Lucene search
K

61309 matches found

NVD
NVD
added 2026/06/18 8:16 p.m.9 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/06/18 7:26 p.m.14 views

CVE-2026-48980

The PAM module pam_usb is affected by a local-access vulnerability in earlier releases (pre-0.9.2) where getenv() in a PAM context returns attacker-controlled values for XRDP_SESSION, DISPLAY, and TMUX when the environment is manipulated by a local user. These values influence local-vs-remote ses...

6.3CVSS5.3AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 7:26 p.m.15 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 6:37 p.m.19 views

CVE-2026-47847

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS0.00187EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 3:5 p.m.3 views

GHSA-CF98-J28V-49V6 OpenFGA Improper Policy Enforcement

Description In OpenFGA, when MySQL is being used as the datastore, two distinct check requests can return the same response. Preconditions This applies if the following preconditions are met: 1. You run OpenFGA with MySQL as the datastore 2. Your authorization decisions rely on case-sensitive use...

2.1CVSS5.4AI score
Exploits0References2
OSV
OSV
added 2026/06/18 2:30 p.m.2 views

SUSE-SU-2026:22159-1 Security update for distribution

This update for distribution fixes the following issues - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1265788. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation...

10CVSS5.9AI score0.00781EPSS
Exploits1References21
NVD
NVD
added 2026/06/18 2:17 p.m.12 views

CVE-2026-42489

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

5.3CVSS0.00078EPSS
Exploits0References1
OSV
OSV
added 2026/06/18 12:0 p.m.7 views

BIT-MARIADB-GALERA-2026-47847 Default replication credential monitor:monitor created

Bitnami MariaDB Galera container images and Helm chart are affected by a hardcoded default credential vulnerability in the Galera replication health-check user. The MARIADBREPLICATIONUSER and MARIADBREPLICATIONPASSWORD environment variables defaulted to monitor and monitor respectively. This user...

5.3CVSS5.5AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 11:52 a.m.10 views

EUVD-2026-37880

An authentication bypass vulnerability exists in the generic opaque token validation path validateOpaqueToken of googleapis/mcp-toolbox. When the toolbox validates an opaque token via an OAuth 2.0 introspection endpoint RFC 7662, it decodes the response into an introspectResp struct. However, the...

9.3CVSS5.4AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 8:16 a.m.12 views

CVE-2026-55744

Cotonti 1.0.0 master branch, commit f43f1fc3 is vulnerable to Cross-Site Request Forgery in the Personal File Storage PFS module. In modules/pfs/inc/pfs.main.php, the file upload action 'a=upload' processes uploaded files without calling cotcheckxg to validate the anti-CSRF token, even though...

8.6CVSS0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 8:16 a.m.10 views

CVE-2026-28573

In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00138EPSS
Exploits0References1
Mageia
Mageia
added 2026/06/18 7:22 a.m.13 views

Updated libcap packages fix security vulnerabilities

CVE-2026-4878. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By...

7CVSS5.2AI score0.00188EPSS
Exploits1References3
OSV
OSV
added 2026/06/18 7:22 a.m.5 views

MGASA-2026-0221 Updated libcap packages fix security vulnerabilities

CVE-2026-4878. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By...

7CVSS5.2AI score0.00188EPSS
Exploits1References4
CVE
CVE
added 2026/06/18 6:29 a.m.27 views

CVE-2026-28573

CVE-2026-28573 affects Android Wear OS via a Framework component vulnerability described as a local denial of service in AndroidManifest.xml due to a missing permission check. The CVE is characterized as high severity with a CVSSv4 base score of 10.0 (AV:N/AC:L/PR:N/UI:N/S:I:H/CI:H/AI:H; impacts ...

10CVSS5.6AI score0.00138EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/18 6:29 a.m.8 views

EUVD-2026-37857

In AndroidManifest.xml, there is a possible persistent denial of service due to a missing permission check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.5AI score0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.11 views

PT-2026-50730

Name of the Vulnerable Software and Affected Versions OpenFGA versions prior to 1.18.0 Description When using MySQL as the datastore, the system may return identical responses for two distinct check requests. This occurs when authorization decisions depend on case-sensitive user strings...

2.1CVSS5.8AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.16 views

PT-2026-50641

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description A missing permission check in the AndroidManifest.xml file allows for a persistent local denial of service. This issue can be triggered without requiring user interaction or additional...

10CVSS6AI score0.00138EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Siemens RUGGEDCOM RST2428P Infinite Loop (CVE-2026-23220)

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix infinite loop caused by nextsmb2rcvhdroff reset in error paths The problem occurs when a signed request fails smb2 signature verification check. In processrequest, if checksignreq returns an error, setsmb2rspstatuswork...

5.5CVSS5.9AI score0.00118EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.5 views

Siemens RUGGEDCOM RST2428P Improper Input Validation (CVE-2026-23111)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix inverted genmask check in nftmapcatchallactivate nftmapcatchallactivate has an inverted element activity check compared to its non-catchall counterpart nftmapelemactivate and compared to what is logically...

7.8CVSS6.1AI score0.00344EPSS
Exploits6References3
CVE
CVE
added 2026/06/17 8:7 p.m.19 views

CVE-2026-11407

PIMCORE CMS/DXP 12.3.8 contains a sandbox bypass in the Twig SecurityPolicy (checkMethodAllowed and checkPropertyAllowed). Authenticated administrative attackers can craft malicious Twig templates via DataObject ClassDefinition Layout\Text to execute arbitrary PHP object methods, perform file rea...

8.6CVSS6.8AI score0.00623EPSS
Exploits0References3
Rows per page
Query Builder