Lucene search
K

1010 matches found

Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.14 views

PT-2026-41679

Name of the Vulnerable Software and Affected Versions PCC versions prior to 5E290.3 Description A path handling issue exists where an attacker in a privileged network position may be able to leak sensitive information. This is caused by insufficient validation during path processing...

6.5CVSS5.9AI score0.00194EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.8 views

Apple Private Cloud Compute Server Software 输入验证错误漏洞

Apple Private Cloud Compute Server Software is a privacy-protective cloud-based AI computing platform software developed by Apple Inc. Versions prior to Apple Private Cloud Compute Server Software Release 5E290.3 contained a vulnerability related to input validation errors. This vulnerability...

6.5CVSS5.8AI score0.00194EPSS
Exploits0References1
Veracode
Veracode
added 2026/05/14 6:34 p.m.11 views

Authentication Bypass

s3-proxy is vulnerable to Authentication Bypass. The vulnerability is due to inconsistent URL path interpretation between the authentication middleware and bucket handler, which allows an attacker to bypass access controls and perform unauthorized operations on protected S3 objects...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.8 views

CVE-2026-42882

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 9:31 p.m.8 views

EUVD-2026-29294

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...

5.8AI score0.00311EPSS
Exploits0References4
NVD
NVD
added 2026/05/11 9:19 p.m.11 views

CVE-2026-39871

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...

7.5CVSS0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/11 9:9 p.m.12 views

EUVD-2026-29332

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, ZipHelper.extract computes the extraction path for each entry by passing a full filesystem path through trimFileAndExt, a filename helper that calls path.basename on its input when truncating. When a zip entry's...

8.7CVSS5.8AI score0.00368EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:7 p.m.29 views

CVE-2026-39871

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...

0.00311EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 8:7 p.m.15 views

CVE-2026-39871

The CVE-2026-39871 entry describes a path handling issue in macOS that could allow an app to observe unprotected user data. The connected sources confirm fixes in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5, indicating the underlying problem was addressed through improved path...

7.5CVSS5.8AI score0.00311EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 8:7 p.m.9 views

CVE-2026-39871

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...

5.8AI score0.00311EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 7:26 p.m.7 views

CVE-2026-42882

oxyno-zeta/s3-proxy is an aws s3 proxy written in go. Prior to 5.0.0, s3-proxy contains an authentication bypass caused by inconsistent URL path interpretation between the authentication middleware and the bucket handler. The authentication middleware evaluates resource path patterns against the...

9.4CVSS5.8AI score0.00554EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/11 2:13 p.m.9 views

SUSE CVE-2026-43372

In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If requestthreadedirq fails during the PTP message IRQ setup, the newly created IRQ mapping is never disposed. Indeed, the kszptpirqsetup's error path only frees the mappings...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-39835

A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data...

5.8AI score0.00311EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 3:16 p.m.10 views

UBUNTU-CVE-2026-43395

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.9 views

PT-2026-39080

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the ceph mdsc build path function. The issue occurs because putname calls were missing in error code paths that failed to free the path pointer obtained by getnam...

5.5CVSS5.4AI score0.00122EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an error in the path handling after adding a bridge using the samsungdsimhostattach function. Thi...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 8:39 a.m.11 views

CLSA-2026-1778143159 jq: Fix of 2 CVEs

CVE-2026-33948: fix NUL truncation in JSON parser validation bypass - CVE-2026-33947: fix unbounded recursion stack overflow in jvsetpath/getpath/delpaths...

6.3CVSS5.9AI score0.00256EPSS
Exploits2References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27806

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

5.8AI score0.00441EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 10:16 a.m.27 views

CVE-2026-43086

In the Linux kernel, the following vulnerability has been resolved: ipvs: fix NULL deref in ipvsaddservice error path When ipvsbindscheduler succeeds in ipvsaddservice, the local variable sched is set to NULL. If ipvsstartestimator subsequently fails, the outerr cleanup calls...

5.5CVSS0.00122EPSS
Exploits0References5
CVE
CVE
added 2026/05/05 3:23 p.m.23 views

CVE-2026-43066

CVE-2026-43066: In Linux kernel ext4_fc_replay_inode(), iloc.bh leak could occur on error paths due to missing brelse at several failure points. The patch adds an out_brelse label before the existing out label to ensure iloc.bh is released, and also makes ext4_fc_replay_inode() propagate errors i...

5.5CVSS5.8AI score0.00117EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder