Lucene search
K

3177 matches found

Nuclei
Nuclei
added 2 days ago54 views

Drag and Drop Multiple File Upload - CF7 <= 1.3.9.6 - Remote Code Execution

Drag and Drop Multiple File Upload for Contact Form 7 WordPress plugin = 1.3.9.6 contains an unrestricted file upload caused by insufficient file type validation and bypass of filename sanitization with non-ASCII characters, letting unauthenticated attackers upload arbitrary files and achieve...

8.1CVSS6.3AI score0.04175EPSS
Exploits3References2
NVD
NVD
added 5 days ago14 views

CVE-2026-53359

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected role Commit 0cb2af2ea66ad "KVM: x86: Fix shadow paging use-after-free due to unexpected GFN" fixed a shadow paging mismatch between stored and computed GFNs; the bug...

0.00176EPSS
Exploits2References7
CVE
CVE
added 5 days ago193 views

CVE-2026-53359

CVE-2026-53359 concerns the Linux kernel KVM/x86 shadow paging use-after-free caused by a mismatch in GFN handling when a PDE is modified to a non-leaf page. After the PDE change and memslot deletion, rmap entries tied to the GFN may not be removed, and kvm_mmu_page_get_gfn() can compute an incor...

5.8AI score0.00176EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 5 days ago20 views

PT-2026-55697

Name of the Vulnerable Software and Affected Versions Linux KVM versions prior to 7.1.3 Linux KVM versions prior to 6.18.38 Linux KVM versions prior to 6.12.95 Linux KVM versions prior to 6.6.144 Linux KVM versions prior to 6.1.177 Linux KVM versions prior to 5.15.211 Linux KVM versions prior to...

6.3AI score0.00176EPSS
Exploits2References61
The Hacker News
The Hacker News
added 2026/07/01 5:18 p.m.24 views

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

Cybersecurity researchers have flagged a new multi-stage malware delivery attack chain that uses social engineering and Blogger pages to deliver an information stealer called PureLogs. The activity has been codenamed VEILDROP by Securonix. It's suspected that the initial payloads are distributed...

6.1AI score
Exploits0
EUVD
EUVD
added 2026/07/01 1:32 p.m.6 views

EUVD-2026-40962

In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...

5.8AI score0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 6:7 p.m.5 views

GHSA-55F6-4PR5-C7M5 Kahi has privilege-drop and socket/log permission issues

Kahi releases up to and including v0.1.0-alpha.8 contain three privilege/permission issues, all fixed in v0.1.0-alpha.9. They were identified in a full-codebase security review on 2026-05-26. Affected versions All releases = v0.1.0-alpha.8. Patched version v0.1.0-alpha.9. Details 1. Per-process...

5.8AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/27 12:0 a.m.8 views

EulerOS 2.0 SP15 : sudo (EulerOS-SA-2026-2509)

According to the versions of the sudo packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.9 views

Oracle Linux 9 : kernel (ELSA-2026-27789)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-27789 advisory. - net/sched: fix pedit partial COW leading to page cache corruption Ivan Vecera RHEL-177392 CVE-2026-46331 - scsi: qla2xxx: Completely fix fcport doub...

9.8CVSS7.2AI score0.00563EPSS
Exploits13References18
RedhatCVE
RedhatCVE
added 2026/06/25 11:8 p.m.7 views

CVE-2026-53070

A flaw was found in the Linux kernel's Stream Control Transmission Protocol SCTP over User Datagram Protocol UDP implementation. An issue with managing the transmission context across different processing units could lead to incorrect recursion level detection. This can cause network packets to b...

7.5CVSS5.8AI score0.0035EPSS
Exploits0References4
F5 Networks
F5 Networks
added 2026/06/25 4:26 p.m.18 views

K000161867: Linux kernel vulnerabilities CVE-2026-23291, CVE-2026-23292, CVE-2026-23298, and CVE-2026-23304

Security Advisory Description CVE-2026-23291 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "dangling" reference count on the usb interface that was...

5.5CVSS5.8AI score0.00123EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53220

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

5.5CVSS0.00127EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53197

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix ABBA deadlock in iptfsdestroystate iptfsdestroystate calls hrtimercancel while holding a spinlock that the timer callback also acquires, leading to an ABBA deadlock on SMP systems. For the output timer iptfstimer...

5.5CVSS0.00097EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.2 views

UBUNTU-CVE-2026-53220

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

6.8CVSS5.7AI score0.00127EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53220

CVE-2026-53220 affects the Linux kernel netfilter bridge path. ebt_redirect_tg() dereferences br_port_get_rcu() without a NULL check when a bridge port has been removed between the original hook and an NFQUEUE reinject, potentially causing a local kernel panic. Attack surface includes scenarios w...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.4 views

EUVD-2026-39311

In the Linux kernel, the following vulnerability has been resolved: netfilter: revalidate bridge ports ebtredirecttg dereferences brportgetrcu return without a NULL check, causing a kernel panic when the bridge port has been removed between the original hook invocation and an NFQUEUE reinject. A...

5.7AI score0.00127EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.26 views

CVE-2026-53215 net: mvpp2: refill RX buffers before XDP or skb use

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: refill RX buffers before XDP or skb use The RX error path returns the current descriptor buffer to the hardware BM pool. That is only valid while the driver still owns the buffer. mvpp2rxrefill can fail after the...

9.8CVSS0.00546EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52310

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mvpp2 network driver where the RX error path returns the current descriptor buffer to the hardware Buffer Manager BM pool. This action is only valid while the driv...

9.8CVSS6.1AI score0.00546EPSS
Exploits0References16
NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-53091

In the Linux kernel, the following vulnerability has been resolved: net: pull headers in qdiscpktlensegsinit Most ndostartxmit methods expects headers of gso packets to be already in skb-head. net/core/tso.c users are particularly at risk, because tsobuildhdr does a memcpyhdr, skb-data, hdrlen;...

8.4CVSS0.00123EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:30 p.m.20 views

CVE-2026-53091

The CVE-2026-53091 issue concerns the Linux kernel’s handling of GSO packet headers during qdisc_pkt_len_segs_init(). The root cause is that many ndo_start_xmit() paths assume headers are already in skb-&gt;head, while tso_build_hdr() may copy from skb-&gt;data, and qdisc_pkt_len_segs_init() diss...

8.4CVSS5.8AI score0.00123EPSS
Exploits0References5
Rows per page
Query Builder