Lucene search
+L

12169 matches found

Cvelist
Cvelist
added 2026/07/10 3:42 p.m.29 views

CVE-2026-53657 Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS0.00197EPSS
Exploits0References4
OSV
OSV
added 2026/07/10 3:42 p.m.3 views

CVE-2026-53657 Lima: An arbitrary user in a QEMU VM could gain the root privilege in the VM via the guest agent socket

Lima launches Linux virtual machines, typically on macOS, for running containerd. Prior to 2.1.3, on an instance of Lima running with the qemu driver, an arbitrary user in the VM could access /run/lima-guestagent.sock when the guest agent is enabled, which could result in running arbitrary comman...

8.2CVSS6.2AI score0.00197EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/10 1:19 p.m.6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

6.3AI score0.00176EPSS
Exploits5References6
Positive Technologies
Positive Technologies
added 2026/07/10 12:0 a.m.10 views

PT-2026-57301

Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description Authentication for AMQP 0-9-1, AMQP 1.0, and Stream Protocol allows a loopback-restricted user,...

10CVSS6.1AI score0.00468EPSS
Exploits1References11
UbuntuCve
UbuntuCve
added 2026/07/09 4:16 p.m.7 views

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/07/09 2:45 p.m.18 views

CVE-2025-58151

CVE-2025-58151 affects varstored, a Xen/Xapi component that handles UEFI variables and maps guest memory to OVMF. The vulnerability arises from TOCTOU due to insufficient compiler barriers in the shared buffer, with exploitation depending on compiler-generated code, and the attacker potentially c...

9.4CVSS6.2AI score0.0012EPSS
Exploits0References3
NVD
NVD
added 2026/07/09 11:16 a.m.8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 9:31 a.m.7 views

EUVD-2026-42559

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/09 9:31 a.m.32 views

CVE-2026-13441 EventPrime <= 4.3.4.2 - Unauthenticated Stored Cross-Site Scripting via 'new_event_type_background_color' Parameter

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:31 a.m.8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References9
NVD
NVD
added 2026/07/09 8:16 a.m.7 views

CVE-2026-12406

The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.3.7. This is due to the plugin not properly verifying that a user is authorized to perform an...

5.3CVSS0.00323EPSS
Exploits0References10
NVD
NVD
added 2026/07/09 7:16 a.m.7 views

CVE-2026-11875

The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...

5.3CVSS0.00193EPSS
Exploits0References1
CVE
CVE
added 2026/07/09 6:0 a.m.10 views

CVE-2026-11875

Affected software: WP Support Plus Responsive Ticket System WordPress plugin (up to version 9.1.2). Issue: guest-session cookies are neither signed nor verified, enabling unauthenticated attackers to forge a cookie and impersonate another ticket owner (identified by email) to read, reply to, and ...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/09 3:46 a.m.4 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/09 3:46 a.m.10 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

7.4AI score0.00176EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2026/07/09 3:0 a.m.4 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

6.5AI score0.00176EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2026/07/09 3:0 a.m.5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS5.9AI score0.00126EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 7:35 p.m.2 views

SUSE-SU-2026:2804-1 Security update for kubevirt

This update for kubevirt fixes the following issues: - CVE-2026-9804: Symlink escape in the VMExport dir handler let an attacker controlling an exported PVC read sensitive files TLS keys, tokens, service-account creds from the exporter pod. bsc1266733 - CVE-2025-14525: A VM reporting many...

8.7CVSS6.1AI score0.00656EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/08 4:26 a.m.5 views

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

8.1CVSS6AI score0.00184EPSS
Exploits0References5
Drupal
Drupal
added 2026/07/08 12:0 a.m.4 views

Commerce guest registration - Critical - Unsupported - SA-CONTRIB-2026-079

The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466s-becoming-owner-maintainer-or-co-mai...

9.1CVSS5.9AI score0.00508EPSS
Exploits0References3
Rows per page
Query Builder