33 matches found
CVE-2026-40348
creationtimestamp| type| source ---|---|--- 2026-04-18 01:18:19+00:00| published-proof-of-concept| Telegram/lPGIWgtQcs4RDQrNkGM74AEu7FEWLIcUMs54pp3qHTSOJE 2026-04-18 01:38:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjqckfdixb26...
CVE-2026-40348
Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2025-40348
A race condition was found in the Linux kernel's slab allocator. When two threads concurrently call allocslabobjexts and one fails allocation, it may overwrite the other's valid objexts pointer with OBJEXTSALLOCFAIL. The winning thread later dereferences this as a valid pointer, causing a null...
Linux Distros Unpatched Vulnerability : CVE-2025-40348
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - slab: Avoid race on slab-objexts in allocslabobjexts If two competing threads enter allocslabobjexts and one of them fails to allocate the object extension...
CVE-2025-40348 slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts
In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab-objexts in allocslabobjexts If two competing threads enter allocslabobjexts and one of them fails to allocate the object extension vector, it might override the valid slab-objexts allocated by the other...
CVE-2025-40348
In the Linux kernel, the following vulnerability has been resolved: slab: Avoid race on slab-objexts in allocslabobjexts If two competing threads enter allocslabobjexts and one of them fails to allocate the object extension vector, it might override the valid slab-objexts allocated by the other...
EUVD-2025-40348
Malicious code in budi-lapis93-ruro npm...
MAL-2025-40348 Malicious code in yarn-vz9hb-s0fiy-prism-project (npm)
The package yarn-vz9hb-s0fiy-prism-project was found to contain malicious code...
CVE-2024-40348
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal...
Exploit for Path Traversal in Bazarr
Bazaarpoc Bazaar v1.4.3 任意文件读取漏洞CVE-2024-40348 python Baza...
Exploit for Path Traversal in Bazarr
CVE-2024-40348 POC for CVE-2024-40348 Bazaar v1.4.3 and prior...
CVE-2024-40348
creationtimestamp| type| source ---|---|--- 2024-07-20 07:15:32+00:00| seen| https://t.me/cvedetector/1241 2024-07-21 00:57:10+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8035 2024-07-22 00:20:35+00:00| exploited| https://t.me/TheDarkWebInformer/1822 2024-07-22 05:34:08+00:00|...
CVE-2024-40348
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal...
CVE-2024-40348
Bazaar v1.4.3 and earlier contains an unauthenticated Arbitrary File Read via directory traversal in the component /api/swaggerui/static. The root cause is a path traversal vulnerability that allows reading arbitrary server files. Impact is unauthenticated access with potential disclosure of sens...
CVE-2023-40348
creationtimestamp| type| source ---|---|--- 2023-08-16 18:49:55+00:00| seen| https://t.me/cibsecurity/68662...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2023-40348
CVE-2023-40348 affects the Jenkins Gogs Plugin (versions up to 1.0.15). The webhook endpoint at /gogs-webhook can be reached by unauthenticated attackers and discloses whether a specific job exists, even if the attacker lacks permission to access that job. The root cause is an information-disclos...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...
CVE-2023-40348
The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output...