2643 matches found
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
In the Linux kernel, the following vulnerability has been resolved: ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the global session lookup in ksmbdsessionlookupall can find the session,...
CVE-2026-52911
The CVE-2026-52911 vulnerability affects the Linux kernel ksmbd code path. When a SESSION_SETUP binds a connection (conn->binding = true), a global session lookup could incorrectly resolve sessions not actually added to the connection’s session list. The fix tightens the global lookup so that ...
Linux Distros Unpatched Vulnerability : CVE-2026-52911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: scope conn-binding slowpath to bound sessions only When the binding SESSIONSETUP sets conn-binding = true, the flag stays set after the call so that the...
PT-2026-51201
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, a flaw exists where the conn-binding flag remains set after a SESSION SETUP call. Because this flag is connection-wide, the global session lookup function ksmbd...
Weekly Metasploit Update: NTLM Relay Priv Esc, MCP Server Integration, Paperclip AI RCE Chain, and more
This week's release includes five new modules, including a full unauthenticated RCE chain for Paperclip AI and a VS Code extension persistence technique. On the post-exploitation side, the new windows/local/ntlmrelay2self module coerces the local machine account to authenticate via...
Astra Linux – Vulnerability in Linux 5.15
A bug affects the ksmbd NTLMv2 authentication of the Linux kernel, and it is known to cause the operating system to crash immediately in Linux-based systems...
EUVD-2026-37773
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...
CVE-2026-48818 Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows
Starlette is a lightweight ASGI framework/toolkit. In versions 1.0.1 and earlier, StaticFiles on Windows is vulnerable to SSRF. An UNC path such as \attacker.com\share can cause os.path.realpath to initiate an outbound SMB connection before the path is rejected, exposing the service account’s...
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master Password Dump web page and create files containing the master password in plaintext. The provided file name must be an absolute path to t...
EulerOS 2.0 SP13 : git (EulerOS-SA-2026-2331)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a...
EulerOS 2.0 SP13 : git (EulerOS-SA-2026-2288)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a...
EulerOS 2.0 SP11 : git (EulerOS-SA-2026-2204)
According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Git for Windows is the Windows port of Git. Prior to 2.53.02, it is possible to obtain a user's NTLM hash by tricking them into cloning from a...
CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
EUVD-2026-35133
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-39908
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-39908 OpenBullet2 0.3.2 NTLMv2 Hash Disclosure via UNC Path Proxy Source
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...
CVE-2026-40107
SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...
CVE-2026-8993 Improper URL Handler Processing in D.Launcher 2 enables NTLM Credential Disclosure and SSRF attacks
D.Launcher 2 component of Slovak eID client ecosystem contains Improper URL Handler Processing vulnerability. Application registers multiple custom URL handlers that could be exploited to initiate full NTLM autentication or SMB connection to attacker infrastructure and to conduct SSRF Server Side...