Lucene search
K

48572 matches found

CVE
CVE
added 2026/06/19 1:16 p.m.11 views

CVE-2026-48895

CVE-2026-48895 describes an open redirect in Apache APISIX (affected versions 3.0.0–3.16.0). The issue allows manipulation of certain client headers to redirect to an untrusted site, with potential exposure of session tokens. The advisory recommends upgrading to version 3.17.0, which contains the...

7.2CVSS5.8AI score0.00409EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:16 p.m.7 views

EUVD-2026-38023

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Apache APISIX. The attacker could manipulate some client headers to perform an open-redirect, to potentially expose the session token. This issue affects Apache APISIX: from 3.0.0 through 3.16.0. Users are recommended to upgrade t...

2.1CVSS5.8AI score0.00409EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:10 p.m.10 views

CVE-2026-47339

CVE-2026-47339 affects Apache APISIX (authz-casdoor plugin). Under default configuration, it allows an attacker to authenticate using credentials from a different source, indicating an incorrect authorization vulnerability across versions 2.14.1 through 3.16.0. The risk is described as high (per ...

8.1CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/19 1:10 p.m.31 views

CVE-2026-47339 Apache APISIX: authz-casdoor incorrect session sharing

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS0.00285EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: The issue related to “slab-use-after-free” in smb3preauthhashrsp has been fixed. The function ksmbdusersessionput should be called under smb3preauthhashrsp. This will prevent freeing a session before calling...

7.8CVSS6.7AI score0.00243EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability was discovered in iscsiswtcpsessioncreate in drivers/scsi/iscsitcp.c within the SCSI sub-component of the Linux kernel. This flaw allows an attacker to access internal kernel information...

5.5CVSS6.7AI score0.00249EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fixed a reference count leak when an invalid session is found during session lookup. When a session is found, but its state is not SMB2SESSIONVALID, it indicates that no valid session was found. However, the reference coun...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Firefox, Thunderbird

A use-after-free might have occurred when an HTTP2 session object was released on a different thread, resulting in memory corruption and potentially exploitable crashes. This vulnerability affects Firefox 93, Thunderbird 91.3, and Firefox ESR 91.3...

8.8CVSS8.1AI score0.0111EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the race condition issue caused by session lookup and expiration. The session reference count was incremented within the lock during the lookup operation, thereby avoiding the race condition related to session...

8.1CVSS6.2AI score0.00449EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: smb: client: fix double-free of TCPServerInfo::hostname When shutting down the server in cifsputtcpsession, the cifsd thread might reconnect to multiple DFS targets before realizing that it should exit the loop. As a result,...

5.5CVSS6.4AI score0.002EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARNONONCE in j1939sessiondeactivate The statement “j1939sessiondeactivate should be called with a session ref-count of at least 2” is incorrect. In some concurrent scenarios, j1939sessiondeactivate can be...

5.5CVSS6.2AI score0.00226EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux - Vulnerability in Golang-1.19

Large handshake records can cause panics in the crypto/TLS context. Both clients and servers may send large TLS handshake records, which can cause both servers and clients to panic when attempting to construct responses. This issue affects all TLS 1.3 clients, TLS 1.2 clients that explicitly enab...

7.5CVSS6.8AI score0.01111EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the issue where a memory leak occurred after the session was logged off. There is an issue between the SMB2 session logging-off process and the SMB2 session setup process. This issue causes a memory leak after the...

7.8CVSS6.4AI score0.00209EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a dangling pointer in krbauthenticate. krbauthenticate frees sess-user and does not set the pointer to NULL. It calls ksmbdkrb5authenticate to reinitialise sess-user, but that function may return without doing so...

7.8CVSS6.3AI score0.00472EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939sessionactivate fail if the device is no longer registered. The syzbot still reports that unregisternetdevice: waiting for vcan0 to become free. Usage count = 2. Even after commit 93a27b5891b8 “can: j1939: a...

5.5CVSS5.6AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: cifs: Fixed a mid leak that occurred during reconnection after a timeout threshold. When the number of responses with the status STATUSIOTIMEOUT exceeds a specified threshold NUMSTATUSIOTIMEOUT, we reconnect the connection...

5.5CVSS5.2AI score0.00136EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

A issue was discovered in the Linux kernel through version 5.16.11. The mixed IPID assignment method, combined with the hash-based IPID assignment policy, allows an off-path attacker to inject data into a victim’s TCP session or terminate that session...

5.9CVSS6.3AI score0.00678EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: can: j1939: prevents deadlock by changing j1939sockslock to rwlock. The following 3 locks may race against each other, causing a deadlock situation in the Syzbot bug report: - j1939sockslock - activesessionlistlock -...

5.5CVSS6.2AI score0.00185EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in xrdp

XRDPT is an open-source remote desktop protocol RDP server. In versions prior to 0.9.23, improper handling of session establishment errors allowed bypassing OS-level session restrictions. The authstartsession function could return a non-zero value 1 in the event of, for example, PAM errors. This...

6.5CVSS6.5AI score0.00728EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

A flaw was discovered in the ksmbd component of the Linux kernel, a high-performance in-kernel SMB server. The specific flaw occurs during the processing of SMB2SESSIONSETUP and SMB2LOGOFF commands. The issue arises due to the lack of proper locking when performing operations on an object. An...

8.1CVSS6.7AI score0.02393EPSS
Exploits0References2
Rows per page
Query Builder