Lucene search
+L

74 matches found

nessus
nessus
added 2026/06/30 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-41992

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different...

7.5CVSS6.2AI score0.00294EPSS
Exploits0References3
nvd
nvd
added 2026/06/29 12:16 p.m.9 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS0.00294EPSS
Exploits0References3
osv
osv
added 2026/06/29 12:16 p.m.9 views

UBUNTU-CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS6AI score0.00294EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/29 10:15 a.m.8 views

CVE-2026-41992 Global Buffer Overflow in GNU gzip

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

6.9CVSS6AI score0.00294EPSS
Exploits0References3
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fixed the issue where global state locks were locked backoff. We need to acquire the lock after the early return in the !hwpipe case. Otherwise, we might encounter contention but still return 0. This fix addresses a...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: drm/msm/mdp5: The return error code in mdp5piperelease occurs when a deadlock is detected. mdp5getglobalstate runs the risk of encountering an -EDEADLK error when acquiring the modeset lock. Currently, mdp5piperelease does not...

5.5CVSS6.5AI score0.00253EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: The return error code in mdp5mixerrelease is incorrect when a deadlock is detected. There is a possibility that mdp5getglobalstate may return-EDEADLK when acquiring the modeset lock. However, currently,...

5.5CVSS6.2AI score0.00253EPSS
Exploits0References2
cvelist
cvelist
added 2026/04/21 5:14 p.m.33 views

CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS0.00171EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2026/04/21 5:14 p.m.5 views

CVE-2026-40594 pyLoad: Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted prox...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References1
cve
cve
added 2026/04/21 5:14 p.m.28 views

CVE-2026-40594

CVE-2026-40594 affects pyLoad: the set_session_cookie_secure before_request in pyload/webui/app/init .py reads X-Forwarded-Proto without origin validation and mutates the global Flask SESSION_COOKIE_SECURE on every request. With Cheroot’s multi-threaded server (request_queue_size=512), this creat...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References1Affected Software1
osv
osv
added 2026/04/16 1:20 a.m.10 views

GHSA-MP82-FMJ6-F22V pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References4
github
github
added 2026/04/16 1:20 a.m.7 views

pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...

4.8CVSS5.8AI score0.00171EPSS
Exploits1References4Affected Software1
snyk
snyk
added 2026/04/03 3:44 a.m.3 views

Cross-site Scripting (XSS)

Overview dtale is a Web Client for Visualizing Pandas Objects Affected versions of this package are vulnerable to Cross-site Scripting XSS through the DtaleRedis.get and shelf storage code in dtale/globalstate.py. An attacker can run arbitrary code on the server by supplying a crafted pickle...

9.8CVSS6AI score0.00622EPSS
Exploits0References2
osv
osv
added 2026/02/02 12:31 p.m.6 views

GHSA-82FW-CH24-J34W Lollms has an Improper Access Control vulnerability

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References4
cvelist
cvelist
added 2026/02/02 9:55 a.m.30 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS0.00436EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/02/02 9:55 a.m.4 views

CVE-2026-1117

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS5.5AI score0.00436EPSS
Exploits0References3
cve
cve
added 2026/02/02 9:55 a.m.22 views

CVE-2026-1117

The CVE-2026-1117 entry describes a vulnerability in parisneo/lollms (version 5.9.0) where the lollms_generation_events.py component registers Socket.IO events (generate_text, cancel_generation, generate_msg, generate_msg_from) without authentication/authorization checks. This allows unauthentica...

8.2CVSS7.9AI score0.00436EPSS
Exploits0References2
osv
osv
added 2026/02/02 9:55 a.m.8 views

CVE-2026-1117 Improper Access Control in parisneo/lollms

A vulnerability in the lollmsgenerationevents.py component of parisneo/lollms version 5.9.0 allows unauthenticated access to sensitive Socket.IO events. The addevents function registers event handlers such as generatetext, cancelgeneration, generatemsg, and generatemsgfrom without implementing...

8.2CVSS7.2AI score0.00436EPSS
Exploits0References4
nessus
nessus
added 2026/01/23 12:0 a.m.4 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004839)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004839 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for...

5.5CVSS5.5AI score0.00158EPSS
Exploits0References4
nessus
nessus
added 2025/12/31 12:0 a.m.2 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993112)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993112 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for...

5.5CVSS6.1AI score0.00158EPSS
Exploits0References4
Rows per page
Query Builder