Lucene search
K

503 matches found

OSV
OSV
added 2026/01/20 3:25 a.m.5 views

MGASA-2026-0014 Updated thunderbird packages fix security vulnerabilities

Mitigation bypass in the DOM: Security component. CVE-2026-0877 Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. CVE-2026-0878 Sandbox escape due to incorrect boundary conditions in the Graphics component. CVE-2026-0879 Sandbox escape due to integer...

9.8CVSS5.5AI score0.0057EPSS
Exploits0References4
Redos
Redos
added 2026/01/20 12:0 a.m.5 views

ROS-20260120-73-0004

A vulnerability in the ipcmsgsendrequest function of the fs/smb/server/transportipc.c module of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

8.1CVSS6.5AI score0.00352EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/19 11:25 p.m.5 views

CVE-2026-23733

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...

6.4CVSS6AI score0.00123EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/01/19 11:14 a.m.5 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: MFSA 2026-05 bsc1256340: CVE-2026-0877: Mitigation bypass in the DOM in Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics in CanvasWebGL component CVE-2026-0879: Sandbox escape due t...

6.1CVSS5.6AI score0.0057EPSS
Exploits0References28
CVE
CVE
added 2026/01/18 10:56 p.m.15 views

CVE-2026-23733

LobeChat desktop (open source) is affected by a stored XSS in the Mermaid artifact renderer prior to version 2.0.0-next.180. The XSS can be escalated to Remote Code Execution (RCE) by abusing the exposed electronAPI IPC bridge, enabling arbitrary system commands in the victim’s machine. Version 2...

6.4CVSS5.8AI score0.00123EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/01/15 11:53 a.m.2 views

firefox: thunderbird: Use-after-free in the IPC component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the IPC component...

8.8CVSS5.7AI score0.00405EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/13 1:30 p.m.18 views

CVE-2026-0882 Use-after-free in the IPC component

Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

0.00405EPSS
Exploits0References6
OSV
OSV
added 2026/01/12 4:16 p.m.5 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

5.3CVSS5.8AI score0.00197EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/12 12:0 a.m.18 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

0.00197EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/12 12:0 a.m.3 views

CVE-2025-67813

Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...

6.6AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/12 12:0 a.m.4 views

Quest KACE Desktop Authority 安全漏洞

Quest KACE Desktop Authority is a user environment management software from Quest Corporation. A security vulnerability exists in Quest KACE Desktop Authority versions 11.3.1 and earlier, which stems from insecure named pipe permissions used for inter-process communication...

5.3CVSS6.7AI score0.00197EPSS
Exploits0References3
CVE
CVE
added 2026/01/12 12:0 a.m.25 views

CVE-2025-67813

CVE-2025-67813 affects Quest KACE Desktop Authority up to and including version 11.3.1. The vulnerability is insecure permissions on named pipes used for inter-process communication, exposing IPC to inappropriate access or manipulation. Impact is described in connected sources as insecure named p...

5.3CVSS6.6AI score0.00197EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 9:8 a.m.8 views

CVE-2020-7811

Samsung Update 3.0.2.0 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication...

7.8CVSS7.4AI score0.00705EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 10:15 a.m.5 views

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

5.5CVSS5.9AI score0.00167EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2025/12/30 1:16 p.m.6 views

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

5.7AI score0.00167EPSS
Exploits0References5
OSV
OSV
added 2025/12/30 1:16 p.m.8 views

UBUNTU-CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

5.7AI score0.00167EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2025/12/30 12:23 p.m.5 views

CVE-2023-54280

In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...

5.2AI score0.00167EPSS
Exploits0
NVD
NVD
added 2025/12/18 6:15 a.m.3 views

CVE-2025-47319

Information disclosure while exposing internal TA-to-TA communication APIs to HLOS...

6.7CVSS0.00081EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 2:45 p.m.28 views

CVE-2025-68263 ksmbd: ipc: fix use-after-free in ipc_msg_send_request

In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipcmsgsendrequest ipcmsgsendrequest waits for a generic netlink reply using an ipcmsgtableentry on the stack. The generic netlink handler handlegenericevent/handleresponse fills entry-response...

9.8CVSS0.00378EPSS
Exploits0References6
CVE
CVE
added 2025/12/16 12:42 a.m.19 views

CVE-2025-67744

DeepChat prior to 0.5.3 is affected by a Mermaid diagram rendering vulnerability that allows arbitrary JavaScript execution. The issue arises from the Electron IPC renderer being exposed to the DOM, enabling a Cross-Site Scripting (XSS) flaw that can escalate to Remote Code Execution (RCE) and al...

9.6CVSS6.5AI score0.00527EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder