3932 matches found
Oracle Linux 7 : openssh (ELSA-2026-50325)
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50325 advisory. - Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35385Orabug: 39480251 Tenable has extracted the preceding...
GO-2026-5071 esm.sh: Legacy Route Path Traversal Can Lead to RCE in github.com/esm-dev/esm.sh
esm.sh: Legacy Route Path Traversal Can Lead to RCE in github.com/esm-dev/esm.sh...
UBUNTU-CVE-2026-54679
jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...
Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection
Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...
PT-2026-52336
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA dummy sequencer port where events are forwarded by copying an incoming struct snd seq event into a stack temporary. Because the legacy event storage is smalle...
DEBIAN-CVE-2026-39938
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...
CVE-2026-48732
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...
CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...
EUVD-2026-39014
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...
CVE-2026-48732
Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...
CVE-2026-48732
Warp prior to version 0.2026.05.06.15.42.stable_01 contains a command injection in the legacy SSH background command path: the remote working directory from the SSH session is embedded into a shell command without escaping, allowing an attacker-controlled path (host/repo/dir) to inject arbitrary ...
CVE-2026-52969
In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...
CVE-2026-49269
Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...
Astra Linux – Vulnerability in Python 3.11
The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class, and therefore does not use io.opencode to read the .pyc files. As a result, the sys.audit handlers for this audit event do not trigger...
postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...
[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.21-1.fc44
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...
CVE-2026-49269
Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...
PT-2026-51825
Name of the Vulnerable Software and Affected Versions Apple M1 GPUs affected versions not specified Description Apple M1 GPUs retain register file data between compute shader dispatches from different processes. This allows a sandboxed Metal attacker application to execute a GPU reader shader to...
CVE-2026-47379
NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...
CVE-2026-34916
A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...