Lucene search
K

1132 matches found

RedHat Linux
RedHat Linux
added 6 days ago4 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS6.6AI score0.00343EPSS
Exploits1References5
EUVD
EUVD
added last week7 views

EUVD-2026-40971

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

5.8AI score0.00164EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

6.9CVSS6.5AI score0.00343EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/06/28 1:8 a.m.8 views

SUSE CVE-2026-53320

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...

5.8AI score0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:40 p.m.7 views

CVE-2026-53302

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

5.8AI score0.00121EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:40 p.m.9 views

CVE-2026-53281

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d "iommu/vt-d: Avoid use of NULL after WARNONONCE" fixed a NULL pointer dereference in an unlikely situation partly. If devpasid is not found in...

8.8CVSS5.7AI score0.0012EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51983

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists when querying information for an offloaded BPF map or program. The functions bpf map offload info fill ns and bpf prog offload info fill ns use get netdev...

6AI score0.00145EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: amt: fixed a possible memory leak in amtrcv If amt receives packets and finds a socket; if it cannot find a socket, it should free the received skb. However, this is not done, resulting in a possible memory leak...

5.5CVSS5.3AI score0.00243EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fixed a general protection fault in nilfsbtreeinsert If nilfs2 reads a corrupted disk image and attempts to read a b-tree node by calling nilfsbtreegetblock against an invalid virtual block address, it returns -ENOENT...

5.5CVSS6AI score0.00241EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.7 views

Photon OS 4.0: Dotnet PHSA-2026-4.0-1036

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.8CVSS6.8AI score0.0243EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References7
CVE
CVE
added 2026/06/10 8:39 p.m.18 views

CVE-2026-53741

CVE-2026-53741 affects Simple Link Directory up to version 9.0.4. The root cause is that the sld_no_results_found option is interpolated into a JavaScript string literal without encoding. Because sanitize_text_field leaves quotes intact, a stored payload can break out of the string and execute sc...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.31 views

CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option

Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/10 8:39 p.m.9 views

CVE-2026-53741 Simple Link Directory through 9.0.4 Stored XSS via sld_no_results_found Option

Simple Link Directory through 9.0.4 interpolates the sldnoresultsfound option into a JavaScript string literal without encoding. Because sanitizetextfield leaves quotes intact, a stored payload breaks out of the string and runs script for every page visitor...

5.4CVSS5.4AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48330

Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle dht get network-libp2p/src/swarm.rs. Prior to version 1.4.0, when a peer returns a FoundRecord, the code verifies the reco...

5.3CVSS5.5AI score0.00297EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.9 views

CVE-2026-6164

A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the publi...

7.5CVSS7AI score0.00254EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 7:33 p.m.8 views

External Control of System or Configuration Setting

Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the found-action process. An attacker can execute arbitrary shell commands on the host system by sending specially crafted JSON data to the REST API server endpoint when it is...

10CVSS6.1AI score0.01051EPSS
Exploits2References2
Snyk
Snyk
added 2026/05/27 7:33 p.m.8 views

External Control of System or Configuration Setting

Overview Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the found-action process. An attacker can execute arbitrary shell commands on the host system by sending specially crafted JSON data to the REST API server endpoint when it is...

10CVSS6.1AI score0.01051EPSS
Exploits2References2
Cvelist
Cvelist
added 2026/05/27 5:34 p.m.45 views

CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS0.01051EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/27 5:34 p.m.12 views

CVE-2026-45087 Dalfox: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, when dalfox is started in REST API server mode dalfox server, the server binds to 0.0.0.0:6664 by default and requires no API key unless the operator explicitly passes --api-key. Because model.Options...

10CVSS6AI score0.01051EPSS
Exploits2References2
Rows per page
Query Builder