Lucene search
K

1304 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skips the dev-iotlb flush for inaccessible PCIe devices without scalable mode. PCIe endpoints with ATS enabled and passed to the user space e.g., QEMU, DPDK can cause a system hard lock when their link fails, either d...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-44188

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access t...

5.3CVSS5.5AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 10:16 a.m.13 views

CVE-2026-44188

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS0.00284EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/15 8:36 a.m.9 views

CVE-2026-44188 Ansible-lightspeed: ansible lightspeed: session hijacking and unauthorized data access due to insufficient session expiration

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49189

A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...

5.3CVSS5.3AI score0.00284EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/10 6:20 p.m.4 views

Improper Restriction of Security Token Assignment

Overview Affected versions of this package are vulnerable to Improper Restriction of Security Token Assignment due to the failure to invalidate previously issued administrative tokens after an administrator account is suspended, deleted, or deactivated. An attacker can maintain unauthorized acces...

8.6CVSS5.3AI score0.00448EPSS
Exploits0References2
NVD
NVD
added 2026/06/10 4:16 p.m.10 views

CVE-2026-25700

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

7.2CVSS0.00448EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 2:57 p.m.34 views

CVE-2026-25700

CVE-2026-25700 relates to Apache Answer prior to version 2.0.1, where administrative tokens issued before an admin account was suspended, deleted, or deactivated were not invalidated. This allowed continued access to administrative APIs until those tokens expired. Affected product: Apache Answer ...

7.2CVSS5.4AI score0.00448EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/10 2:57 p.m.30 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

0.00448EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 2:57 p.m.10 views

CVE-2026-25700 Apache Answer: AdminToken not invalidated after admin deactivation

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

5.4AI score0.00448EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 12:37 p.m.30 views

CVE-2026-49496

Ghidra

6.9CVSS5.5AI score0.00169EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/09 5:0 p.m.12 views

CVE-2026-46316

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64, specifically within the vgic-its component. This vulnerability occurs when multiple concurrent operations incorrectly drop the translation cache's reference to an entry more than once during cache invalidation. Thi...

9.3CVSS5.4AI score0.00197EPSS
Exploits0References6
Xen Project
Xen Project
added 2026/06/09 12:0 p.m.17 views

Arm: Completion of memory accesses not guaranteed by completion of a TLBI

ISSUE DESCRIPTION A hardware issue has been identified in certain Arm CPU designs. A broadcast TLBI on one PE may complete before affected memory accesses on another PE are globally observed. This may permit bypass of Stage 1 translation, Stage 2 translation, or GPT protection. The erratum occurs...

9.1CVSS5.4AI score0.0053EPSS
Exploits0
CVE
CVE
added 2026/06/09 11:52 a.m.265 views

CVE-2026-46316

A vulnerability in Linux kernel KVM for ARM64 (vgic-its) is resolved. The issue stemmed from vgic_its_invalidate_cache() traversing the per-ITS translation cache with xa_for_each() and dropping the cache’s reference on each entry using vgic_put_irq(), but it dropped the reference of the pointer r...

9.3CVSS5.4AI score0.00197EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46316

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry...

9.3CVSS6.6AI score0.00197EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.10 views

FreeBSD Security Advisory - FreeBSD-SA-26:31.arm64

FreeBSD Security Advisory - Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store...

9.1CVSS5.4AI score0.0053EPSS
Exploits0
FreeBSD
FreeBSD
added 2026/06/09 12:0 a.m.8 views

FreeBSD -- Arm CPU errata may bypass page table permission changes

Problem Description: Some Arm CPUs have errata where the ordering of stores and the TLBI+DSB sequence may be incorrect. If one CPU stores to a virtual address while another CPU invalidates the translation for that address, the second CPU's TLBI+DSB may complete before the first CPU's store has be...

9.1CVSS5.4AI score0.0053EPSS
Exploits0
Amd
Amd
added 2026/06/09 12:0 a.m.14 views

ARM® CPU Vulnerability : Bypass of Stage 1 translation, Stage-2 translation, or GPT Protection

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-10263 non-AMD| According to the ARM® security team, a broadcast Translation Lookaside Buffer Invalidate TLBI on another Processing Element PE may be completed before affected memory access...

9.1CVSS5.5AI score0.0053EPSS
Exploits0
EUVD
EUVD
added 2026/06/08 2:51 p.m.13 views

EUVD-2026-35081

Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...

8.8CVSS5.4AI score0.00294EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.23 views

PT-2026-47329

Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tokens. When an administrator disables a user account, the application fails to invalidate or clear t...

7.1CVSS5.5AI score0.00271EPSS
Exploits0References3
Rows per page
Query Builder