Lucene search
K

1861 matches found

AlmaLinux
AlmaLinux
added 2026/05/19 12:0 a.m.11 views

Important: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7CVSS5.8AI score0.00188EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.10 views

SUSE SLED15 / SLES15 Security Update : sed (SUSE-SU-2026:1941-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1941-1 advisory. This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/05/18 7:44 a.m.9 views

Security update for sed

This update for sed fixes the following issue: CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...

6.9CVSS5.8AI score0.00142EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 7:44 a.m.5 views

SUSE-SU-2026:1941-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-41051

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories. CVE-2026-41051 Note...

5.1CVSS5.5AI score0.00075EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 8:16 p.m.19 views

CVE-2026-45675

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, lin...

8.1CVSS0.00354EPSS
Exploits1References3
OSV
OSV
added 2026/05/15 11:2 a.m.5 views

CLSA-2026-1778838399 golang: Fix of CVE-2026-32282

CVE-2026-32282: fix TOCTOU race in os.Root.Chmod on Linux that allowed symlink-based escapes from the restricted root by switching to fchmodat2 with /proc/self/fd fallback...

6.4CVSS7.1AI score0.00292EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.10 views

PT-2026-43463

Name of the Vulnerable Software and Affected Versions WWBN AVideo versions 29.0 and earlier Description Certain components, including EpgParser.php and plugin/AI/receiveAsync.json.php, fail to utilize the $resolvedIP out-parameter of the isSSRFSafeURL function for DNS pinning via CURLOPT RESOLVE...

6.5CVSS5.8AI score0.00136EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.11 views

Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI under open source. Versions of Open WebUI prior to 0.9.0 contained security vulnerabilities. These vulnerabilities were caused by TOCTOU race conditions in the LDAP and OAuth authentication processes, which could allow...

8.1CVSS5.8AI score0.00354EPSS
Exploits1References2
OSV
OSV
added 2026/05/14 8:28 p.m.5 views

GHSA-H3WW-Q6XX-W7X3 Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accounts

Summary The LDAP and OAuth authentication flows use a TOCTOU Time-of-Check-Time-of-Use pattern for first-user admin role assignment. The regular signup handler signuphandler in auths.py, line 663 was explicitly patched to prevent this race with the comment "Insert with default role first to avoid...

8.1CVSS5.8AI score0.00354EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.16 views

Amazon Linux 2 : PackageKit, --advisory ALAS2-2026-3282 (ALAS-2026-3282)

The version of PackageKit installed on the remote host is prior to 1.1.5-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3282 advisory. PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro,...

8.8CVSS6.1AI score0.0046EPSS
Exploits10References4
NVD
NVD
added 2026/05/13 1:1 p.m.9 views

CVE-2026-41051

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

5.1CVSS0.00075EPSS
Exploits0References1
OSV
OSV
added 2026/05/13 8:57 a.m.8 views

CLSA-2026-1778662651 libcap: Fix of CVE-2026-4878

CVE-2026-4878: capsetfile TOCTOU race via path-based xattr operations...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
CVE
CVE
added 2026/05/13 8:37 a.m.24 views

CVE-2026-41051

CVE-2026-41051 affects csync2 and is due to the use of insecure temporary directories when csync2 is compiled with C99 or later, enabling TOCTOU-style issues in temporary paths. Public records indicate the vulnerability impacts openSUSE Tumbleweed’s csync2 package in the 2.0+git.1600444747.83b364...

5.1CVSS5.8AI score0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 8:37 a.m.40 views

CVE-2026-41051 csync2 uses insecure temporary directories when compiled with C99 or later

csync2 uses insecure temporary directories when compiled with C99 or later, allowing for TOCTOU style attacks on the temporary directories...

5.1CVSS0.00075EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 3:28 p.m.4 views

CLSA-2026-1778599722 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.14 views

EUVD-2026-29087

Symbolic-link path traversal CWE-61, CWE-22 in pgAdmin 4 File Manager. checkaccesspermission used os.path.abspath, which resolves '..' but does not resolve symbolic links, while the subsequent kernel write follows symlinks. An authenticated user could plant a symbolic link inside their own storag...

8.1CVSS5.8AI score0.00359EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.9 views

openSUSE 16 Security Update : python-pytest (openSUSE-SU-2026:20692-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20692-1 advisory. This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain...

6.8CVSS5.9AI score0.0014EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/10 12:0 a.m.8 views

SUSE SLES12 Security Update : sed (SUSE-SU-2026:1699-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2026:1699-1 advisory. This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintend...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References4
OSV
OSV
added 2026/05/09 12:30 p.m.9 views

OESA-2026-2211 util-linux security update

The util-linux package contains a random collection of files that implements some low-level basic linux utilities. Security Fixes: util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References2
Rows per page
Query Builder