Lucene search
K

1010 matches found

SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.28 views

SUSE CVE-2026-46176

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5ibdevressrqinit mlx5ibdevressrqinit allocates two SRQs, s0 and s1. When ibcreatesrq fails for s1, the error branch destroys s0 but falls through and unconditionally assigns the freed ...

5.5CVSS5.8AI score0.00142EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:26 p.m.7 views

CVE-2026-47676

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.21, app.mount strips the mount prefix from the incoming request path using the raw URL pathname, while route matching is performed against the percent-decoded path. This inconsistency causes the...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/28 9:36 a.m.24 views

CVE-2026-46176

The CVE-2026-46176 issue affects the Linux kernel RDMA mlx5 path (mlx5_ib_dev_res_srq_init): when ib_create_srq() fails for s1, the error path can end up with freed s0 and ERR_PTR s1 assigned to devr->s0/devr->s1, leading to use-after-free/double-free risk in subsequent access. The fix adds...

7.8CVSS5.8AI score0.00142EPSS
Exploits0References12Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.14 views

PT-2026-44416

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.21 Description In the app.mount function, the mount prefix is stripped from the incoming request path using the raw URL pathname, whereas route matching is conducted against the percent-decoded path. This...

5.3CVSS5.8AI score0.0026EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

esm.sh 路径遍历漏洞

esm.sh is an open-source content distribution network developed by esm.sh. Versions of esm.sh 137 and earlier contained a path traversal vulnerability. This vulnerability stemmed from the fact that older routers did not clean up path components during the concatenation process, allowing attackers...

8.7CVSS5.8AI score0.00362EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:49 p.m.11 views

CVE-2026-8359

When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBinLoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not prese...

7.5CVSS5.8AI score0.00275EPSS
Exploits0References2
NVD
NVD
added 2026/05/27 2:17 p.m.12 views

CVE-2026-45924

In the Linux kernel, the following vulnerability has been resolved: ksmbd: call ksmbdvfskernpathendremoving on some error paths There are two places where ksmbdvfskernpathendremoving needs to be called in order to balance what the corresponding successful call to ksmbdvfskernpathstartremoving has...

5.5CVSS0.0012EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43791

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ksmbd module where the function ksmbd vfs kern path end removing is not called on certain error paths. This failure to balance the corresponding ksmbd vfs kern pat...

5.4AI score0.0012EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43401

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, when the primary toSmbPathfullPath call throws, the method falls back to a dirname/basename split and only validates the directory prefix. The basename is concatenated directly into the smbclient -c script without validation...

9.1CVSS6AI score0.00451EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2026/05/22 12:0 a.m.21 views

VulnCheck KEV: CVE-2026-39365

Vite is a frontend tooling framework for JavaScript. From 6.0.0 to before 6.4.2, 7.3.2, and 8.0.5, the dev server’s handling of .map requests for optimized dependencies resolves file paths and calls readFile without restricting ../ segments in the URL. As a result, it is possible to bypass the...

6.3CVSS5.8AI score0.00914EPSS
In wildExploits1References10
CVE
CVE
added 2026/05/20 4:32 p.m.22 views

CVE-2026-20240

CVE-2026-20240 affects Splunk Enterprise (versions below 10.2.2, 10.0.5, 9.4.11, 9.3.12) and Splunk Cloud Platform (below 10.4.2603.1, 10.3.2512.9, 10.2.2510.11, 10.1.2507.21, 10.0.2503.13, 9.3.2411.129). A low-privilege user (not admin/power) can trigger a Denial of Service by abusing the coldTo...

6.5CVSS5.9AI score0.00396EPSS
Exploits0References1Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net/usb: kalmia: Do not pass actlen in the usbbulkmsg error path. syzbot reported that actlen in kalmiasendinitpacket is uninitialized when it is passed to the first usbbulkmsg error path. Jiri Pirko noted that it’s pointless to...

5.5CVSS5.2AI score0.00253EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in python-tornado

In Tornado before version 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments of .RequestHandler.setcookie were not checked for crafted characters...

7.2CVSS5.2AI score0.00237EPSS
Exploits0References1
NVD
NVD
added 2026/05/18 4:16 p.m.16 views

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

6.5CVSS0.00194EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/18 3:19 p.m.14 views

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

5.8AI score0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/18 3:19 p.m.10 views

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References2
CVE
CVE
added 2026/05/18 3:19 p.m.20 views

CVE-2026-20685

Technical details about CVE-2026-20685 are not publicly available in the provided documents. Monitor for updates.

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/18 3:19 p.m.44 views

CVE-2026-20685

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

0.00194EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/18 3:19 p.m.12 views

EUVD-2026-30775

An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

HSC MailInspector 安全漏洞

HSC MailInspector is a mail security analysis and filtering system developed by the Brazilian company HSC. Version 5.3.3-7 of HSC MailInspector contains security vulnerabilities. These vulnerabilities stem from improper control of file paths provided to users. When the...

7.5CVSS5.8AI score0.00372EPSS
Exploits1References2
Rows per page
Query Builder