Lucene search
K

48572 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: Check ctr-cnr to avoid array index out of bounds. cmtpaddconnection adds a CMTP session to a controller and runs a kernel thread to process CMTP. modulegetTHISMODULE; session-task = kthreadruncmtpsession, session,...

7.8CVSS6.1AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed the use-of-free issue in session logout. The sess-user object may currently be used by another thread. For example, if another connection sends a session setup request to make the session available for use. The handl...

7.8CVSS6.5AI score0.00354EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: ipvti: A potential issue related to slab-use-after-free has been fixed in decodesession6. When the ipvti device is set as a qdisc of the sfb type, the cb field of the sent skb may be modified during enqueueing. This can lead to a...

7.8CVSS5.6AI score0.00139EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ksmbd: Fixed a use-after-free issue in multi-channel connections. There is a race condition between the session setup process and the ksmbdsessionsderegister function. The session can be freed before the connection is added to...

8.8CVSS6.3AI score0.00571EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: smb/server: A possible reference count leak in smb2sesssetup has been fixed. The reference count of ksmbdsession will leak when the session requires reconnection. This issue has been fixed by adding the missing ksmbdusersessionpu...

5.7AI score0.00171EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: smb/server: The function ksmbdsessionrpcclose is called on the error path in the createsmb2pipe function. When the ksmbdiovpinrsp function fails, we should call ksmbdsessionrpcclose...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fixed a race condition in hidpsessionthread. There is a potential race condition in hidpsessionthread that may lead to a use-after-free. For example, the timer is active while hidpdeltimer is called in hidpsessionthrea...

6.1AI score0.00184EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The overflow check in the probe session-duplication function increased the session count, even when there were no more available sessions. This could lead to corruption of memory beyon...

7.8CVSS6.1AI score0.00201EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/19 3:54 a.m.8 views

CVE-2026-12046

A flaw was found in pgAdmin 4. Critical functions within the SQL Editor blueprint lacked proper authentication, allowing a remote attacker to bypass security controls. When combined with specific preconditions, such as knowledge of the Flask SECRETKEY and write access to the sessions directory,...

9.5CVSS6.6AI score0.00715EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/19 3:39 a.m.7 views

CVE-2026-12050

A flaw was found in pgAdmin 4. An authenticated user with an active PostgreSQL session could exploit a SQL injection vulnerability in the named restore point endpoint. This allows the user to execute arbitrary SQL statements through an unexpected path. While this does not grant additional...

8.8CVSS6.1AI score0.00245EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-50980

Name of the Vulnerable Software and Affected Versions Tilt versions 0.20.8 through 0.37.3 Description The HUD HTTP server lacks authentication for state-changing and sensitive-read endpoints. When the HUD is bound to a non-loopback address, a network attacker can trigger pre-defined Tiltfile...

9.2CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50894

Name of the Vulnerable Software and Affected Versions Apache APISIX versions 3.0.0 through 3.16.0 Description An open redirect issue exists where an attacker can manipulate client headers, specifically the Host header in the cas-auth plugin, to influence the CAS service URL. This can lead to the...

7.2CVSS5.9AI score0.00409EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50978

Name of the Vulnerable Software and Affected Versions Tilt versions 0.19.5 through 0.37.3 Description The Tilt HUD server mounts Go's net/http/pprof handlers under the '/debug' endpoint without access control. When the HUD is network-exposed, an unauthenticated caller can read process memory via...

8.3CVSS6AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.6 views

Lexmark Printers Cross-site Scripting (CVE-2019-18791)

Lexmark printer MS812 and multiple older generation Lexmark devices have a stored XSS vulnerability in the embedded web server. The vulnerability can be exploited to expose session credentials and other information via the users web browser. This plugin only works with Tenable.ot. Please visit...

5.4CVSS6.1AI score0.00527EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51022

Name of the Vulnerable Software and Affected Versions Node.js version 22 Node.js version 24 Node.js version 26 Description A flaw in the Node.js HTTP Agent allows a client to accept a response as valid even if it was sent before the client transmitted the request. This issue has caused real-world...

4.3CVSS5.8AI score0.00336EPSS
Exploits1References82
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.11 views

PT-2026-50979

Name of the Vulnerable Software and Affected Versions Tilt versions 0.24.0 through 0.37.3 Description The Tilt HUD WebSocket endpoint /ws/view is susceptible to Cross-site WebSocket Hijacking CSWSH, a technique where an attacker tricks a victim's browser into establishing a WebSocket connection t...

8.3CVSS5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.12 views

PT-2026-51100

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.7.0 Description The logout button fails to clear the user session, allowing a previous user to remain logged in unless another user explicitly authenticates. This occurs because the '/logout' endpoint deletes...

6.1CVSS5.9AI score0.00152EPSS
Exploits1References10
Cvelist
Cvelist
added 2026/06/18 7:26 p.m.15 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
NVD
NVD
added 2026/06/18 7:16 p.m.11 views

CVE-2026-9692

Mojolicious::Sessions::Storable versions through 0.05 for Perl generate session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, the heap address of an anonymous hash, and the PID. These are predictable or low-entropy...

5.3CVSS0.00274EPSS
Exploits0References4
Metasploit
Metasploit
added 2026/06/18 7:1 p.m.107 views

HP Poly Voice Unauthenticated Remote Code Execution

CVE-2026-0826 is a critical unauthenticated stack-based buffer overflow vulnerability affecting all models in the VVX series VVX 150, VVX 250, VVX 350, and VVX 450, as well as three models from the Trio IP Conference series Trio 8800, Trio 8500, and Trio 8300. A remote attacker can leverage...

9.2CVSS6.6AI score0.26468EPSS
Exploits3
Rows per page
Query Builder