Lucene search
K

206 matches found

NVD
NVD
added 2026/06/24 7:17 p.m.8 views

CVE-2026-49247

Jellyfin is an open source self hosted media server. From 10.9.0 until 10.11.10, the POST /ClientLog/Document endpoint accepts the Authorization header's Client and Version fields and uses them unsanitized as components of the on-disk filename when persisting client-uploaded log documents. As a...

8.8CVSS0.00344EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/24 7:15 p.m.6 views

Directory Traversal

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Directory Traversal via the POST /ClientLog/Document endpoint, which uses unsanitized values from the Authorization header...

8.8CVSS6.5AI score0.00344EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38907

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

6AI score0.00176EPSS
Exploits0References9
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53039

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

0.00176EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53039

The CVE-2026-53039 entry describes a Linux kernel OCFS2 issue where OCFS2_IOC_GROUP_ADD could trigger a BUG_ON in ocfs2_set_new_buffer_uptodate due to caching a user-controlled group block before validation. The root cause is that ocfs2_group_add() uses ocfs2_set_new_buffer_uptodate() prior to oc...

6AI score0.00176EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.2 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: hfsplus: Verify the inode mode when loading from disk. syzbot reports that the SIFMT bits of the inode-imode field can become invalid when the SIFMT bits of the 16-bit “mode” field loaded from disk are corrupted. According to 1,...

6.1AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51933

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ocfs2 module where the OCFS2 IOC GROUP ADD ioctl can trigger a kernel BUG ON. This occurs because the ocfs2 group add function calls ocfs2 set new buffer uptodate ...

6.7CVSS6.2AI score0.00176EPSS
Exploits0References17
NVD
NVD
added 2026/06/23 1:16 a.m.11 views

CVE-2026-10645

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...

5.5CVSS0.00205EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 11:48 p.m.7 views

CVE-2026-10645

Zephyr's ext2 directory-entry parser does not fully validate on-disk directory entry structure before copying the entry name and advancing traversal state. In ext2fetchdirentry subsys/fs/ext2/ext2diskops.c, the code only checks denamelen = EXT2MAXFILENAME and then copies the name with memcpy...

4.9CVSS6.1AI score0.00205EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Fixed a shift-out-of-bounds/overflow issue in nilfssb2badoffset. The patch series “nilfs2: Fix UBSAN shift-out-of-bounds warnings during mount time” addresses this issue. The first patch fixes a bug reported by syzbot,...

7.1CVSS6.4AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Filter out the EXT4FCREPLAY bit from the on-disk superblock’s sstate field. The EXT4FCREPLAY bit in sbi-smountstate is used to indicate that we are currently replaying the fast commit journal. This was actually a mistake, a...

5.5CVSS6.1AI score0.00268EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Firefox

The login credentials saved by Firefox should be managed by the Password Manager component, which uses encryption to store files on disk. However, the username not the password was saved by the Form Manager to an unencrypted file on disk. This vulnerability affects Firefox versions earlier than 1...

3.3CVSS6.4AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/05/15 1:11 a.m.20 views

CVE-2026-8612

CVE-2026-8612 affects WWW::Mechanize::Cached

5.3CVSS6.1AI score0.00127EPSS
Exploits0References4Affected Software1
UbuntuCve
UbuntuCve
added 2026/05/11 6:16 p.m.9 views

CVE-2026-43895

jq is a command-line JSON processor. In 1.8.1 and earlier, jq accepts embedded NUL bytes in import paths at the jq-language level, but later resolves those paths through C string operations during module and data-file lookup. This creates a mismatch between the logical import string that policy o...

4.4CVSS5.9AI score0.00157EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.23 views

PT-2026-39026

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the XFS file system where the l iclog roundoff value is set to 512 if the superblock does not list a log stripe unit. On disks with 4k physical sectors, this results i...

9.8CVSS5.7AI score0.03663EPSS
Exploits28References472
RedhatCVE
RedhatCVE
added 2026/05/01 6:28 p.m.5 views

CVE-2026-43046

A flaw was found in the Linux kernel's btrfs filesystem. This vulnerability allows an attacker with local access to trigger a kernel bug system crash by providing specially crafted, malformed btrfs metadata on disk. Specifically, an invalid state where dropprogress.objectid is non-zero and...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.13 views

PT-2026-36336

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the smb inherit dacl function trusts the num aces value from a parent directory's DACL xattr to determine the size of a heap allocation. An...

9.8CVSS6.1AI score0.93235EPSS
Exploits38References291
RedhatCVE
RedhatCVE
added 2026/04/22 5:28 p.m.5 views

CVE-2026-31449

A flaw was found in the Linux kernel's ext4 filesystem. A local attacker could exploit this vulnerability by providing a specially crafted or corrupted on-disk extent header. This could cause an out-of-bounds read in memory, potentially leading to information disclosure or a system crash Denial o...

7.8CVSS5.2AI score0.00135EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 1:53 p.m.36 views

CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes

In the Linux kernel, the following vulnerability has been resolved: ext4: validate pidx bounds in ext4extcorrectindexes ext4extcorrectindexes walks up the extent tree correcting index entries when the first extent in a leaf is modified. Before accessing pathk.pidx-eiblock, there is no validation...

7.8CVSS0.00135EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.10 views

PT-2026-34354

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 ext correct indexes function, which corrects index entries when the first extent in a leaf is modified. The function fails to validate that the p idx pointer...

7.8CVSS5.3AI score0.00135EPSS
Exploits0
Rows per page
Query Builder