Lucene search
K

5388 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fixed the interrupt exit race issue with security mitigation switches. The RFI and STF security mitigation options can simultaneously alter the interruptexitnotreentrant static branch condition during the...

4.7CVSS6AI score0.00179EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Networks: DSA: QCA8K: resetting the CPU port when the MTU changes. It was discovered that the documentation lacks a fundamental detail regarding how to correctly change the MAXFRAMESIZE of the switch. In fact, if the MAXFRAMESIZE...

5.5CVSS5.8AI score0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 1:47 p.m.7 views

EUVD-2026-37891

Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache...

8.1CVSS5.4AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 4:16 a.m.16 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/18 3:34 a.m.24 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 3:34 a.m.13 views

EUVD-2026-37834

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/18 3:34 a.m.12 views

CVE-2026-12505 Cifs-utils: local privilege escalation via forged cifs.spnego key description in cifs.upcall

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/06/18 3:34 a.m.7 views

CVE-2026-12505

A flaw was found in the cifs-utils package where the cifs.upcall helper fails to securely drop its root privileges before looking up user information inside a user-controlled environment. A local, low privileged attacker can exploit this by using a crafted requestkey payload to trick the root-own...

7.8CVSS6.1AI score0.0012EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.15 views

PT-2026-50619

Name of the Vulnerable Software and Affected Versions cifs-utils affected versions not specified Description A flaw exists in the cifs.upcall helper that fails to securely drop root privileges before performing user information lookups within a user-controlled environment. A local, low-privileged...

7.8CVSS6.1AI score0.0012EPSS
Exploits0References26
Github Security Blog
Github Security Blog
added 2026/06/16 11:41 p.m.8 views

Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw

Summary Two related issues in the token public-only scope enforcement introduced by PR 32204 CVE-2025-68941 fix. A public-only scoped API token can access private organization data. Issue 1: /user/orgs missing checkTokenPublicOnly routers/api/v1/api.go line 1599: go m.Get"/user/orgs", reqToken,...

5.3CVSS7.6AI score0.00271EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/16 10:16 a.m.16 views

CVE-2026-5416

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.00771EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 8:18 a.m.14 views

CVE-2026-5416

The CVE-2026-5416 entry describes a command injection in a Managed Ethernet Switch caused by improper neutralization of special elements in a name parameter. It results in full system compromise with network-based, low-privilege, no-user-interaction exploitation (per CVSS 4.0/3.1 vectors). Connec...

8.8CVSS5.4AI score0.00771EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 8:18 a.m.30 views

CVE-2026-5416 Command Injection via name parameter

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS0.00771EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 8:18 a.m.10 views

EUVD-2026-37042

Due to the improper neutralization of special elements used in a name parameter a low privileged remote attacker can exploit a command injection vulnerability in the Managed Ethernet Switch, resulting in full system compromise...

8.8CVSS5.5AI score0.00771EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.17 views

PT-2026-50135

Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An issue exists in the token public-only scope enforcement where a public-only scoped API token can access private organization data. This occurs due to two flaws: the endpoint '/user/orgs' is...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References8
NVD
NVD
added 2026/06/15 12:16 p.m.13 views

CVE-2026-34024

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/15 10:3 a.m.34 views

CVE-2026-34024 Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS0.00304EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/06/15 10:3 a.m.7 views

CVE-2026-34024 Missing authorization checks in Wertheim SafeController Software allow low-privileged users to access restricted functions

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS5.4AI score0.00304EPSS
Exploits1References2
CVE
CVE
added 2026/06/15 10:3 a.m.23 views

CVE-2026-34024

The CVE-2026-34024 entry concerns Wertheim SafeController Software (AssemblyVersion 6.15.8328.28014). The underling issue is missing authorization checks on multiple web endpoints, allowing an authenticated attacker with low privileges to access endpoints not visible in the frontend but directly ...

8.6CVSS5.5AI score0.00304EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/15 10:3 a.m.10 views

EUVD-2026-36707

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, contains missing authorization checks on multiple web application endpoints. An authenticated attacker with minimal privileges can access endpoints that are not visible in the frontend but remain directly reachable. This allow...

8.6CVSS5.5AI score0.00304EPSS
Exploits1References2
Rows per page
Query Builder