Lucene search
K

2321 matches found

Cvelist
Cvelist
added 2026/06/22 4:23 p.m.30 views

CVE-2026-54269 protobufjs: Schema-derived names can shadow runtime-significant properties

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS0.00238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:23 p.m.4 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/21 1:26 p.m.26 views

CVE-2026-56242 Capgo - Unauthenticated API Key Validity Oracle and User Identity Disclosure via get_identity_apikey_only RPC

Capgo before 12.128.2 contains an unauthenticated security definer RPC function getidentityapikeyonly that returns the owning userid for supplied API keys, creating an API key validity oracle and user identity disclosure primitive. Attackers can call this endpoint with valid or invalid API keys t...

8.7CVSS0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.15 views

PT-2026-51221

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An unauthenticated security definer RPC function get identity apikey only returns the owning user id for supplied API keys. This creates an API key validity oracle—a mechanism that allows an attacke...

8.7CVSS5.8AI score0.00259EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56235

Cap-go capgo before 12.128.2 contains an authorization bypass in several Supabase PostgREST RPC functions getappmetrics, getglobalmetrics, gettotalmetrics that are granted to the anon role without enforcing org membership or permission checks. An unauthenticated attacker using only the public...

6.9CVSS5.9AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/06/20 1:16 a.m.11 views

CVE-2026-56213

Capgo before 12.128.2 contains an authorization bypass vulnerability in the public.upsertversionmeta SECURITY DEFINER function exposed via PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into versionmeta for any appid. Attackers can exploit this by calling the RPC...

6.9CVSS0.00235EPSS
Exploits0References2
CVE
CVE
added 2026/06/20 12:14 a.m.16 views

CVE-2026-56213

Capgo exploitable before version 12.128.2 via an authorization bypass in the public.upsert_version_meta SECURITY DEFINER function exposed through PostgREST RPC, allowing unauthenticated attackers to insert arbitrary rows into version_meta for any app_id. This leads to poisoned storage metrics, pe...

6.9CVSS6AI score0.00235EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.5 views

SUSE SLES16 Security Update : google-guest-agent (SUSE-SU-2026:22128-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:22128-1 advisory. Changes in google-guest-agent: Update to version 20260430.00 Update OWNERS 609 Update THIRDPARTYLICENSES to be package specific...

9.1CVSS5.8AI score0.01557EPSS
Exploits1References24
NVD
NVD
added 2026/06/19 2:16 p.m.15 views

CVE-2026-48139

There is a NULL pointer dereference vulnerability in NI grpc-device in the data moniker service that may allow an attacker to cause a denial of service by triggering a crash. Successful exploitation requires an attacker to provide an unknown value to the data moniker service. This affects NI...

8.7CVSS0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/19 1:37 p.m.32 views

CVE-2026-48141 Memory leak in NI grpc-device BeginSidebandStream

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

6CVSS0.0024EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:37 p.m.7 views

CVE-2026-48141

There is a memory leak in NI grpc-device BeginSidebandStream that may result in denial of service due to memory exhaustion. This affects NI grpc-device 2.17.0 and prior versions...

6CVSS5.8AI score0.0024EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed an issue where the buffer was overread in rxgkdoverifyauthenticator. Fixed rxgkdoverifyauthenticator to check the buffer size before checking the nonce...

8.2CVSS5.9AI score0.00385EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: rxrpc: Fixed the issue where the listen function sets the backlog to too high for preallocation rings. The listen handler of AFRXRPC allows you to set the backlog to 32 if you increase the sysctl value. However, since the...

5.5CVSS6.3AI score0.00283EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in nghttp2, netty, tomcat9, jetty9, grpc

The HTTP/2 protocol allows for a denial of service server resource consumption, as request cancellation can quickly reset many streams, as exploited in practice from August to October 2023...

7.5CVSS7AI score0.99999EPSS
Exploits19References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue where the timer for starting a call race against the destruction of the call occurred. The rxrpccall structure contains a timer used to handle various timed events related to calls. This timer can be...

4.7CVSS5.1AI score0.00165EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: SUNRPC: Fixed a leak that could cause the server to shut down. Fixed a race condition where kthreadstop might prevent threadfn from being called at all. If this occurs, the svcrqst will not be cleaned up properly...

5.5CVSS6.2AI score0.00154EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

A race condition was detected in the Linux kernel’s RxRPC network protocol, during the processing of RxRPC bundles. This issue arises due to the lack of proper locking when performing operations on an object. This could allow an attacker to escalate privileges and execute arbitrary code within th...

7CVSS7.1AI score0.00363EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the issue of loading the RxGK token to check bounds. The rxrpcpreparsexdryfsrxgk function reads the raw key length and ticket length from the XDR token as u32 values. It then rounds each value up by 4 before using th...

7.8CVSS6AI score0.00143EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Only drop the call reference if one was actually acquired. The function rxrpcinputpacketonconn can process a packet for the client after the current client call on the channel has already been terminated. In this case,...

7.5CVSS5.7AI score0.00441EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.46 views

PT-2026-50891

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description An unchecked enum cast issue exists in the BeginSidebandStream function. An attacker can trigger invalid enum states and undefined behavior by supplying a specially crafted message containing...

7.1CVSS5.9AI score0.00254EPSS
Exploits0References6
Rows per page
Query Builder