Lucene search
K

8970 matches found

RedhatCVE
RedhatCVE
added 2026/05/28 3:44 a.m.19 views

CVE-2026-9793

A flaw was found in Keycloak. When a JSON Web Encryption JWE encrypted request object is submitted, Keycloak may incorrectly process unsigned claims if the decrypted content is raw JSON, bypassing the configured signature policy. This allows a remote attacker to submit unauthorized claims, leadin...

7.5CVSS5.7AI score0.0012EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 3:0 a.m.15 views

CVE-2026-45892

A flaw was found in the Linux kernel's ext4 filesystem. This vulnerability occurs during certain buffered write operations when splitting unwritten data blocks, known as extents. A logic error can lead to an inconsistency where the filesystem's internal record of data blocks the extent status tre...

7CVSS5.7AI score0.00155EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 2:43 a.m.15 views

CVE-2026-45899

A flaw was found in the Linux kernel, specifically within the ext4 filesystem's extent cache management. When an operation to split an extent fails, the system may not properly clear all related entries, leading to stale extent entries remaining in the extent status tree. This can result in data...

7CVSS5.8AI score0.0016EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 2:25 a.m.14 views

CVE-2026-45903

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. This vulnerability occurs because several BPF helper functions lack proper memory access flags, such as MEMRDONLY or MEMWRITE. Consequently, the verifier may incorrectly assume that buffer contents remain unchanged across...

7.1CVSS5.9AI score0.00157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 1:53 a.m.14 views

CVE-2026-45912

A flaw was found in the Linux kernel's ext4 filesystem. During certain file operations, specifically when splitting data extents, an issue with caching can lead to incorrect tracking of disk space. This can result in errors in space accounting, potentially impacting data integrity and the overall...

7CVSS5.8AI score0.00123EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 12:19 a.m.16 views

CVE-2026-45942

A flaw was found in the Linux kernel's ext4 filesystem. A race condition exists between page migration and bitmap modification within the loadbuddy function. This can lead to bitmap inconsistencies and false positive corruption reports during certain workloads. This issue can affect data integrit...

7.8CVSS5.8AI score0.00099EPSS
Exploits0References4
Redos
Redos
added 2026/05/28 12:0 a.m.15 views

ROS-20260528-73-0001

The vulnerability of the getdumpable function in the Linux operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

7.8CVSS5.8AI score0.0138EPSS
Exploits6
RedhatCVE
RedhatCVE
added 2026/05/27 5:27 p.m.13 views

CVE-2026-46091

A flaw was found in the igorplugusb component of the Linux kernel. The USB request structure, when handled by Direct Memory Access DMA on certain host controllers, did not properly follow DMA coherency rules. This oversight could lead to data integrity issues or unexpected system behavior, as the...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/27 5:0 p.m.27 views

CVE-2026-46095

A flaw was found in the Linux kernel's RAID Redundant Array of Independent Disks driver component. A race condition can occur when the system attempts to write or discard data, as a necessary synchronization barrier is not properly established before critical state changes. This oversight could...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 2:17 p.m.14 views

CVE-2026-45985

In the Linux kernel, the following vulnerability has been resolved: ext4: don't set EXT4GETBLOCKSCONVERT when splitting before submitting I/O When allocating blocks during within-EOF DIO and writeback with dioreadnolock enabled, EXT4GETBLOCKSPREIO was set to split an existing large unwritten...

5.5CVSS0.00123EPSS
Exploits0References7
CVE
CVE
added 2026/05/27 12:57 p.m.20 views

CVE-2026-46045

Technical details for CVE-2026-46045 are not provided in the connected documents. Affected products/versions and patch information are not specified. Monitor vendor advisories and CVE sources for updates.

7.8CVSS5.8AI score0.00127EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 8:52 a.m.11 views

CVE-2026-28374

A flaw was found in Grafana. An authenticated editor user could exploit this vulnerability to delete any annotation, even those for which they lack read permissions. This unauthorized action compromises the integrity of data by allowing deletion of information beyond their intended access scope...

4.3CVSS5.7AI score0.00198EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:53 a.m.12 views

CVE-2026-40829

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00295EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 7:53 a.m.15 views

CVE-2026-40828

CVE-2026-40828 describes an unauthenticated SQL injection in the DeleteSysLogEntry function, enabling a high-privilege remote attacker to read the entire database and delete entries in a non-critical table. Affected impact includes total confidentiality loss and some integrity loss. CVSS metrics ...

7CVSS6AI score0.00295EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 7:52 a.m.31 views

CVE-2026-40825 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:50 a.m.9 views

CVE-2026-40824 Authenticated SQLi in accountstatus view

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

7CVSS6AI score0.00239EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 7:18 a.m.13 views

CVE-2025-41669 Insufficient Verification of Data Authenticity

The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the PLCnext Store without implementing any data verification mechanism, leading to the capability for an Engineer user to reach arbitrary code execution with root...

8.8CVSS6.4AI score0.00218EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 7:18 a.m.19 views

CVE-2025-41669

The CVE-2025-41669 entry concerns the PLCnext platform’s Web-based Management. A remote, low-privileged Engineer can install additional APPs downloaded from the PLCnext Store without data verification, enabling arbitrary code execution with root privileges on the PLCnext Control. This could impac...

8.8CVSS6.4AI score0.00218EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43595

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the view.html.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...

7CVSS6AI score0.00295EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

7CVSS5.9AI score0.00295EPSS
Exploits0References1
Rows per page
Query Builder