Lucene search
+L

841 matches found

nuclei
nuclei
added yesterday110 views

Rebuild <= 3.5.5 - Server-Side Request Forgery

There is a security vulnerability in Rebuild 3.5.5, which is due to a server-side request forgery vulnerability in the URL parameter of the readRawText function of the HTTP Request Handler component. id: CVE-2024-1021 info: name: Rebuild = 3.5.5 - Server-Side Request Forgery author: BMCel severit...

9.8CVSS6.7AI score0.34713EPSS
Exploits1References5
nvd
nvd
added 2026/07/08 1:16 a.m.6 views

CVE-2026-55433

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS0.00394EPSS
Exploits0References6
euvd
euvd
added 2026/07/08 12:22 a.m.8 views

EUVD-2026-42148

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, perform...

5.4CVSS6AI score0.00394EPSS
Exploits0References6
fedora
fedora
added 2026/07/07 1:11 a.m.8 views

[SECURITY] Fedora 43 Update: kernel-headers-7.1.3-100.fc43

Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package...

6.2AI score0.00176EPSS
Exploits5
github
github
added 2026/07/06 9:9 p.m.6 views

Coder: Devcontainer recreate endpoint missing write authorization allows read-only roles to destroy containers

Summary The devcontainer recreate endpoint relied on route middleware that checked only ActionRead on the workspace and, unlike the sibling delete endpoint, performed no ActionUpdate check before triggering the destructive rebuild. Note: Exploitation requires an existing low-privilege role with...

5.4CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
ptsecurity
ptsecurity
added 2026/07/06 12:0 a.m.10 views

PT-2026-56077

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description An authorization bypass exists in the devcontainer recreate endpoint. The endpoint relied on route...

5.4CVSS6AI score0.00394EPSS
Exploits0References9
osv
osv
added 2026/07/02 12:0 a.m.5 views

UBUNTU-CVE-2026-20213

A vulnerability in the PE file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a DoS condition, or possibly other expanded impacts, resulting from memory corruption on an affected device. This vulnerability is due to improper boundary checks for content in PE file...

7.5CVSS7AI score0.00463EPSS
Exploits0References4
susecve
susecve
added 2026/06/28 1:9 a.m.9 views

SUSE CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.8AI score0.00122EPSS
Exploits0References3
nessus
nessus
added 2026/06/28 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-53289

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM...

5.5CVSS6AI score0.00122EPSS
Exploits0References4
nvd
nvd
added 2026/06/26 8:17 p.m.7 views

CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS0.00122EPSS
Exploits0References6
osv
osv
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
osv
osv
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References9
euvd
euvd
added 2026/06/26 7:40 p.m.5 views

EUVD-2026-39894

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.8AI score0.00122EPSS
Exploits0References6
attackerkb
attackerkb
added 2026/06/26 7:40 p.m.8 views

CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.7AI score0.00122EPSS
Exploits0References7Affected Software1
cve
cve
added 2026/06/26 7:40 p.m.15 views

CVE-2026-53289

Summary of CVE-2026-53289 (Linux kernel, ice driver). The vulnerability arises in ice_reset_all_vfs() where the return value of ice_vf_rebuild_vsi() is ignored. If VSI rebuild fails (for example during NVM firmware update via nvmupdate64e), ice_vsi_rebuild() tears down the VSI on its error path, ...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References6Affected Software1
debiancve
debiancve
added 2026/06/26 7:40 p.m.7 views

CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
osv
osv
added 2026/06/26 7:40 p.m.3 views

CVE-2026-53289 ice: fix NULL pointer dereference in ice_reset_all_vfs()

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.12 views

PT-2026-52928

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the ice reset all vfs function. The issue occurs because ice reset all vfs ignores the return value of ice vf rebuild vsi. If the VSI rebuild...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References19
nvd
nvd
added 2026/06/24 8:16 a.m.8 views

CVE-2026-52924

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

9.8CVSS0.00335EPSS
Exploits0References11
euvd
euvd
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38727

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctpstreamupdate is only invoked when the association is moved into COOKIEWAIT during association setup/reconfiguration. In this path, the outbound stream scheduler state...

5.8AI score0.00335EPSS
Exploits0References8
Rows per page
Query Builder