Lucene search
K

437 matches found

Cvelist
Cvelist
added 2026/05/28 7:51 p.m.31 views

CVE-2026-49093 Server-Side Request Forgery (SSRF) in Kibana Leading to Unauthorized Network Access

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS0.00199EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 7:51 p.m.37 views

CVE-2026-49093

CVE-2026-49093 describes a Server-Side Request Forgery (SSRF) in Kibana that can be exploited by an authenticated user with connector management privileges to bypass the operator-configured allowlist and make Kibana issue outbound requests to blocked destinations. The issue affects Kibana 9.x ver...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/28 7:51 p.m.9 views

EUVD-2026-33035

Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block...

6.3CVSS5.8AI score0.00199EPSS
Exploits0References1
NVD
NVD
added 2026/05/28 10:16 a.m.12 views

CVE-2026-46153

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

5.5CVSS0.00112EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 10:16 a.m.8 views

UBUNTU-CVE-2026-46153

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.36 views

CVE-2026-46153 8021q: delete cleared egress QoS mappings

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

0.00112EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/28 9:36 a.m.11 views

EUVD-2026-32780

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

5.8AI score0.00112EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.9 views

CVE-2026-46153

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

5.8AI score0.00112EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/05/28 9:36 a.m.36 views

CVE-2026-46153

CVE-2026-46153 affects the Linux kernel 8021q VLAN code. The vulnerability arises because vlan_dev_set_egress_priority() kept cleared egress priority mappings as tombstones in a hash, allowing repeated set/clear cycles with different skb priorities to accumulate nodes and cause memory leakage. Th...

5.5CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 9:36 a.m.10 views

CVE-2026-46153

In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlandevsetegresspriority currently keeps cleared egress priority mappings in the hash as tombstones. Repeated set/clear cycles with distinct skb priorities therefore accumulate mapping...

5.5CVSS5.7AI score0.00112EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44535

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An authenticated user with connector management privileges can perform a Server-Side Request Forgery SSRF, which is a flaw that allows an attacker to induce the server-side application to make...

7.7CVSS5.8AI score0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.22 views

PT-2026-44276

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description A memory leak occurs in the 8021q module when vlan dev set egress priority is used. The system keeps cleared egress priority...

9.8CVSS5.9AI score0.00525EPSS
Exploits0References349
RedHat Linux
RedHat Linux
added 2026/05/20 2:0 p.m.33 views

kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation

A flaw was found in the Linux kernel. A use-after-free vulnerability exists in the traffic control actct path when it is incorrectly configured with non-ingress egress qdiscs queueing disciplines. This can allow a local user with specific privileges to trigger a kernel crash, leading to a denial ...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: bridge: Fixed an issue where the dstclone function was used, but the result was set incorrectly. This issue arises because the entry might have a reference count of 0 or be already deleted, causing various problems...

7.8CVSS6.2AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: vlan: Fixed a memory leak in vlannewlink. The responsible commit added back a bug that I fixed in commit 9bbd917e0bec “vlan: fixed a memory leak in vlandevsetegresspriority”. If a memory allocation fails in vlanchangelink afte...

5.5CVSS6.4AI score0.00252EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Rejects redirects of skmsg messages to non-TCP sockets With a SOCKMAP/SOCKHASH map and a skmsg program, users can direct messages sent from one TCP socket s1 to actually exiting from another TCP socket s2...

5.5CVSS6.2AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mptcp: handle large GSO sizes After the committed code below, TCP sockets and MPTCP subflows can generate egress packets that are larger than 64K. This exceeds the maximum DSS data size; the packet length is misrepresented over t...

5.5CVSS5.9AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 8:17 p.m.30 views

CVE-2026-8629

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

8.6CVSS0.00338EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/14 7:11 p.m.31 views

EUVD-2026-30419

Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to ticket endpoints. Attackers can exploit insufficient access control checks on the...

8.6CVSS5.8AI score0.00338EPSS
Exploits0References4
CVE
CVE
added 2026/05/14 7:11 p.m.26 views

CVE-2026-8629

Crabbox before v0.12.0 contains a privilege-escalation flaw where users with shared visibility-only access can obtain Code, WebVNC, and Egress agent tickets by abusing insufficient access controls on /v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, and /v1/leases/:id/egress/ticket. This ...

8.6CVSS5.8AI score0.00338EPSS
Exploits0References4
Rows per page
Query Builder