Lucene search
K

4575 matches found

Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.5 views

CVE-2026-53180

In the Linux kernel, the following vulnerability has been resolved: timers/migration: Fix livelock in tmigrhandleremoteup tmigrhandleremotecpu skips timerexpireremote when cpu == smpprocessorid, assuming the local softirq path already handled this CPU's timers. This assumption is wrong because...

7.5CVSS5.7AI score0.00466EPSS
Exploits0
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39246

In the Linux kernel, the following vulnerability has been resolved: mm/hugememory: use correct flags for device private PMD entry Commit 65edfda6f3f2 "mm/rmap: extend rmap and migration support device-private entries" updated setpmdmigrationentry to use pmdphugegetandclear in the softleaf case, b...

5.4AI score0.00172EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 8:38 a.m.11 views

CVE-2026-53155

CVE-2026-53155 : In the Linux kernel, the issue lies in mm/huge_memory where device-private PMD entries were assigned incorrect flags due to the migration logic, causing misinterpretation of softdirty, writable, and uffd-wp states. The function set_pmd_migration_entry() used pmd_write(), pmd_soft...

5.4AI score0.00172EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-53108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/64s: Fix unmap race with PMD migration entries The following race is possible with migration swap entries or device-private THP entries. e.g. when...

5.8AI score0.00151EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.7 views

CVE-2026-52805

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS0.00384EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 8:22 p.m.21 views

CVE-2026-52805 Gogs: Migration Redirect Bypass Leads to Internal Repository Theft

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS0.00384EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:22 p.m.5 views

CVE-2026-52805

Gogs is an open source self-hosted Git service. Prior to 0.14.3, a Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP redirects. An authenticated...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/24 8:22 p.m.15 views

CVE-2026-52805

CVE-2026-52805 (Gogs) describes an SSRF in the repository migration feature where only the initial URL hostname is validated. The migration uses git clone --mirror, which follows HTTP redirects, allowing an authenticated user to submit a public URL that redirects to an internal endpoint (e.g., 12...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38976

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix unmap race with PMD migration entries The following race is possible with migration swap entries or device-private THP entries. e.g. when movepages is called on a PMD THP page, then there maybe an intermediate...

5.8AI score0.00151EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 7:14 a.m.10 views

EUVD-2026-38699

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

5.7AI score0.00394EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 9:17 p.m.9 views

CVE-2026-53930

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS0.00288EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/23 7:42 p.m.6 views

CVE-2026-53930

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/23 7:42 p.m.25 views

CVE-2026-53930 NocoDB: Server-Side Request Forgery via Base Migration URL

NocoDB is software for building databases as spreadsheets. Prior to 2026.05.1, the base-migration endpoint accepted a caller-supplied URL that the migration worker dereferenced without enforcing protocol or destination, allowing scheme abuse file:, ftp:, etc. and probing of internal HTTP...

5.1CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 7:42 p.m.13 views

CVE-2026-53930

The CVE describes a Server-Side Request Forgery in NocoDB via the base-migration endpoint. A caller-supplied migration URL could be dereferenced by the migration worker without enforcing protocol or destination, enabling scheme abuse (file:, ftp:, etc.) and probing of internal HTTP destinations. ...

5.1CVSS5.9AI score0.00288EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/23 5:1 p.m.5 views

Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/23 5:1 p.m.4 views

GHSA-G2F5-GJR4-QJVM Gogs has a Migration Redirect Bypass that Leads to Internal Repository Theft

Migration URL validation bypass via HTTP redirect to blocked internal endpoints Summary A Server-Side Request Forgery SSRF vulnerability exists in the repository migration functionality. The application validates only the initially submitted URL hostname, but git clone --mirror follows HTTP...

8.7CVSS6AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.6 views

PT-2026-51623

Name of the Vulnerable Software and Affected Versions Gogs affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the repository migration functionality. The application validates the hostname of the initially submitted URL against a blocklist of local and...

8.7CVSS5.9AI score0.00384EPSS
Exploits0References13
OSV
OSV
added 2026/06/22 10:57 p.m.2 views

GHSA-GHMH-JHMJ-WCMF nebula-mesh's stores enrollment tokens unhashed in SQLite

internal/store/sqlite.go:1177,1192,1221,1245 — the enrollmenttokens.token column holds the raw UUID token. ConsumeToken does WHERE token = ? against the raw string. Compare with operatorapikeys.keyhash, which is SHA-256 hex constructed in internal/api/middleware.go:51-53. Affected All released...

7.1CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:15 p.m.6 views

@tinacms/cli: Remote Code Execution in @tinacms/cli via Forestry migration — unsanitised __TINA_INTERNAL__ marker in user-controlled YAML labels

Description Summary @tinacms/cli contains a Remote Code Execution vulnerability in its Forestry-to-Tina migration command. The internal helper addVariablesToCode unquotes any value matching the marker "TINAINTERNAL:::.?:::" inside the stringified collection JSON. User-supplied label and name fiel...

7.8CVSS6.2AI score0.0017EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm: multi-gen LRU: fix crash during cgroup migration The lrugenmigratemm function assumes that lrugenaddmm runs before it. This assumption is not true in the following scenario: CPU 1 CPU 2 clone cgroupcanfork cgroupprocswrite...

5.5CVSS6.1AI score0.00192EPSS
Exploits0References2
Rows per page
Query Builder