Lucene search
K

35399 matches found

Cvelist
Cvelist
added 2026/06/25 8:38 a.m.26 views

CVE-2026-53163 locking/rtmutex: Skip remove_waiter() when waiter is not enqueued

In the Linux kernel, the following vulnerability has been resolved: locking/rtmutex: Skip removewaiter when waiter is not enqueued syzbot triggered the following splat in removewaiter via FUTEXCMPREQUEUEPI: KASAN: null-ptr-deref in range 0x0000000000000a88-0x0000000000000a8f...

0.0018EPSS
Exploits0References6
Metasploit
Metasploit
added 2026/06/24 7:4 p.m.134 views

Next.js Middleware Authorization Bypass Scanner

This module detects self-hosted Next.js applications affected by CVE-2025-29927, an authorization bypass in the middleware layer. Next.js tags its own internal subrequests with the x-middleware-subrequest header and skips middleware when it sees it. The header is trusted without verifying it...

9.1CVSS6.9AI score0.99621EPSS
Exploits58
EUVD
EUVD
added 2026/06/24 6:32 p.m.3 views

EUVD-2026-38896

In the Linux kernel, the following vulnerability has been resolved: usb: typec: Fix error pointer dereference The variable tps-partner is checked for an error pointer and then if it is, it sends an error message but does not return and then immediately dereferenced a few lines below: tps-partner ...

5.7AI score0.00166EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.2 views

EUVD-2026-38934

In the Linux kernel, the following vulnerability has been resolved: drm/sun4i: backend: fix error pointer dereference The function drmatomicgetplanestate can return an error pointer and is not checked for it. Add error pointer check. Detected by Smatch: drivers/gpu/drm/sun4i/sun4ibackend.c:496...

5.7AI score0.00161EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:30 p.m.7 views

CVE-2026-53066

In the Linux kernel, the drm/sun4i backend fixed an error pointer dereference: drm_atomic_get_plane_state() could return an error pointer and was not checked in sun4i_backend_atomic_check(), risking a dereference of plane_state. The issue is resolved by adding an error pointer check. Connected re...

5.7AI score0.00161EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: mptcp: Fixed the detection of protocol fallback using BPF. The sockmap feature allows for BPF syscall from user space, or based on BPF sockops, replacing the skprot of sockets during protocol stack processing with sockmap’s...

6AI score0.0018EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fixed a crash in perf when using the new isusertask helper. To obtain a user space stacktrace, the current task must be a user task that has executed in user space. It was previously possible to determine whether a...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Circl
Circl
added 2026/06/24 2:16 p.m.6 views

CVE-2026-9616

creationtimestamp| type| source ---|---|--- 2026-06-24 14:16:07+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mp24455p5l2g...

4.3CVSS5.8AI score0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 11:53 a.m.6 views

CVE-2025-71354

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.debugobj.ObjectTreeItem.SetText function in reduce methods. Attackers can craft pickle files with embedded code that bypasses picklescan detection and executes arbitrary commands when pickle.load is called...

8.1CVSS6.1AI score0.00253EPSS
Exploits0References3
Circl
Circl
added 2026/06/24 10:49 a.m.6 views

CVE-2026-52941

creationtimestamp| type| source ---|---|--- 2026-06-24 10:49:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mozqkrljyh2t 2026-07-01 02:47:23+00:00| seen| https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0812...

5.7AI score0.00164EPSS
Exploits0References2
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2025-71341

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS0.00466EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.12 views

CVE-2025-71376

CVE-2025-71376 affects the Python package picklescan prior to 0.0.29. The vulnerability arises because idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods is not detected, allowing attackers to embed code in pickle files that executes arbitrary commands when loaded by victims. T...

8.1CVSS6.1AI score0.003EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.10 views

CVE-2025-71370

Vulnerability summary (CVE-2025-71370): picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via p...

8.1CVSS6.2AI score0.00379EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:12 p.m.6 views

CVE-2025-71365

The CVE affects picklescan (before 0.0.33) where the detector fails to catch malicious pickle payloads that invoke numpy.f2py.crackfortran.myeval via the reduce method, allowing arbitrary code execution when loaded. Root cause: detection bypass in pickle loading path. Impact: remote code executio...

8.1CVSS6.3AI score0.003EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:12 p.m.6 views

EUVD-2025-210305

picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution whe...

8.1CVSS6.5AI score0.00466EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:12 p.m.31 views

CVE-2025-71365 picklescan - Arbitrary Code Execution via numpy.f2py.crackfortran.myeval Detection Bypass

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS0.003EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:12 p.m.4 views

CVE-2025-71365

picklescan before 0.0.33 fails to detect malicious pickle files that invoke numpy.f2py.crackfortran.myeval function through the reduce method. Attackers can craft malicious pickle files embedding arbitrary code that evades picklescan detection and executes remote code when loaded...

8.1CVSS6.3AI score0.003EPSS
Exploits0References3
NVD
NVD
added 2026/06/22 10:16 p.m.9 views

CVE-2025-71339

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.evallength gadget in pickle reduce methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded by victims who trust Picklescan's safety validation...

8.1CVSS0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2025-71358

picklescan before 0.0.29 fails to detect malicious pickle files that exploit idlelib.autocomplete.AutoComplete.getentity function in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims using pickle.load...

8.1CVSS0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/06/22 9:16 p.m.15 views

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...

6.9CVSS0.00123EPSS
Exploits0References3
Rows per page
Query Builder