The Perforce::generateP4Command function constructs she...

8.8CVSS6.3AI score0.01688EPSS
Exploits4References41
Tenable Nessus
Tenable Nessus
added 2026/03/04 12:0 a.m.8 views

openSUSE 16 Security Update : kernel (openSUSE-SU-2026:20287-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20287-1 advisory. The SUSE Linux Enterprise 16.0 and SL MIxro 6.2 kernel was updated to fix various security issues The following security issues were fixed: -...

9.8CVSS6.9AI score0.00424EPSS
Exploits2References641
Tenable Nessus
Tenable Nessus
added 2026/02/12 12:0 a.m.11 views

SUSE SLED15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:0447-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0447-1 advisory. The SUSE Linux Enterprise 15 SP7 kernel was updated to fix various security issues The following security issu...

9.8CVSS6.7AI score0.00424EPSS
Exploits2References537
RedhatCVE
RedhatCVE
added 2025/12/10 6:44 a.m.1 views

CVE-2025-40261

No description is available for this CVE...

6.6CVSS6.5AI score0.00171EPSS
Exploits0References4
OSV
OSV
added 2025/12/09 6:7 a.m.2 views

BELL-CVE-2025-40261

Bulletin has no description...

6.9AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 4:16 p.m.0 views

DEBIAN-CVE-2025-40261

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

5.2AI score0.00171EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2025/12/04 4:16 p.m.3 views

CVE-2025-40261

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

5.9AI score0.00171EPSS
Exploits0References32
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-40261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can...

6.2AI score0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/10 4:5 a.m.1 views

EUVD-2025-40261

Malicious code in candra-mie96-sluey npm...

6.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:13 a.m.11 views

CVE-2023-40261

Diebold Nixdorf Vynamic Security Suite VSS before 3.3.0 SR17, 4.0.0 SR07, 4.1.0 SR04, 4.2.0 SR04, and 4.3.0 SR02 fails to validate file attributes during the Pre-Boot Authorization PBA process. This can be exploited by a physical attacker who is able to manipulate the contents of the system's har...

6.8CVSS6.6AI score0.00363EPSS
Exploits1References1
Circl
Circl
added 2024/08/08 8:35 p.m.4 views

CVE-2023-40261

creationtimestamp| type| source ---|---|--- 2024-08-08 20:35:15+00:00| seen| https://t.me/cvedetector/2815 2025-03-13 19:42:46+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7484...

6.8CVSS5.3AI score0.00363EPSS
Exploits1References2
Circl
Circl
added 2022/09/20 10:39 p.m.5 views

CVE-2022-40261

creationtimestamp| type| source ---|---|--- 2022-09-20 22:39:44+00:00| seen| https://t.me/cibsecurity/50162...

8.2CVSS7.9AI score0.0033EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/09/20 5:35 p.m.22 views

CVE-2022-40261 SMM memory corruption vulnerability in OverClockSmiHandler SMM driver

An attacker can exploit this vulnerability to elevate privileges from ring 0 to ring -2, execute arbitrary code in System Management Mode - an environment more privileged than operating system OS and completely isolated from it. Running arbitrary code in SMM additionally bypasses SMM-based SPI...

8.5AI score0.0033EPSS
Exploits1References2
CVE
CVE
added 2022/09/20 5:35 p.m.62 views

CVE-2022-40261

CVE-2022-40261 concerns the OverClockSmiHandler SMM driver. The provided documents describe a local-privilege-escalation flaw that allows an attacker to elevate to System Management Mode (ring -2), execute arbitrary code in SMM, and bypass SMM‑based SPI flash protections, enabling a malicious BIO...

8.2CVSS8.3AI score0.0033EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder