Lucene search
K

13326 matches found

Debian CVE
Debian CVE
added 2026/06/26 3:50 p.m.6 views

CVE-2026-9640

A privilege escalation vulnerability exists in LXD from 6.0 before 6.9, 5.21.0 before 5.21.5, and 5.0.0 before 5.0.7 regarding the handling of project-restriction policies during snapshot restoration.. An authenticated project operator in a restricted multi-tenant environment can bypass policy...

7.2CVSS5.8AI score0.00342EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/26 3:9 p.m.8 views

CVE-2026-41567

A flaw was found in Moby, the open-source container framework, and Docker Engine. A malicious container image can exploit this vulnerability to achieve arbitrary code execution with full daemon privileges, including host root access. This occurs when a user uploads a compressed archive to the...

7.5CVSS6.4AI score0.00153EPSS
Exploits0References4
The Hacker News
The Hacker News
added 2026/06/26 1:57 p.m.23 views

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW ," is an out-of-bounds write in the packet-editing action actpedit that corrupts shared page-cache memory. A public, working exploit appeare...

6.1AI score0.00321EPSS
Exploits10
The Hacker News
The Hacker News
added 2026/06/26 11:51 a.m.12 views

New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets

DirtyClone is a new Linux kernel privilege escalation in the DirtyFrag family. JFrog Security Research published a working exploit walkthrough for the flaw on June 25, the first public demonstration for this variant. Tracked as CVE-2026-43503 CVSS 8.8, it lets a local user corrupt file-backed...

8.8CVSS6.1AI score0.00135EPSS
Exploits7
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.9 views

PT-2026-52844

Name of the Vulnerable Software and Affected Versions LXD versions 6.0 through 6.8 LXD versions 5.21.0 through 5.21.4 LXD versions 5.0.0 through 5.0.6 Description An issue exists in the handling of project-restriction policies during snapshot restoration. An authenticated project operator in a...

7.2CVSS5.8AI score0.00342EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-53010

Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description An issue exists where a specially crafted image can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command execution. The problem occurs becau...

9.9CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added 2026/06/25 3:0 p.m.5 views

EUVD-2026-39432

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code...

7.2CVSS6.4AI score0.00342EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 1:15 p.m.5 views

xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter()

A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter. A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or f...

7.8CVSS5.7AI score0.0014EPSS
Exploits0References7
The Hacker News
The Hacker News
added 2026/06/25 5:46 a.m.9 views

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access

An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 CVSS score: 7.8...

7.8CVSS6.6AI score0.25323EPSS
Exploits2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, a local unprivileged user could force cupsd to authenticate against a localhost IPP service controlled by the attacker, using a reusable “Authorization: Local…”...

7.8CVSS6.2AI score0.00289EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/06/24 1:39 a.m.10 views

keylime: Keylime: Security bypass due to hardcoded TPM quote nonce

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module TPM quote attestation instead of a...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/23 6:47 p.m.7 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 3:16 p.m.13 views

CVE-2026-35018

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS0.00664EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/23 1:46 p.m.6 views

EUVD-2026-38452

NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.8AI score0.00664EPSS
Exploits0References4
NVD
NVD
added 2026/06/23 1:16 p.m.11 views

CVE-2026-44089

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/23 12:8 p.m.41 views

CVE-2026-44089 Buffer Overflow in Totolink EX1200L router

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS0.0023EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:8 p.m.6 views

EUVD-2026-38425

Totolink EX1200L router is vulnerable to Buffer Overflow in the login functionality in cgi-bin/cstecgi.cgi endpoint. This vulnerability could be exploited to cause the program to crash and to execute code remotely. This allows the attacker to perform actions as root including reading and editing...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References2
CVE
CVE
added 2026/06/23 12:8 p.m.12 views

CVE-2026-44089

CVE-2026-44089 concerns Totolink EX1200L router. A buffer overflow in the login function of the CGI endpoint cgi-bin/cstecgi.cgi could allow remote code execution and a root-level impact, including reading/editing data and potentially bricking the device. The vulnerability has been confirmed only...

9.4CVSS5.9AI score0.0023EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.15 views

PT-2026-51522

🚨 CVE-2026-35018 NetComm NF20MESH routers running firmware R6B031 and earlier contain an authenticated remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands as root by injecting shell metacharacters into the username JSON parameter processed by the...

8.8CVSS6.6AI score0.00664EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/22 10:16 p.m.25 views

CVE-2026-54232 vLLM: Dependency Confusion Vulnerability in vLLM Dockerfile

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.1, the vLLM Dockerfile is vulnerable to a dependency confusion attack through the flashinfer-jit-cache package. The package is installed from a custom index flashinfer.ai/whl/ using --extra-index-url, but the...

8.8CVSS0.00304EPSS
Exploits1References1
Rows per page
Query Builder