Lucene search
K

651 matches found

Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-38935

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the wave5 driver when operating in polling mode. The driver uses an hrtimer to periodically trigger the wave5 vpu timer callback function, which queues work vi...

5.5CVSS5.9AI score0.00122EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the wave5 driver failing to cancel the hrtimer before destroying the kthread worker in polling...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.11 views

phoenix 安全漏洞

Phoenix is a web development framework developed under the Phoenix framework open source project. Versions of Phoenix from 1.7.0 to 1.7.22, as well as 1.8.6, have security vulnerabilities. These vulnerabilities stem from the unlimited resource allocation during the processing of NDJSON data...

8.7CVSS5.8AI score0.00469EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/30 6:17 a.m.5 views

Cross-site Scripting (XSS)

Overview com.coravy.hudson.plugins.github:github is a Jenkins GitHub plugin Affected versions of this package are vulnerable to Cross-site Scripting XSS via JavaScript validation logic for the “GitHub hook trigger for GITScm polling” feature. An attacker can execute arbitrary JavaScript code by...

9.4CVSS5.8AI score0.00281EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/29 3:30 p.m.12 views

Jenkins GitHub Plugin has an XSS vulnerability

In Jenkins GitHub Plugin versions 1.46.0 and earlier, the JavaScript that validates the "GitHub hook trigger for GITScm polling" feature improperly processes the current job URL. This results in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with Overall/Re...

9CVSS5.9AI score0.00281EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/29 1:31 p.m.6 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

9CVSS4.8AI score0.00281EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 1:31 p.m.17 views

CVE-2026-42523

The CVE-2026-42523 entry affects Jenkins GitHub Plugin up to version 1.46.0. The vulnerability arises because the plugin improperly processes the current job URL within JavaScript that validates the GitHub hook trigger for GITScm polling, enabling stored XSS. Impact is described as high/critical ...

9CVSS4.8AI score0.00281EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/29 1:31 p.m.4 views

EUVD-2026-26225

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

9CVSS4.8AI score0.00281EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/29 1:31 p.m.34 views

CVE-2026-42523

Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting XSS vulnerability exploitable by non-anonymous attackers with...

0.00281EPSS
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/28 8:25 a.m.7 views

Malicious code in coloreasyprint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d52af876a91a6ff5ff8144b705201fd465db94ad89f0e1b37bd22fe6ca0f5622 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/04/28 8:25 a.m.6 views

MAL-2026-3127 Malicious code in coloreasyprint (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d52af876a91a6ff5ff8144b705201fd465db94ad89f0e1b37bd22fe6ca0f5622 During import, the code downloads and executes encrypted payload from remote location. During analysis, remote code was prepared to download the next stage...

5.8AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-31691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - igb: remove napisynchronize in igbdown When an AFXDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling...

5.5CVSS6AI score0.00112EPSS
Exploits0References3
NVD
NVD
added 2026/04/27 6:16 p.m.6 views

CVE-2026-31691

In the Linux kernel, the following vulnerability has been resolved: igb: remove napisynchronize in igbdown When an AFXDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igbcleanrxirqzc repeatedly returns the full budget,...

5.5CVSS0.00112EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 5:34 p.m.16 views

CVE-2026-31691

The CVE-2026-31691 vulnerability affects the Linux kernel igb driver. It describes a race where igb_down() calls napi_synchronize() before napi_disable(), causing a hang: napi_synchronize() waits on NAPI_STATE_SCHED that never clears, blocking TX and leaving the TX queue stalled. The fix removes ...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 5:34 p.m.5 views

CVE-2026-31691

In the Linux kernel, the following vulnerability has been resolved: igb: remove napisynchronize in igbdown When an AFXDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igbcleanrxirqzc repeatedly returns the full budget,...

5.7AI score0.00112EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35497

In the Linux kernel, the following vulnerability has been resolved: igb: remove napi synchronize in igb down When an AF XDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igb clean rx irq zc repeatedly returns the full budget,...

5.6AI score0.00112EPSS
Exploits0References6
Microsoft CVE
Microsoft CVE
added 2026/04/26 8:1 a.m.9 views

OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users

...

5.4CVSS5.2AI score0.00409EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/04/24 4:54 p.m.4 views

CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to 2.4.17, a network-adjacent attacker can send a crafted SNMP response to the CUPS SNMP backend that causes an out-of-bounds read of up to 176 bytes past a stack buffer. The leaked memory i...

4.3CVSS5.2AI score0.00409EPSS
Exploits1References3
OSV
OSV
added 2026/04/24 3:16 p.m.5 views

DEBIAN-CVE-2026-31550

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835asbcontrol function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:33 p.m.2 views

CVE-2026-31550

In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835asbcontrol function uses a tight polling loop to wait for the ASB bridge to acknowledge a request. During intensive workloads, this handshake intermittently...

5.4AI score0.00123EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder