Lucene search
K

48707 matches found

Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.10 views

PT-2026-51605

Name of the Vulnerable Software and Affected Versions Fortra File Integrity Monitoring FIM versions prior to 9.4.0 Description An issue exists where incorrect or elevated effective permissions may be assigned to users created by the tetool import command while the software is running. This occurs...

4.4CVSS5.7AI score0.00101EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/22 10:20 p.m.5 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS0.00272EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 10:16 p.m.2 views

UBUNTU-CVE-2026-54911

UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior to 5.13.0, ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 9:53 p.m.7 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/22 1:55 p.m.6 views

CVE-2026-52911

A flaw was found in the ksmbd component of the Linux kernel. This vulnerability allows an attacker to gain unauthorized access to session information or resources by exploiting an improper scope in the session binding mechanism. This could potentially compromise the integrity or confidentiality o...

8.8CVSS5.8AI score0.00362EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/22 12:50 p.m.30 views

CVE-2026-7167 Multiple vulnerabilities in the Assassin game by Gaudire

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS0.00357EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 9:4 a.m.9 views

CVE-2023-45796

The CVE-2023-45796 applies to Pilz PASvisu Runtime (before 1.14.1) and PMI v8xx (up to 2.0.33992). It is a stored XSS that allows a low-privileged, remote, unauthenticated attacker to manipulate process data, affecting integrity and availability. CVSSv3.1: 8.1 (HIGH); AV:N, AC:L, PR:L, UI:N, S:U,...

8.1CVSS5.7AI score0.00349EPSS
Exploits0References1
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0017

The vulnerability of the DOM component in Firefox web browsers, Firefox ESR, and the Thunderbird email client is related to the use of memory after it is released. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protecte...

7.5CVSS5.8AI score0.00317EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

SUSE SLES12 Security Update : amazon-ssm-agent (SUSE-SU-2026:2468-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2468-1 advisory. This update for amazon-ssm-agent fixes the following issues Update to version 3.3.4624.0: - CVE-2025-22869: golang.org/x/crypto/ssh...

10CVSS7AI score0.00868EPSS
Exploits3References52
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.9 views

SUSE SLED15 / SLES15 Security Update : alloy (SUSE-SU-2026:2438-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2438-1 advisory. This update for alloy fixes the following issues Security issues: - CVE-2026-4427: github.com/jackc/pgproto3/v...

9.1CVSS6.8AI score0.01557EPSS
Exploits1References17
Github Security Blog
Github Security Blog
added 2026/06/19 8:47 p.m.7 views

UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...

6.5CVSS5.7AI score0.00272EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/19 8:47 p.m.5 views

GHSA-3J69-69WJ-XQX2 UltraJSON: Malformed/Truncated UTF-8 Accepted and Silently Rewritten in ujson.dumps()

Summary ujson.dumps or ujson.dump or ujson.encode have a rejectbytes=False option. When set, they may accept malformed or truncated UTF-8 byte sequences, silently rewriting them into different Unicode characters instead of rejecting them. This leads to input validation bypass and data integrity...

6.5CVSS5.7AI score0.00272EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 2:16 p.m.10 views

CVE-2026-49230

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

9.1CVSS0.00224EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/19 1:13 p.m.16 views

EUVD-2026-38019

Improper Validation of Integrity Check Value vulnerability in Apache APISIX. The jwe-decrypt plugin under default configuration is vulnerable to authentication bypass. This issue affects Apache APISIX: from 3.8.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, which fixes the...

6.3CVSS5.8AI score0.00224EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dm-integrity: A memory leak was fixed when rechecking the data. The memory allocated for the “checksums” pointer will be leaked if the data is rechecked after a checksum failure because the associated kfree operation will not occ...

5.5CVSS5.9AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba. The Samba smbd file server must map Windows group identities SIDs to Unix group IDs gids. The code responsible for this mapping contained a flaw that could allow it to read data beyond the end of the array, in the event that a negative cache entry was added to the...

6.8CVSS6.6AI score0.01616EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

A race condition was detected in the Linux kernel’s net/bluetooth device driver, specifically in the conninfomin,maxageset function. This can lead to an integrity overflow issue, potentially causing abnormal Bluetooth connections or denial of service...

6.8CVSS6.6AI score0.00314EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: Fixed the return type of netcpndostartxmit With Clang’s Kernel Control Flow Integrity kCFI, CONFIGCFICLANG, indirect call targets are validated against the expected function pointer prototype to ensure that the...

5.5CVSS6AI score0.00152EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.16 views

Astra Linux – Vulnerability in grub2

A flaw was discovered in grub2 in versions prior to 2.06. The Setparamprefix function in the menu rendering code performs a length calculation based on the assumption that expressing a single quoted character would require 3 characters. However, in reality, it requires 4 characters. This allows a...

8.2CVSS6.8AI score0.0061EPSS
Exploits0References2
Rows per page
Query Builder