Lucene search
K

383 matches found

Ubuntu
Ubuntu
added 2026/05/06 5:43 a.m.10 views

USN-8236-1: Slurm vulnerabilities

It was discovered that Slurm did not correctly handle certain file system operations. An attacker could possibly use this issue to modify files or leak sensitive information. This issue only affected Ubuntu 22.04 LTS. CVE-2023-41914 Ryan Hall discovered that Slurm did not correctly enforce certai...

9.8CVSS6AI score0.01386EPSS
Exploits0
Cvelist
Cvelist
added 2026/04/29 5:53 p.m.29 views

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS0.00382EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/29 5:53 p.m.3 views

CVE-2026-28221 Wazuh: Pre-auth stack-based buffer overflow in wazuh-remoted print_hex_string() due to signed char promotion on x86_64

Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.8.0 to before version 4.14.4, a stack-based buffer overflow exists in printhexstring in wazuh-remoted. The bug is triggered when formatting attacker-controlled bytes using sprintfdstbuf +...

6.5CVSS5.9AI score0.00382EPSS
Exploits1References2
CVE
CVE
added 2026/04/29 5:53 p.m.19 views

CVE-2026-28221

CVE-2026-28221 – Wazuh pre-auth stack-based buffer overflow is confirmed in wazuh-remoted’s print_hex_string(). From versions 4.8.0 to before 4.14.4, attacker-controlled bytes are formatted with sprintf(dst_buf + 2*i, "%.2x", src_buf[i]) on signed-char platforms, causing sign-extension and an out...

8.2CVSS5.9AI score0.00382EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/09 2:22 p.m.2 views

GHSA-JF56-MCCX-5F3F OpenClaw: Authenticated `/hooks/wake` and mapped `wake` payloads are promoted into the trusted `System:` prompt channel

Impact Authenticated /hooks/wake and mapped wake payloads are promoted into the trusted System: prompt channel. An authenticated wake hook or mapped wake payload could be promoted into the trusted System prompt channel instead of an untrusted event. OpenClaw is a user-controlled local assistant...

8.5CVSS5.8AI score
Exploits0References2
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.8 views

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 of Wastime contain security vulnerabilities. These vulnerabilities arise when using the Val type promotion feature to increase values of component models. If bi...

7.5CVSS5.8AI score0.00324EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/07 3:30 p.m.6 views

EUVD-2026-19634

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5373

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References3
OSV
OSV
added 2026/04/06 7:54 a.m.2 views

BIT-MONGODB-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30714

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/31 5:0 p.m.2 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/30 6:31 p.m.4 views

EUVD-2026-17115

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2
OSV
OSV
added 2026/03/30 4:16 p.m.2 views

UBUNTU-CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.8AI score0.00203EPSS
Exploits0References3
CVE
CVE
added 2026/03/30 3:28 p.m.27 views

CVE-2026-5170

CVE-2026-5170 – summary : MongoDB Server is affected by a vulnerability where a user with limited privileges can cause a mongod crash during the window when a cluster is promoted from a replica set to a sharded cluster, resulting in a denial of service on the primary. Affected versions are MongoD...

6CVSS5.9AI score0.00203EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/30 3:28 p.m.1 views

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/30 3:28 p.m.21 views

CVE-2026-5170 Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/30 3:28 p.m.4 views

CVE-2026-5170

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
MongoDB
MongoDB
added 2026/03/30 3:28 p.m.11 views

Users could trigger a crash of mongod primaries during promotion to sharded

A user with access to the cluster with a limited set of privilege actions can trigger a crash of a mongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may cause a denial of service by taking down the primary o...

6CVSS5.2AI score0.00203EPSS
Exploits0References1Affected Software1
FreeBSD
FreeBSD
added 2026/03/30 12:0 a.m.6 views

MongoDB Server -- CWE-617: Reachable Assertion

https://jira.mongodb.org/browse/SERVER-101758 reports: A user with access to the cluster with a limited set of privilege actions can trigger a crash of amongod process during the limited and unpredictable window when the cluster is being promoted from a replica set to a sharded cluster. This may...

6CVSS5.9AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 8:32 p.m.4 views

GO-2026-4717 Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo

Kargo Vulnerable to SSRF in Promotion http/http-download Steps Enables Internal Network Access and Data Exfiltration in github.com/akuity/kargo...

5.1CVSS5.9AI score0.00328EPSS
Exploits0References3
Rows per page
Query Builder