Lucene search
K

3332 matches found

OSV
OSV
added 6 days ago3 views

UBUNTU-CVE-2026-53348

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdcadevunregisterfunctions sdcadevunregisterfunctions iterates over all SDCA function descriptors and calls sdcadevunregister on each funcdev without checking for NULL. When a function...

5.7AI score0.00145EPSS
Exploits0References5
Cvelist
Cvelist
added last week36 views

CVE-2026-50279 Craft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gap

Craft CMS is a content management system CMS. IN versions 5.0.0-RC1 and above prior to 5.9.21, theEntriesController::actionSaveEntry performs entry-edit permission checks before request-controlled author changes are applied to the model, allowing for authorship spoofing. The subsequent author...

7.6CVSS0.00245EPSS
Exploits0References2
CVE
CVE
added last week30 views

CVE-2026-55794

Craft CMS

8.7CVSS5.8AI score0.00293EPSS
Exploits0References2
Cvelist
Cvelist
added last week35 views

CVE-2026-55794 Craft CMS: Potential authenticated Remote Code Execution via referrer redirect

Craft CMS is a content management system CMS. In versions 5.9.0 and above prior to 5.10.0, control panel users with the ability to edit entries can execute unsandboxed Twig code via the HTTP Referrer header, potentially leading to authenticated RCE. The issue happens when a user is saving entries...

8.7CVSS0.00293EPSS
Exploits0References2
CVE
CVE
added last week12 views

CVE-2026-55793

Craft CMS versions 5.0.0-RC1–5.9.22 are affected by a stored XSS in a Structure entry title. An author-level control panel user can insert malicious JavaScript into an entry title. When a victim with saveEntries permission drags another entry under the poisoned one in table view, the payload exec...

5.9CVSS5.7AI score0.00412EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added last week7 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS5.8AI score0.00904EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added last week6 views

crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries

A flaw was found in the crypto/x509 package of golang. This vulnerability allows a remote attacker to cause a Denial of Service DoS by presenting a specially crafted X.509 certificate with a large number of DNS Subject Alternative Name SAN entries. The certificate verification process, specifical...

7.5CVSS5.8AI score0.00904EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 1:32 p.m.5 views

EUVD-2026-40970

In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...

5.8AI score0.00156EPSS
Exploits0References5
CVE
CVE
added 2026/07/01 1:32 p.m.11 views

CVE-2026-53333

The CVE-2026-53333 entry describes a Linux kernel vulnerability in mm/mincore where mincore_pte_range() could spuriously WARN and report nonresident pages on !CONFIG_SWAP kernels due to the !IS_ENABLED(CONFIG_SWAP) guard running before certain non-swap entries are checked. The fix moves the guard...

5.8AI score0.00154EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/07/01 1:32 p.m.4 views

CVE-2026-53333

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIGSWAP builds when CONFIGMIGRATION or CONFIGMEMORYFAILURE is...

5.7AI score0.00154EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 1:32 p.m.5 views

EUVD-2026-40967

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIGSWAP builds when CONFIGMIGRATION or CONFIGMEMORYFAILURE is...

5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/30 9:55 a.m.7 views

EUVD-2026-40285

Improper Input Validation vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. An attacker that has access to publish or modify entries in LDAP that match the configured searchBase and searchFilter can instantiate denied transports inside the broker JVM. This can be used...

7.5CVSS5.7AI score0.00659EPSS
Exploits0References1
CVE
CVE
added 2026/06/30 6:0 a.m.11 views

CVE-2026-11581

The CVE-2026-11581 entry concerns the Kali Forms — Contact Form & Drag-and-Drop Builder for WordPress, vulnerable before version 2.4.13. The form captions (columns on the form-entries admin screen) are not sanitized, allowing stored XSS where a user with Contributor-level access (or higher) can i...

5.9CVSS5.8AI score0.0014EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/29 7:55 p.m.4 views

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-570_116_1, kpatch-patch-5_14_0-570_17_1, kpatch-patch-5_14_0-570_39_1, kpatch-patch-5_14_0-570_66_1, and kpatch-patch-5_14_0-570_94_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS6.2AI score0.00353EPSS
Exploits13References3
NVD
NVD
added 2026/06/29 6:16 p.m.7 views

CVE-2026-57946

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS0.00272EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 5:18 p.m.8 views

EUVD-2026-40163

Invidious before version 2.20260626.0 contains a broken access control vulnerability that allows unauthenticated attackers to retrieve private playlist contents by accessing the RSS feed playlist endpoint without authentication. Attackers can supply a playlist ID to the feed endpoint to obtain th...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References5
CVE
CVE
added 2026/06/29 5:18 p.m.11 views

CVE-2026-57946

CVE-2026-57946 affects Invidious prior to version 2.20260626.0. A broken access control allows unauthenticated attackers to fetch private playlist contents by requesting the RSS feed playlist endpoint with a playlist ID, exposing the full playlist, owner email address, and associated video entrie...

6.3CVSS5.8AI score0.00272EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/29 1:53 p.m.7 views

CVE-2026-53155

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: use correct flags for device private PMD entry Commit 65edfda6f3f2 "mm/rmap: extend rmap and migration support device-private entries" updated setpmdmigrationentry to use pmdphugegetandclear in the softleaf case, b...

5.5CVSS5.4AI score0.00172EPSS
Exploits0References4
CVE
CVE
added 2026/06/29 12:27 p.m.16 views

CVE-2026-40524

CVE-2026-40524 affects FrontAccounting

8.1CVSS6AI score0.00276EPSS
Exploits0References4
OSV
OSV
added 2026/06/28 2:16 a.m.2 views

UBUNTU-CVE-2026-58051

libssh2 through 1.11.1 grows its publickey list with SSH2REALLOC but does not zero-initialize new entries before parsing populates them, so a parse failure reaching the cleanup path leaves libssh2publickeylistfree operating on an uninitialized entry. A malicious SSH server offering the publickey...

8.3CVSS5.8AI score0.0028EPSS
Exploits0References6
Rows per page
Query Builder