Lucene search
+L

408983 matches found

CVE
CVE
added 2026/06/18 7:1 p.m.21 views

CVE-2026-48982

CVE-2026-48982 affects pam_usb prior to version 0.9.2, where updating a one-time pad file creates a temporary file with open() lacking O_EXCL, enabling a race between concurrent processes to update the same pad. This non-atomicity can cause the stored pad to diverge from expectations, potentially...

5.8CVSS5.3AI score0.00088EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 1:20 a.m.5 views

kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.7AI score0.0017EPSS
Exploits0References5
NVD
NVD
added 2026/06/10 11:16 p.m.11 views

CVE-2026-47712

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS0.00139EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/09 9:36 p.m.52 views

Security Bulletin: IBM Security Network Intrusion Prevention System can be affected by vulnerabilities in Ruby on Rails (CVE-2012-2660, CVE-2012-2694, CVE-2013-0156, CVE-2012-6496, CVE-2012-3424, and CVE-2012-2695)

Question Is the Network IPS system affected by Ruby on Rails vulnerabilities? "Product":"code":"SS9SBT","label":"Proventia Network Intrusion Prevention System","Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Component":"General...

5.6AI score
Exploits0Affected Software1
OSV
OSV
added 2026/06/08 11:4 p.m.13 views

GHSA-555P-6GRF-MH7F Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

Impact dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes - path separators /, , parent-directory components .., and other filename-hostile characters e.g. : were preserved verbatim and...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/08 7:3 p.m.7 views

CVE-2026-47344

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS5.2AI score0.00282EPSS
Exploits0References3
NVD
NVD
added 2026/06/08 5:16 p.m.31 views

CVE-2026-46298

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can enter into a deadlock. This patch fixes both these handlers to take...

4.7CVSS0.00074EPSS
Exploits0References2
OSV
OSV
added 2026/06/08 5:16 p.m.11 views

UBUNTU-CVE-2026-46286

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

5.5CVSS5.2AI score0.00122EPSS
Exploits0References12
OSV
OSV
added 2026/06/08 3:41 p.m.2 views

CVE-2026-46286 leds: qcom-lpg: Check for array overflow when selecting the high resolution

In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the array, FIELDGET is used to pull from a 3 bit register, yet the array being indexed has only 5 values i...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-9957

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user with project owner permissions to bypass group fork prevention settings due to...

2.7CVSS5.5AI score0.00381EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2026-25852

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.93212...

6.7CVSS6.6AI score0.0009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.12 views

CVE-2026-50033

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.2AI score0.00115EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-42304

A flaw was found in Twisted, specifically within the twisted.names module. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted TCP DNS packet containing deeply chained compression pointers. This can lead to resource exhaustion, causing the...

7.5CVSS5.8AI score0.00433EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44609

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS7.2AI score0.00106EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/04 2:31 a.m.13 views

SUSE CVE-2025-71313

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for allocworkqueue allocworkqueue can return NULL on memory allocation failure. Without proper error checking, this may lead to a NULL pointer dereference when queuework is later called with...

5.8AI score0.00107EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.11 views

SUSE CVE-2026-28883

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash...

7.5CVSS5.8AI score0.00399EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/04 2:27 a.m.10 views

SUSE CVE-2026-28947

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash...

7.5CVSS5.8AI score0.00378EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/03 7:26 p.m.15 views

EUVD-2026-34173

Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS5.8AI score0.00106EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 7:26 p.m.23 views

CVE-2026-42061

CVE-2026-42061 describes a local privilege escalation caused by excessive permissions granted to child processes in Acronis DeviceLock DLP (Windows) prior to build 9.0.15051.93227 . Affected component and root cause are stated, with the CVSSv3 score reported as 7.3 (High) and attack vector LOCAL,...

7.3CVSS7.1AI score0.00106EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 7:25 p.m.14 views

EUVD-2026-34171

Local privilege escalation due to EXE hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP Windows before build 9.0.15051.93227...

7.3CVSS5.8AI score0.00106EPSS
Exploits0References1
Rows per page
Query Builder