Lucene search
K

3874 matches found

CVE
CVE
added 6 hours ago4 views

CVE-2026-34044

The CVE-2026-34044 issue affects Coolify prior to 4.0.0-beta.466 where Logs::mount() looks up resources by UUID without limiting to the current team. This enables an authenticated user to read logs for applications owned by other teams by supplying a victim resource UUID, constituting a cross‑tea...

7.7CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-25019

id: pretty-print uses effective GID instead of effective UID for name lookup...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-41716

A flaw was found in Spring Data Commons. An attacker can exploit this vulnerability by sending repeated requests with specially crafted strings, which are then permanently retained in the internal property-lookup cache. This can lead to heap exhaustion, resulting in a Denial of Service DoS for th...

7.5CVSS5.8AI score0.00363EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added yesterday3 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.2AI score0.004EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added yesterday9 views

net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME

A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...

7.5CVSS7.1AI score0.00813EPSS
Exploits0References8
CVE
CVE
added yesterday6 views

CVE-2026-38973

The CVE-2026-38973 entry concerns mrubyc up to release 3.4.1, where an out-of-bounds read occurs in the built-in missing-method lookup inside the function mrbc_find_method(). Affected product/portion: mrubyc’s runtime/method lookup logic. Root cause: out-of-bounds read in the missing-method table...

5.9AI score
Exploits0References3
NVD
NVD
added 4 days ago3 views

CVE-2026-25782

Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue...

0.00159EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-25782

Gitea before 1.25.5 is affected: tracked-time entries are looked up by time ID without confirming the associated issue in the request URL, enabling deletion attempts to affect entries from a different issue. Root cause is improper scoping of the lookup. Impact is potential cross-item deletion of ...

5.9AI score0.00159EPSS
Exploits0References4
OSV
OSV
added 5 days ago7 views

USN-8496-1 cifs-utils vulnerability

It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References2
Ubuntu
Ubuntu
added 5 days ago7 views

USN-8496-1: cifs-utils vulnerability

It was discovered that cifs-utils incorrectly dropped root privileges before looking up user information. A local attacker could possibly use this issue to execute arbitrary code as the root user...

7.8CVSS6.1AI score0.0012EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 5 days ago3 views

SUSE SLES12 Security Update : cups (SUSE-SU-2026:2718-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2718-1 advisory. This update for cups fixes the following issues - CVE-2026-27447: Authorization bypass via case-insensitive group-member lookup bsc1261572. -...

7.5CVSS7.2AI score0.00502EPSS
Exploits5References16
RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-53338

A flaw was found in the Linux kernel's Airoha QDMA driver. This vulnerability occurs when the ofreservedmemlookup function returns a NULL pointer, indicating that a referenced reserved memory region is not found. The driver then attempts to dereference this NULL pointer, leading to a kernel NULL...

5.8AI score0.00154EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago5 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 6 days ago3 views

foreman: Foreman: Unauthorized modification of host configurations via broken access control

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
NVD
NVD
added 6 days ago6 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS0.00262EPSS
Exploits0References6
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-58024

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiUserrights.Php. This issue affects MediaWiki: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...

5.1CVSS5.8AI score0.00382EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 6 days ago2 views

CVE-2026-5135

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-41003

A flaw was found in Foreman. This broken access control vulnerability allows an authenticated user with host-edit permissions to retarget an existing lookup value override to a different host. This is achieved by modifying the match field through nested host attributes, effectively bypassing...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References4
Rows per page
Query Builder