Lucene search
K

1283 matches found

Cvelist
Cvelist
added 2026/05/21 8:14 a.m.41 views

CVE-2026-7837 TOCTOU with root privilege in ad_flush

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

3.7CVSS0.00236EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/21 7:36 a.m.87 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copy-fail CVE-2026-31431 Copy Fail – a C language PoC,...

7.8CVSS7.4AI score0.96267EPSS
Exploits229
RedHat Linux
RedHat Linux
added 2026/05/19 4:18 p.m.11 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.8AI score0.0046EPSS
Exploits10References9
RedHat Linux
RedHat Linux
added 2026/05/19 2:4 p.m.25 views

kernel: crypto: algif_aead - Revert to operating out-of-place

A flaw was found in the Linux kernel's algifaead cryptographic algorithm interface. An incorrect in-place operation causes source and destination data mappings to differ during cryptographic processing. A low-privileged local attacker can exploit this flaw to corrupt the contents of sensitive...

7.8CVSS7.2AI score0.96267EPSS
Exploits229References14
RedHat Linux
RedHat Linux
added 2026/05/18 12:37 p.m.15 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.8AI score0.0046EPSS
Exploits10References9
RedHat Linux
RedHat Linux
added 2026/05/18 9:26 a.m.13 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.8AI score0.0046EPSS
Exploits10References9
OSV
OSV
added 2026/05/18 7:43 a.m.4 views

SUSE-SU-2026:1939-1 Security update for PackageKit

This update for PackageKit fixes the following issue: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References3
RedHat Linux
RedHat Linux
added 2026/05/14 1:1 p.m.15 views

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

8.8CVSS5.7AI score0.0046EPSS
Exploits10References9
EUVD
EUVD
added 2026/05/11 8:21 p.m.12 views

EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 4:17 p.m.16 views

CVE-2026-42609

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

8.1CVSS0.00463EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.17 views

PT-2026-39836

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
CERT
CERT
added 2026/05/11 12:0 a.m.16 views

dnsmasq contains several vulnerabilities, including attacker DNS redirect, privilege escalation, and heap manipulation

Overview dnsmasq is affected by multiple memory safety and input validation vulnerabilities, including heap buffer overflows, heap corruption, and code execution flaws. Collectively, these vulnerabilities enable attackers to poison cached DNS records, bypass security controls, crash the dnsmasq...

8.8CVSS6.6AI score0.07237EPSS
Exploits4References8
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.11 views

SUSE SLES12 Security Update : PackageKit (SUSE-SU-2026:1701-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1701-1 advisory. This update for PackageKit fixes the following issue: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can le...

8.8CVSS6AI score0.0046EPSS
Exploits10References4
SUSE Linux
SUSE Linux
added 2026/05/06 7:42 a.m.5 views

Security update for PackageKit

This update for PackageKit fixes the following issue: CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220. Special Instructions and Notes: Patch Instructions: To install this SUSE update use the SUSE recommended installation methods...

9.3CVSS5.9AI score0.0046EPSS
Exploits10References4
OSV
OSV
added 2026/05/06 7:42 a.m.10 views

SUSE-SU-2026:1700-1 Security update for PackageKit

This update for PackageKit fixes the following issue: - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220...

8.8CVSS5.9AI score0.0046EPSS
Exploits10References3
Tenable Nessus
Tenable Nessus
added 2026/05/05 12:0 a.m.11 views

SUSE SLES16 Security Update : PackageKit (SUSE-SU-2026:21427-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:21427-1 advisory. - CVE-2026-41651: race condition allows for arbitrary RPM package installation as root and can lead to LPE bsc1262220. Tenable has extracte...

8.8CVSS6AI score0.0046EPSS
Exploits10References4
RedHat Linux
RedHat Linux
added 2026/04/30 4:40 p.m.45 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.5AI score0.00419EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/30 12:11 a.m.81 views

Exploit for CVE-2026-31431

CopyFail: CVE-2026-31431 Python implementation of copy.fail...

7.8CVSS5.3AI score0.96267EPSS
Exploits229
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

uutils coreutils has an Untrusted Search Path

A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam after entering the chroot but before dropping root privileges. On glibc-based systems, this can trigger the Name Service Switch NSS to load...

7.8CVSS6AI score0.00136EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/22 1:11 p.m.212 views

CVE-2026-41651

CVE-2026-41651 concerns PackageKit, a D-Bus abstraction layer for cross-distro package management. The vulnerability affects versions 1.0.2 through 1.3.4 and enables local privilege escalation via a TOCTOU race on transaction flags, allowing an unprivileged user to install packages as root (inclu...

8.8CVSS6AI score0.0046EPSS
Exploits10References22Affected Software1
Rows per page
Query Builder