Lucene search
+L

2917 matches found

CVE
CVE
added 2026/06/24 4:30 p.m.11 views

CVE-2026-53083

The CVE-2026-53083 entry concerns the Linux kernel bpf subsystem. A missing cond_resched() in bpf_fd_array_map_clear() can cause RCU stalls when PROG_ARRAY maps have many entries, because prog_array_map_poke_run() is invoked per entry without yielding under load. The issue is triggered in the loo...

5.7AI score0.00156EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.1 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad – Fixing timeout handling When the CPU on which the QSPI interrupt handler runs typically CPU 0 is excessively busy, it can lead to rare cases where the IRQ thread does not run before the transfer timeout is...

5.9AI score0.00176EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: nbd: defer config put in recvwork There is one UAF issue in recvwork when running NBDCLEARSOCK and NBDCMDRECONFIGURE: - nbdgenlconnect // confref=2 connect and recvwork A - nbdopen // confref=3 - recvwork A completed //...

6AI score0.00165EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 8:0 a.m.12 views

CURL-CVE-2026-9546 sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.10 views

stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS5.8AI score0.01064EPSS
Exploits1References1Affected Software2
NVD
NVD
added 2026/06/24 7:16 a.m.13 views

CVE-2026-8705

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS0.00505EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 5:33 a.m.22 views

CVE-2026-8705

The CVE describes a SQL injection in the ClearSale Total WordPress plugin (versions <= 3.4.2). The vulnerability occurs via the pagseguro[metodo] POST parameter of the clearsale_total_push AJAX action, which is accessible to unauthenticated users (wp_ajax_nopriv_clearsale_total_push). Although...

7.5CVSS6.1AI score0.00505EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38672

The ClearSale Total plugin for WordPress is vulnerable to SQL Injection via the pagsegurometodo POST parameter of the clearsaletotalpush AJAX action in all versions up to, and including, 3.4.2. The handler is registered for unauthenticated users wpajaxnoprivclearsaletotalpush, and although a...

7.5CVSS6.1AI score0.00505EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.36 views

CVE-2026-7617 Secufor_OAuth <= 1.0.7 - Missing Authorization to Unauthenticated Account Logout via 'secuforoauth_unregister_action' AJAX Action

The SecuforOAuth plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to disconnect the WordPress...

5.3CVSS0.00295EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-52101

Name of the Vulnerable Software and Affected Versions Zephyr versions 4.1.0 through 4.4.0 Description The PL011 UART driver in drivers/serial/uart pl011.c contains an unbounded software loop within the pl011 irq tx enable function. This loop repeatedly invokes the interrupt-driven application...

6.5CVSS6AI score0.00164EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.17 views

PT-2026-52019

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock occurs in the Linux kernel when the value "clear" is written to the array state variable. The md attr store function breaks sysfs active protection to allow an array to delete...

6AI score0.00169EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51752

Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description A flaw exists where the software fails to clear proxy authentication credentials when instructed to do so. This results in old credentials remaining available and potentially being used for...

9.8CVSS5.8AI score0.01064EPSS
Exploits10References74
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51977

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.14.0-13195-g967e8def1100 Description An issue exists in the Linux kernel where the bpf fd array map clear function fails to yield the processor during its execution loop. For PROG ARRAY maps containing a large...

6.8CVSS6.1AI score0.00156EPSS
Exploits0References14
Github Security Blog
Github Security Blog
added 2026/06/15 8:12 p.m.18 views

DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...

5.5AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 8:12 p.m.9 views

GHSA-VXR8-FQ34-VVX9 DOMPurify: Trusted Types policy survives `clearConfig()` and can poison later `RETURN_TRUSTED_TYPE` output

Impact A DOMPurify instance that is reused across trust boundaries can stay bound to a previously supplied TRUSTEDTYPESPOLICY even after clearConfig is called. A later caller that requests RETURNTRUSTEDTYPE receives a TrustedHTML object created by the old policy, not by a clean default...

2.1CVSS5.5AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:28 p.m.13 views

PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...

3.7CVSS5.2AI score0.00222EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 5:28 p.m.8 views

GHSA-FHV5-28VV-H8M8 PyJWKClient unbounded JWKS endpoint requests via attacker-controlled kid values (DoS)

!NOTE The vulnerability surfaces only when a JWKS fetch fails; an attacker can attempt to provoke that with sustained unknown-kid traffic, but the outcome depends on upstream JWKS-endpoint behavior rate limiting, transient errors which is beyond the attacker's control. Impact is reduced auth...

3.7CVSS5.3AI score0.00222EPSS
Exploits0References4
Rockylinux
Rockylinux
added 2026/06/12 6:1 p.m.20 views

kernel-rt security update

An update is available for kernel-rt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel-rt packages provide the Real Time Linux Kernel, which enables...

9.8CVSS6.5AI score0.00563EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/10 8:9 p.m.27 views

Critical: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

9.8CVSS6.5AI score0.00563EPSS
Exploits0References14
Snyk
Snyk
added 2026/06/10 5:11 p.m.5 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the clearplugincache function. An attacker can cause deletion of arbitrary directories accessible to the server process by supplying crafted input containing directory traversal sequences. This can result in...

7.3CVSS6.5AI score0.0003EPSS
Exploits0References2
Rows per page
Query Builder