Lucene search
K

3932 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.6 views

Oracle Linux 7 : openssh (ELSA-2026-50325)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50325 advisory. - Fix privilege escalation via scp legacy protocol when not in preserving file mode CVE-2026-35385Orabug: 39480251 Tenable has extracted the preceding...

8.1CVSS7.2AI score0.00419EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 6:26 p.m.4 views

GO-2026-5071 esm.sh: Legacy Route Path Traversal Can Lead to RCE in github.com/esm-dev/esm.sh

esm.sh: Legacy Route Path Traversal Can Lead to RCE in github.com/esm-dev/esm.sh...

8.7CVSS5.8AI score0.00362EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 6:16 p.m.3 views

UBUNTU-CVE-2026-54679

jq is a command-line JSON processor. Prior to 1.8.2, on 32bit system, jvpstringappend has a chance of integer/multiple overflowing and then causing a massive buffer overrun. This vulnerability is fixed in 1.8.2...

6.9CVSS5.9AI score0.00103EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/25 5:32 p.m.3 views

Security Bulletin: SSRF Vulnerability in Langflow OSS Legacy Components Bypasses Protection

Summary Langflow OSS versions = 1.9.3 contain SSRF vulnerability in legacy RSS Reader and SearXNG components that bypass SSRF protection introduced in v1.9.3. RSSReaderComponent calls requests.getself.rssurl directly on user input without validateurlforssrf check, completely bypassing protection...

8.2CVSS5.9AI score0.00199EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ALSA dummy sequencer port where events are forwarded by copying an incoming struct snd seq event into a stack temporary. Because the legacy event storage is smalle...

5.5CVSS6.1AI score0.00127EPSS
Exploits0References17
OSV
OSV
added 2026/06/24 11:16 p.m.11 views

DEBIAN-CVE-2026-39938

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graphtheme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31...

9.8CVSS5.7AI score0.00436EPSS
Exploits1References1
NVD
NVD
added 2026/06/24 6:17 p.m.6 views

CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/24 5:29 p.m.34 views

CVE-2026-48732 Warp: Remote SSH cwd can lead to unauthorized remote command execution

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS0.01007EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/24 5:29 p.m.5 views

EUVD-2026-39014

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:29 p.m.5 views

CVE-2026-48732

Warp is an agentic development environment. From 0.2023.03.21.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the legacy SSH background command path. Warp used the remote working directory reported by the session when building helper commands for...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References3
CVE
CVE
added 2026/06/24 5:29 p.m.13 views

CVE-2026-48732

Warp prior to version 0.2026.05.06.15.42.stable_01 contains a command injection in the legacy SSH background command path: the remote working directory from the SSH session is embedded into a shell command without escaping, allowing an attacker-controlled path (host/repo/dir) to inject arbitrary ...

8.8CVSS6.1AI score0.01007EPSS
Exploits1References2
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-52969

In the Linux kernel, the following vulnerability has been resolved: KVM: Reject wrapped offset in kvmresetdirtygfn kvmresetdirtygfn guards the gfn range with if !memslot || offset + flsmask = memslot-npages return; but offset is u64 and the addition is unchecked. The check can be silently bypasse...

7CVSS0.00147EPSS
Exploits0References10
NVD
NVD
added 2026/06/24 4:16 p.m.10 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

8.6CVSS0.00303EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Python 3.11

The import hook in CPython that handles legacy .pyc files SourcelessFileLoader is incorrectly handled in FileLoader a base class, and therefore does not use io.opencode to read the .pyc files. As a result, the sys.audit handlers for this audit event do not trigger...

5.7CVSS6AI score0.00202EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/24 1:59 p.m.4 views

postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison

A flaw was found in PostgreSQL. This vulnerability, a covert timing channel, exists in the comparison of MD5-hashed passwords during authentication. A remote attacker could exploit this to recover user credentials, gaining unauthorized access to the database. This issue specifically impacts...

8.2CVSS5.9AI score0.00558EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/24 1:30 a.m.8 views

[SECURITY] Fedora 44 Update: perl-Crypt-DSA-1.21-1.fc44

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation. DSA Digital Signature Algorithm signatures are no longer considered to be adequate for security. This module should...

9.1CVSS5.7AI score0.00289EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 12:0 a.m.33 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

0.00303EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51825

Name of the Vulnerable Software and Affected Versions Apple M1 GPUs affected versions not specified Description Apple M1 GPUs retain register file data between compute shader dispatches from different processes. This allows a sandboxed Metal attacker application to execute a GPU reader shader to...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 9:16 p.m.10 views

CVE-2026-47379

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the shared-view password check fell back to strict-equality === comparison for legacy plaintext passwords, leaking the password's length and per-character prefix through response timing. This vulnerability is fixed in...

6.9CVSS0.00253EPSS
Exploits0References1
NVD
NVD
added 2026/06/23 5:16 p.m.9 views

CVE-2026-34916

A missing validation of user input when saving delivery limitations in Revive Adserver 6.0.6 and earlier could allow a low‑privileged user to use the logical parameter to inject malicious PHP code into the compiledlimitations field on the database and have it executed during banner delivery. Inpu...

8.8CVSS0.00499EPSS
Exploits2References1
Rows per page
Query Builder