Lucene search
K

158540 matches found

Github Security Blog
Github Security Blog
added 2026/05/29 10:7 p.m.22 views

Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

5.8AI score0.00015EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/29 10:7 p.m.9 views

GHSA-MCH8-WF3H-6X88 Admidio writes session IDs and auto-login cookie values to application logs

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

4.4CVSS5.8AI score0.00015EPSS
Exploits0References2
CVE
CVE
added 2026/05/29 4:13 p.m.35 views

CVE-2026-45631

Dokploy (PaaS) fixed in 0.29.3 a pre-auth admin takeover vulnerability caused by a hardcoded BETTER_AUTH_SECRET fallback (better-auth-secret-123456789) present from 0.27.0 to before 0.29.3. An unauthenticated attacker could forge email verification JWTs, trigger auto-sign-in as admin, and execute...

10CVSS5.9AI score0.00351EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/29 8:14 a.m.55 views

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.12 views

SUSE CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.5CVSS5.8AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.11 views

PT-2026-45044

Summary When debug logging is enabled, Session::setCookie logs full cookie values and Session::start logs the current session ID. In a real Admidio deployment this includes both the active session cookie and the persistent auto-login cookie. Anyone with access to the log sink can recover live...

4.4CVSS5.8AI score0.00015EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 11:16 p.m.15 views

CVE-2026-9887

Use after free in Proxy in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to execute arbitrary code via a crafted PAC script. Chromium security severity: Critical...

8.8CVSS0.00218EPSS
Exploits0References2
NVD
NVD
added 2026/05/28 6:16 p.m.13 views

CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

9.6CVSS0.00375EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 5:32 p.m.10 views

CVE-2026-45311

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 5:32 p.m.29 views

CVE-2026-45311

The CVE concerns the DeepSeek-TUI run_tests tool, where versions 0.3.0–0.8.23 auto-run cargo test without user approval, enabling execution of arbitrary code via test code and build scripts. The root cause is that tests are auto-approved, allowing attacker-controlled test code in a malicious repo...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 5:32 p.m.9 views

CVE-2026-45311 CodeWhale: run_tests Tool Enables RCE via Malicious Repository Without Approval

CodeWhale is a DeepSeek + MiMo coding agent in terminal. From 0.3.0 to 0.8.23, the runtests tool executes cargo test in the workspace with ApprovalRequirement::Auto, meaning it runs without any user approval prompt. cargo test compiles and executes arbitrary code: test binaries, build.rs build...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:16 a.m.15 views

CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.5CVSS0.00105EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 10:16 a.m.5 views

UBUNTU-CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:41 a.m.30 views

CVE-2026-46239 media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:40 a.m.8 views

CVE-2026-46202

In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlightdevice-opslock via backlightdevicesetbrightness - mutexlock from two different atomic contexts: appletbinactivitytimer is...

5.9AI score0.00128EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/28 9:40 a.m.29 views

CVE-2026-46202

CVE-2026-46202 concerns the Linux kernel HID driver for the Apple Touch Bar (hid-appletb-kbd). The issue arises when inactivity autodim uses backlight_device_set_brightness() from two atomic contexts (a timer_list callback and input/event paths), causing a mutex lock from an atomic context bug an...

5.5CVSS6AI score0.00128EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/28 4:1 a.m.11 views

EUVD-2026-32711

The Rocket.Chat DDP method autoTranslate.translateMessage in versions 8.5.0, 8.4.2, 8.3.4, 8.2.4, 8.1.5, 8.0.5, 7.13.8, and 7.10.12 accepts a client-supplied IMessage object and passes it directly to translateMessage without checking Meteor.userId or verifying room membership. Any authenticated D...

7.5CVSS7.1AI score0.00283EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.11 views

SUSE CVE-2026-46042

In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix memory leaks in weightedinterleaveautostore weightedinterleaveautostore fetches oldwistate inside the if !input block only. This causes two memory leaks: 1. When a user writes "false" and the current mode is...

3.3CVSS5.8AI score0.00126EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.12 views

CodeWhale 代码注入漏洞

CodeWhale is a terminal coding intelligence tool developed by Hunter Bown. Versions of CodeWhale from 0.3.0 to 0.8.23 contain a code injection vulnerability. This vulnerability arises from the runtests tool executing cargo test with ApprovalRequirement::Auto, allowing for the compilation and...

9.6CVSS6.2AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 3:33 p.m.11 views

EUVD-2026-32347

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svsenabledebugwrite In svsenabledebugwrite, the buf allocated by memdupusernul is leaked if kstrtoint fails. Fix this by using freekfree to automatically free buf, eliminating the need for...

5.8AI score0.00156EPSS
Exploits0References7
Rows per page
Query Builder