CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

Cvelist•added 2026/05/07 2:59 a.m.•34 views

CVE-2026-41660 Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP

Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A...

7.1CVSS0.00025EPSS

Exploits0References2

EUVD•added 2026/05/07 2:59 a.m.•6 views

EUVD-2026-28272

7.1CVSS5.7AI score0.00025EPSS

Exploits0References2

ATTACKERKB•added 2026/05/07 2:59 a.m.•6 views

CVE-2026-41660

7.1CVSS5.7AI score0.00025EPSS

Exploits0References3Affected Software1

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: kernel/sys.c: Fixed the race condition related to the use of tasklocktsk-groupleader in the sysprlimit64 function. The use of tasklocktsk-groupleader in sysprlimit64-doprlimit is very problematic. sysprlimit64 does access...

5.5AI score0.00029EPSS

Exploits0References2

OSV•added 2026/04/29 9:49 p.m.•1 views

GHSA-RH3W-4CCX-PRF9 Admidio has Inverted 2FA Reset Authorization Check that Lets Group Leaders Strip Admin TOTP

Summary A logic error in Admidio's two-factor authentication reset inverts the authorization check. Non-admin users cannot remove their own TOTP configuration, but they can remove other users' TOTP, including administrators. A group leader with profile edit rights on an admin account can strip th...

7.1CVSS5.8AI score0.00025EPSS

Exploits0References4

SUSE CVE•added 2025/11/14 12:23 a.m.•1 views

SUSE CVE-2025-40201

In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of tasklocktsk-groupleader in sysprlimit64 paths The usage of tasklocktsk-groupleader in sysprlimit64-doprlimit path is very broken. sysprlimit64 does gettaskstructtsk but this only protects...

5.5CVSS6.4AI score0.00029EPSS

Exploits0References15

EUVD•added 2025/11/13 12:30 a.m.•1 views

EUVD-2025-150373

5.7AI score0.00029EPSS

Exploits0References6

Tenable Nessus•added 2025/11/13 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-40201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - kernel/sys.c: fix the racy usage of tasklocktsk-groupleader in sysprlimit64 paths The usage of tasklocktsk-groupleader in sysprlimit64-doprlimit path is very...

5.8AI score0.00029EPSS

Exploits0References3

OSV•added 2025/11/12 10:15 p.m.•3 views

AZL-70088 CVE-2025-40201 affecting package kernel for versions less than 6.6.117.1-1

5.6AI score0.00029EPSS

Exploits0References1

OSV•added 2025/11/12 10:15 p.m.•2 views

DEBIAN-CVE-2025-40201

5.2AI score0.00029EPSS

Exploits0References1

OSV•added 2025/11/12 10:15 p.m.•0 views

UBUNTU-CVE-2025-40201

5.7AI score0.00029EPSS

Exploits0References23

CVE•added 2025/11/12 9:56 p.m.•17 views

CVE-2025-40201

CVE-2025-40201: Linux kernel vulnerability in sys_prlimit64() handling of task_lock(tsk->group_leader). The issue stems from racing when tsk is not current or not a leader, where task_lock(tsk->group_leader) may reference an already freed task_struct. It can also race with mt-exec changing ...

5.8AI score0.00029EPSS

Exploits0References5

Cvelist•added 2025/11/12 9:56 p.m.•4 views

CVE-2025-40201 kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths

0.00029EPSS

Exploits0References5

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2010-4221

Malware in sbrugna...

4.9CVSS4.6AI score0.00037EPSS

Exploits2References23

Positive Technologies•added 2025/09/15 12:0 a.m.•6 views

PT-2025-46758

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to race conditions when using task locktsk-group leader within the sys prlimit64 function and its associated do prlimit path. Specifically, the...

5CVSS7.3AI score0.00029EPSS

Exploits0

RedhatCVE•added 2025/02/04 10:26 p.m.•7 views

CVE-2024-8349

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. This is due to the plugin not properly restricting what users a group leader can edit. This makes it possible for authenticated attackers, with group...

7.2CVSS3.8AI score0.03968EPSS

Exploits0References1

NVD•added 2024/09/25 3:15 a.m.•18 views

CVE-2024-8349

7.2CVSS0.03968EPSS

Exploits0References2

Vulnrichment•added 2024/09/25 2:32 a.m.•20 views

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgmmanagement/v1/adduser/ REST API endpoint in all versions up to, and including, 6.1.0.1. This makes it possible for authenticated attackers, with group...

2.7CVSS6.8AI score0.0024EPSS

Exploits1References2

Cvelist•added 2024/09/25 2:32 a.m.•21 views

CVE-2024-8350 Uncanny Groups for LearnDash <= 6.1.0.1 - Missing Authorization to Authenticated (Group Leader+) User Group Add

2.7CVSS0.0024EPSS

Exploits1References2

Vulnrichment•added 2024/09/25 2:32 a.m.•16 views

CVE-2024-8349 Uncanny Groups for LearnDash <= 6.1.0.1 - Authenticated (Group Leader+) Privilege Escalation

7.2CVSS7AI score0.03968EPSS

Exploits0References2

Rows per page