Lucene search
K

239 matches found

EUVD
EUVD
added 2026/07/07 4:37 p.m.7 views

EUVD-2026-42056

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 6:16 p.m.7 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 4:16 p.m.8 views

CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.8CVSS0.00533EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/02 3:19 p.m.7 views

EUVD-2026-41406

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.22 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00494EPSS
Exploits1References8
OSV
OSV
added 2026/06/11 9:57 p.m.11 views

MAL-2026-5678 Malicious code in internallib_v557 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 275af9596caf2b68994ca8282da7e127f8a4478e07888dbae73826328b4e41f2 index.js implements a multi-step attack against an internal npm registry. On invocation of the exported command, it: 1 creates a Verdaccio user...

5.5AI score
Exploits0References25
RedHat Linux
RedHat Linux
added 2026/06/09 1:49 p.m.24 views

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux RHEL 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6AI score0.03663EPSS
Exploits24References3
NVD
NVD
added 2026/06/09 11:16 a.m.16 views

CVE-2026-47343

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS0.00238EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

RHEL 9 : kpatch-patch (RHSA-2026:24814)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24814 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

7.8CVSS5.6AI score0.03663EPSS
Exploits17References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.20 views

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 (RHSA-2026:23469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23469 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...

7.8CVSS5.6AI score0.03663EPSS
Exploits17References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.5AI score0.00166EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 10:8 p.m.19 views

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.1AI score0.03663EPSS
Exploits24References3
RedHat Linux
RedHat Linux
added 2026/06/04 9:24 p.m.20 views

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.1AI score0.03663EPSS
Exploits24References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.14 views

Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta

Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...

5.9AI score0.00029EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:18 p.m.13 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/27 8:18 p.m.43 views

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 8:18 p.m.10 views

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 8:18 p.m.18 views

CVE-2026-44711

The CVE concerns the pam_usb project for Linux. Affected: pam_usb versions prior to 0.8.7. Root cause: symlink attacks on the pad directory and pad files. Impact: authentication bypass and potential root file corruption. The issue is fixed in version 0.8.7. There is no explicit exploitation statu...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References2
OSV
OSV
added 2026/05/27 8:18 p.m.2 views

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS6AI score0.00166EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.11 views

pam_usb 授权问题漏洞

pamusb is a Linux hardware authentication tool developed by McDope’s individual developer, based on USB devices. Versions of pamusb prior to 0.8.7 have a vulnerability related to authorization issues. This vulnerability stems from symbolic link attacks involving the pad directory and pad files,...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder