Lucene search
+L

3064 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 10:41 a.m.9 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/17 12:0 a.m.28 views

CVE-2025-66391

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write operations, e.g., the system will send a one-time password to an attacker-controlled email address when the attacker attempts to reset the password of a user account...

0.00383EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/16 1:39 p.m.9 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
OSV
OSV
added 2026/06/16 12:37 p.m.6 views

BIT-DISCOURSE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users could create chat...

5.3CVSS5.2AI score0.00213EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.6 views

PT-2026-56442

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.55 n8n versions prior to 2.25.7 n8n versions prior to 2.26.2 Description An authorization bypass exists in the Evaluations feature within the 'POST /workflows/workflowId/test-runs/new' endpoint. The system incorrect...

7.4CVSS6.2AI score0.00161EPSS
Exploits0References9
OSV
OSV
added 2026/06/15 9:17 p.m.8 views

DEBIAN-CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS5.2AI score0.00357EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.11 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.3AI score0.00862EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/15 10:18 a.m.13 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.5AI score0.01782EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 9:16 p.m.18 views

CVE-2026-45085

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS0.00213EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 8:25 p.m.33 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:25 p.m.11 views

EUVD-2026-36558

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.3AI score0.00213EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 8:25 p.m.3 views

CVE-2026-45085 Discourse: Chat misauthorization and information disclosure

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, four authorization/disclosure issues in the chat plugin one also involving discourse-calendar: read-only category users...

5.3CVSS5.9AI score0.00213EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/11 10:5 a.m.9 views

redis: Remote code execution via use-after-free in Lua scripting

A flaw was found in Redis, an in-memory data structure store. An authenticated attacker can exploit a use-after-free vulnerability in redis-server with Lua scripting. This occurs through the master-replica synchronization mechanism on replicas where replica-read-only is disabled or can be disable...

8.8CVSS5.6AI score0.01782EPSS
Exploits0References6
NVD
NVD
added 2026/06/10 11:16 p.m.14 views

CVE-2026-46695

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS0.00289EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 10:20 p.m.12 views

EUVD-2026-36166

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 10:20 p.m.11 views

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 10:20 p.m.34 views

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS0.00289EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 10:20 p.m.3 views

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS6AI score0.00289EPSS
Exploits0References5
CVE
CVE
added 2026/06/10 10:20 p.m.32 views

CVE-2026-46695

Summary of verified details: CVE-2026-46695 concerns Boxlite before v0.9.0, where host directories mounted via virtiofs were intended read-only but could be remounted by inside-the-sandbox code to write to host files. Root cause: read_only flag was not enforced at the hypervisor level; the hyperv...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/10 12:31 p.m.46 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.4AI score0.00862EPSS
Exploits0References5
Rows per page
Query Builder