Lucene search
K

7026 matches found

Amazon
Amazon
added 2 days ago7 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: clear page-private in freepagesprepare CVE-2026-43303 In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl CVE-2026-43492 In...

9.8CVSS6.3AI score0.00675EPSS
Exploits1
OSV
OSV
added 3 days ago3 views

GHSA-84RM-42XW-MX52 Coder's AI Bridge Proxy skips TLS certificate verification in default configuration

Summary The AI Bridge Proxy aibridgeproxyd created a goproxy server whose default transport set InsecureSkipVerify: true and only assigned a secure transport when an upstream proxy was configured. In the default configuration no upstream proxy, outbound HTTPS to the Coder access URL accepted any...

7.4CVSS6AI score0.00258EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 3 days ago5 views

Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References9Affected Software1
OSV
OSV
added 3 days ago4 views

GHSA-WQXV-W64V-5WH6 Suspended Coder users retain access to AI Bridge LLM proxy endpoints

Summary AI Bridge proxy endpoints authenticate via Server.IsAuthorized in coderd/aibridgedserver, which validates key format, expiry, secret and deleted or system users but does not check whether the account is suspended. Because suspension does not revoke existing API keys, a suspended user's...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References9
OSV
OSV
added 3 days ago5 views

GHSA-F5VP-W269-392G Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score0.00548EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 3 days ago6 views

Coder vulnerable to denial of service via unbounded request body in AI Bridge provider endpoints

Summary AI Bridge provider handlers read request bodies with io.ReadAll without a maximum size so an authenticated user with AI Bridge access could send an arbitrarily large body and exhaust memory. Note: Exploitation requires authenticated access to the AI Bridge endpoints and the impact is...

6.5CVSS6AI score0.00548EPSS
Exploits0References6Affected Software1
NVD
NVD
added 3 days ago7 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

5.3CVSS0.00385EPSS
Exploits0References2
NVD
NVD
added 3 days ago7 views

CVE-2026-49097

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel IRC component. The camel-irc producer chooses the destination of an outgoing IRC message from the irc.sendTo Exchange header the constant...

6.5CVSS0.00428EPSS
Exploits0References2
OSV
OSV
added 3 days ago5 views

USN-8508-1 linux-nvidia-6.17 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - S390 architecture; - Block layer subsystem; - Cryptographic API; - DMA engine subsystem; - GP...

9.8CVSS6.2AI score0.00817EPSS
Exploits9References85
ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-49099

Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection', Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Salesforce Component. The camel-salesforce producer resolves its operation parameters - the SOQL query, the SOSL search,...

6AI score0.00341EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-49098

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

6.1AI score0.00385EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-49098 Apache Camel: Camel-Kafka: The kafka.OVERRIDE_TOPIC (and other kafka.*) Exchange header constants used non-Camel-prefixed names that bypass the upstream HTTP header filter, allowing an HTTP client to redirect Kafka messages to an arbitrary topic

Improper Input Validation, Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in Apache Camel Kafka Component. The camel-kafka producer can override its configured target topic at runtime from the kafka.OVERRIDETOPIC Exchange header:...

0.00385EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41841

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel JIRA component. The camel-jira producers read their operation parameters - the issue key, project key, transition id, summary, type, assignee, components, watchers, link type, work-log minute...

5.3CVSS6.1AI score0.00349EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago8 views

PT-2026-56078

Name of the Vulnerable Software and Affected Versions Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge provider handlers read request bodies using io.ReadAll without enforcing a maximum size. An authenticated user with AI Bridge access can send an...

6.5CVSS6AI score0.00548EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-56080

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description The AI Bridge Proxy aibridgeproxyd creates a goproxy server that, by default, sets InsecureSkipVerify: true. In...

7.4CVSS5.9AI score0.00258EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-56079

Name of the Vulnerable Software and Affected Versions Coder versions 2.30.0 through 2.32.6 Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge proxy endpoints authenticate via the Server.IsAuthorized function in coderd/aibridgedserver. This process...

5.4CVSS5.9AI score0.0032EPSS
Exploits0References9
Nuclei
Nuclei
added 6 days ago32 views

Micro Focus UCMDB - Remote Code Execution

Micro Focus UCMDB is susceptible to remote code execution. Impacted products include Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions, and Operations Bridge containerized 2020.05, 2019.08, 2019.0...

10CVSS7.5AI score0.74232EPSS
Exploits3References5
OSV
OSV
added last week3 views

USN-8501-1 linux vulnerabilities

It was discovered that a logic flaw existed in the XFRM ESP-in-TCP subsystem in the Linux kernel when handling socket buffer fragments. This flaw is known as Fragnesia. A local attacker could use this to escalate privileges, or possibly escape a container. CVE-2026-43503 Several security issues...

9.8CVSS7.1AI score0.00563EPSS
Exploits11References15
OSV
OSV
added 2026/07/01 5:15 p.m.7 views

USN-8493-1 linux, linux-aws, linux-aws-5.15, linux-aws-fips, linux-azure, linux-azure-5.15, linux-azure-fde-5.15, linux-fips, linux-gcp, linux-gcp-fips, linux-gke, linux-gkeop, linux-hwe-5.15, linux-ibm, linux-ibm-5.15, linux-intel-iot-realtime, linux-intel-iotg, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-nvidia, linux-nvidia-tegra, linux-nvidia-tegra-5.15, linux-nvidia-tegra-igx, linux-oracle, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - RISC-V architecture; - Cryptographic API; - InfiniBand drivers; - IOMMU subsystem; - Network drivers; -...

9.8CVSS6.3AI score0.09796EPSS
Exploits4References65
NVD
NVD
added 2026/07/01 4:16 p.m.11 views

CVE-2026-24247

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and information disclosure...

7.8CVSS0.00169EPSS
Exploits0References3
Rows per page
Query Builder