Lucene search
K

219802 matches found

SUSE CVE
SUSE CVE
added 2026/05/05 1:48 a.m.10 views

SUSE CVE-2026-6948

Velociraptor versions prior to 0.76.4 contain a resource exhaustion vulnerability in the server's agent control channel. This allows a compromised or rogue Velociraptor client to crash the server via out-of-memory OOM by sending crafted messages through the normal client communication channel...

4.9CVSS5.8AI score0.00344EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37218

Name of the Vulnerable Software and Affected Versions Sandboxie versions prior to 1.17.3 Description A local denial of service exists in the Sandboxie kernel driver. An unprivileged process running inside a Standard Sandbox can send a malformed IOCTL Input/Output Control to the...

8.2CVSS5.8AI score0.00152EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.11 views

PT-2026-37084

Name of the Vulnerable Software and Affected Versions Crestron devices affected versions not specified Description A hidden console command contains a command injection flaw occurring when control characters are passed to its second argument. This issue exists in the way the console command is...

7.4CVSS5.9AI score0.00753EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

Sandboxie 输入验证错误漏洞

Sandboxie is an open-source isolation software based on a sandbox mechanism, developed by sandboxie-plus. Versions of Sandboxie starting from 1.17.2 and earlier contain a vulnerability related to input validation errors. This vulnerability stems from unauthorized processes sending malformed IOCTL...

8.2CVSS5.8AI score0.00152EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Eclipse Equinox OSGi 访问控制错误漏洞

Eclipse Equinox OSGi is a modular runtime framework developed by the Eclipse Foundation. Versions 3.8 to 3.18 of Eclipse Equinox OSGi contain access control vulnerability issues. This vulnerability stems from a remote code execution flaw in the console interface, allowing unauthenticated attacker...

9.8CVSS6.7AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-36973

A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function git operation of the file src/code mcp/server.py of the component MCP Tool. Performing a manipulation of the argument operation results in command injection. The attac...

7.5CVSS6.8AI score0.01339EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

Google Chrome 访问控制错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a access control vulnerability. This vulnerability stemmed from insufficient policy enforcement in Autofill, which could allow remote attackers to exploit the vulnerability through...

4.3CVSS5.8AI score0.00157EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 12:0 a.m.23 views

CVE-2026-36355

The CVE-2026-36355 issue affects the Realtek rtl8192cd Wi‑Fi kernel driver in the rtl819x Jungle SDK (all known versions up to v3.4.14B). The underlying problem is missing access checks on the debug handlers write_mem (ioctl 0x89F5) and read_mem (ioctl 0x89F6), which are compiled into production ...

7.7CVSS5.8AI score0.0068EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37092

Name of the Vulnerable Software and Affected Versions redis-server versions prior to 8.6.3 Description Redis is an in-memory data structure store. The RESTORE command fails to properly validate serialized values. An authenticated attacker with permissions to execute this command can provide a...

9CVSS6.2AI score0.02995EPSS
Exploits0References59
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.7 views

PT-2026-37093

Name of the Vulnerable Software and Affected Versions RedisBloom versions prior to 2.8.20 Description RedisBloom, a probabilistic data structures module for Redis, fails to properly validate serialized values processed via the 'RESTORE' command. An authenticated attacker with permissions to execu...

9CVSS6.2AI score0.01206EPSS
Exploits0References31
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a security vulnerability. This vulnerability stemmed from insufficient execution of the Extensions policy, which could allow remote attackers to bypass autonomous access control...

4.2CVSS5.9AI score0.00172EPSS
Exploits0References3
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/05/05 12:0 a.m.15 views

InstallFix and Claude Code: How Fake Install Pages Lead to Real Compromise

Targeting multiple industries worldwide, the InstallFix campaign uses fake Claude AI installer pages to trick users into running malware that collects system information, disables security features, achieves persistence, and connects to attacker-controlled C&C servers for additional payloads...

5.8AI score
Exploits0
RedHat Linux
RedHat Linux
added 2026/05/04 10:20 p.m.13 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/04 10:20 p.m.16 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

9.8CVSS6.1AI score0.96775EPSS
Exploits228References5
RedHat Linux
RedHat Linux
added 2026/05/04 9:46 p.m.22 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

9.8CVSS6.2AI score0.96775EPSS
Exploits228References5
RedHat Linux
RedHat Linux
added 2026/05/04 9:46 p.m.8 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/04 9:30 p.m.10 views

Access Control Bypass

Overview rdiffweb is an A web interface to rdiff-backup repositories. Affected versions of this package are vulnerable to Access Control Bypass via the API authentication process. An attacker can gain unauthorized access to other users' data and perform actions on their behalf by using any valid ...

8.6CVSS5.8AI score0.00245EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/04 9:28 p.m.10 views

Directory Traversal

Overview org.webjars.npm:fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Directory Traversal via the normalize or equal functions. An attacker can bypass path-based access controls by submitting specially crafted percent-encoded or dot segmen...

8.7CVSS6.3AI score0.00521EPSS
Exploits0References2
OSV
OSV
added 2026/05/04 9:14 p.m.5 views

GHSA-93RG-2XM5-2P9V OpenClaw's Gateway Control UI bootstrap config required Gateway auth

Summary Gateway Control UI bootstrap config required Gateway auth. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact When Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without ...

6.9CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 9:14 p.m.16 views

OpenClaw's Gateway Control UI bootstrap config required Gateway auth

Summary Gateway Control UI bootstrap config required Gateway auth. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact When Gateway authentication was enabled, the Control UI bootstrap config endpoint could still be read without ...

5.8AI score
Exploits0References3Affected Software1
Rows per page
Query Builder