Lucene search
K

20914 matches found

NVD
NVD
added 2026/06/19 2:16 p.m.12 views

CVE-2026-39999

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

9.1CVSS0.00386EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:18 p.m.26 views

CVE-2026-49871

CVE-2026-49871 describes a Cross-Site Request Forgery (CSRF) vulnerability in the cas-auth plugin under default configurations in Apache APISIX versions 3.0.0–3.16.0. The issue allows a remote attacker who can lure a victim to a controlled webpage to cause the victim’s browser to become authentic...

9.3CVSS5.9AI score0.00261EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:17 p.m.5 views

CVE-2026-47341

Authentication Bypass by Capture-replay vulnerability in Apache APISIX. Attacker can benefit from certain configurations in hmac-auth to re-use a token forever, bypassing expiry. This issue affects Apache APISIX: from 3.11.0 through 3.16.0. Users are recommended to upgrade to version 3.17.0, whic...

6.3CVSS5.8AI score0.0043EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 1:10 p.m.8 views

EUVD-2026-38015

Incorrect Authorization vulnerability in Apache APISIX. An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source. This issue affects Apache APISIX: from 2.14.1 through 3.16.0. Users are recommended to upgrad...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 1:7 p.m.9 views

EUVD-2026-38013

Authentication Bypass by Spoofing vulnerability in Apache APISIX. The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin. This issue affects Apache APISIX: from v2.2 through v3.16.0. Users are recommended to upgrade to version v3.17.0, which...

7CVSS5.9AI score0.00386EPSS
Exploits0References1
Circl
Circl
added 2026/06/19 11:11 a.m.4 views

GHSA-8C59-HR4W-QG69

creationtimestamp| type| source ---|---|--- 2026-06-19 11:11:26+00:00| seen| https://gist.github.com/alon710/f7dddc065a286d49734bb0de9451848c 2026-06-19 11:22:09+00:00| seen| https://gist.github.com/alon710/be9211ec3a305ce39ef3284bab7182dd 2026-06-19 11:46:12+00:00| seen|...

5.8AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: arm64: hibernate: Fix level3 translation fault in swsuspsave On arm64 machines, swsuspsave faults if it attempts to access MEMBLOCKNOMAP memory ranges. This can be reproduced in QEMU using UEFI when booting with rodata=off...

7.8CVSS6.3AI score0.00238EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Use accesswidth instead of bitwidth for system memory accesses To align with ACPI 6.3+, since bitwidth can be any 8-bit value, it cannot be relied upon to always be at a clean 8-bit boundary. This issue was discovered...

5.5CVSS6.3AI score0.0021EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Firefox, Thunderbird, Expat, LibXMLTok

In doProlog, within xmlparse.c of the Expat library also known as libexpat, there is an integer overflow issue related to mgroupSize before version 2.4.3...

8.1CVSS8.1AI score0.03759EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Relative URLs that start with three slashes were incorrectly parsed. The “path-traversal” /../ part in the path could be used to override the specified host. This could lead to security issues in websites. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

6.5CVSS6.7AI score0.01406EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: SMB3: Added missing locks to protect the deferred close file list. The cifsdeldeferredclose function has a critical section that modifies the deferred close file list. We must acquire the deferredlock before calling the...

5.9AI score0.00168EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Python 3.7, PHP 7.3

The Keccak XKCP SHA-3 reference implementation, prior to the update of fdc6fef, has an integer overflow and resulting buffer overflow issue. This vulnerability allows attackers to execute arbitrary code or compromise the expected cryptographic properties of the algorithm. This issue occurs within...

9.8CVSS8AI score0.05193EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in gdcm

There is an out-of-bounds write vulnerability in the JPEG2000Codec::DecodeByStreamsCommon functionality of Mathieu Malaterre Grassroot DICOM 3.0.23. A specially crafted DICOM file can lead to a heap buffer overflow. An attacker can provide a malicious file to exploit this vulnerability...

9.8CVSS8.1AI score0.01474EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/radeon: add a force flush to delay work when radeon Although radeon card fence and wait for gpu to finish processing current batch rings, there is still a corner case that radeon lockup work queue may not be fully flushed, an...

5.5CVSS6.1AI score0.00238EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Wireshark

An infinite loop in the BitTorrent DHT dissector in Wireshark versions 3.6.0, 3.4.0, and 3.4.10 allows for denial of service through packet injection or malicious capture files...

7.5CVSS7.1AI score0.03879EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB before version 10.6.5 has a sqllex.cc integer overflow issue, which can lead to an application crash...

5.5CVSS7.2AI score0.00425EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.1 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15

A issue was discovered in the Linux kernel before version 6.3.2. A use-after-free was found in the renesasusb3remove function in drivers/usb/gadget/udc/renesasusb3.c...

7CVSS6.4AI score0.00536EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Disable coherent dumb buffers without 3D. Coherent surfaces make sense only if the host renders to them using accelerated APIs. Without 3D, all the content in dumb buffers remains on the guest, making all the addition...

5.5CVSS5.4AI score0.00177EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fixed NULL pointer dereferencing in ixgbexdpsetup The ixgbe driver currently causes a NULL pointer dereferencing with some machines online cpus ringfeatureRINGFFDIR.limit = count; This results in numqueues being set to 63...

5.5CVSS6.3AI score0.00239EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in PHP 7.3, PHP 8.1

Due to an incomplete fix for CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p, network and same-site attackers can set an insecure cookie in the victim’s browser. This cookie is treated as a Host- or Secure-cookie by PHP applications...

6.5CVSS6.6AI score0.3786EPSS
Exploits0References2
Rows per page
Query Builder