Lucene search
K

199 matches found

RedHat Linux
RedHat Linux
added 6 days ago5 views

mariadb: MariaDB server: Information disclosure of stored routine definitions due to insufficient privilege check

A flaw was found in MariaDB server. A user who has been granted EXECUTE access to a stored routine through a role can view the definition of that routine. This information disclosure occurs even if the user does not possess the SHOW CREATE ROUTINE privilege, potentially exposing sensitive routine...

4.3CVSS5.7AI score0.00161EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 11:53 a.m.7 views

EUVD-2026-38746

Flowise before 3.1.0 npm package flowise, versions 3.0.13 and earlier uses a weak hardcoded default value 'Secre$t' for the TOKENHASHSECRET environment variable in packages/server/src/enterprise/utils/tempTokenUtils.ts when the variable is not configured. This secret derives the AES-256-CBC key...

4.6CVSS5.8AI score0.00093EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/22 5:11 p.m.7 views

motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

7.2CVSS5.8AI score0.18993EPSS
Exploits16References2Affected Software1
FreeBSD Advisory
FreeBSD Advisory
added 2026/06/09 12:0 a.m.13 views

FreeBSD-SA-26:31.arm64

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:31.arm64 Security Advisory The FreeBSD Project Topic: Arm CPU errata may bypass page table permission changes Category: core Module: arm64 Announced:...

9.1CVSS5.6AI score0.00474EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: exec: Fix for the issue involving the comparison between permission checks and setuid/gid usage When opening a file for execution using dofilpopen, permission checks are performed based on the file’s metadata at that moment. If t...

8.4CVSS6.6AI score0.00242EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Microsoft Windows Kernel 安全漏洞

The Microsoft Windows Kernel is the kernel of the Windows operating system developed by Microsoft Corporation. There are security vulnerabilities in the Microsoft Windows Kernel. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versions are affecte...

7.8CVSS5.8AI score0.04725EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-43408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ceph: add a bunch of missing cephpathinfo initializers cephmdscbuildpath must be called with a zero-initialized cephpathinfo parameter, or else the following...

7.8CVSS7AI score0.00129EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/28 1:42 p.m.5 views

CVE-2026-40968

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

4.2CVSS5.2AI score0.00171EPSS
Exploits0References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/04/22 8:47 p.m.6 views

kernel: Linux kernel (qla2xxx): Double free vulnerability leads to denial of service and potential privilege escalation.

A flaw was found in the Linux kernel's qla2xxx block SCSI generic bsg interface. This vulnerability, a double free, occurs because certain vendor-specific handlers incorrectly call the bsgjobdone function on both successful and failed operation paths. A local user could exploit this to trigger...

7.8CVSS5.7AI score0.00194EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.6 views

CVE-2026-35372

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

5CVSS5.8AI score0.00138EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32147

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP ssh sshsftpd module allows an authenticated SFTP user t...

5.3CVSS5.8AI score0.00354EPSS
Exploits0References3
OSV
OSV
added 2026/04/21 2:34 p.m.3 views

SUSE-SU-2026:1535-1 Security update for the Linux Kernel (Live Patch 68 for SUSE Linux Enterprise 12 SP5)

This update for the SUSE Linux Enterprise Kernel 4.12.14-122.258 fixes various security issues The following security issues were fixed: - CVE-2026-23191: ALSA: aloop: Fix racy access at PCM trigger bsc1258396. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy...

7.8CVSS5.8AI score0.00134EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-51774

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The software uses a weak hardcoded default value 'Secre$t' for the TOKEN HASH SECRET environment variable in the packages/server/src/enterprise/utils/tempTokenUtils.ts file when the variable is not...

5.6CVSS6.2AI score0.00093EPSS
Exploits0References9
OSV
OSV
added 2026/04/01 1:44 p.m.8 views

USN-8139-1 rust-cargo-c vulnerability

It was discovered that tar-rs embedded in cargo-c incorrectly handled symlinks when unpacking a tar archive. If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to modify permissions of arbitrary directories outside th...

6.5CVSS6AI score0.00379EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/03/16 12:0 a.m.8 views

EulerOS Virtualization 2.12.0 : systemd (EulerOS-SA-2026-1523)

According to the versions of the systemd packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a...

4.7CVSS5.9AI score0.00641EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/10 12:18 a.m.3 views

CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP

Due to a missing authorization check in SAP NetWeaver Application Server for ABAP, an authenticated attacker with user privileges could read Database Analyzer Log Files via a specific RFC function module. The attacker with the necessary privileges to execute this function module could potentially...

5CVSS5.9AI score0.0023EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/25 4:10 a.m.10 views

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring Syst...

7.8CVSS6.7AI score0.00517EPSS
Exploits3References11
ATTACKERKB
ATTACKERKB
added 2026/02/24 6:42 p.m.2 views

CVE-2025-33181

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges...

8.8CVSS5.9AI score0.00351EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/24 12:0 a.m.7 views

NVIDIA Cumulus Linux和NVIDIA NVOS 命令注入漏洞

NVIDIA Cumulus Linux and NVIDIA NVOS are both products of NVIDIA Corporation, a US-based company. NVIDIA Cumulus Linux is a powerful open-source network operating system. NVIDIA NVOS is also an operating system. Both NVIDIA Cumulus Linux and NVIDIA NVOS have command injection vulnerabilities, whi...

8.8CVSS5.8AI score0.00762EPSS
Exploits0References3
Debian
Debian
added 2026/02/17 11:50 a.m.8 views

[SECURITY] [DLA 4480-1] roundcube security update

Debian LTS Advisory DLA-4480-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin February 17, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u7 CVE ID : CVE-2026-25916 CVE-2026-26079 Debian Bug : 1127447 Vulnerabilities were...

4.7CVSS6AI score0.00629EPSS
Exploits2
Rows per page
Query Builder