Lucene search
K

3716 matches found

Cvelist
Cvelist
added 2026/06/24 4:30 p.m.26 views

CVE-2026-53069 net, bpf: fix null-ptr-deref in xdp_master_redirect() for down master

In the Linux kernel, the following vulnerability has been resolved: net, bpf: fix null-ptr-deref in xdpmasterredirect for down master syzkaller reported a kernel panic in bondrrgenslaveid reached via xdpmasterredirect. Full decoded trace: https://syzkaller.appspot.com/bug?extid=80e046b8da2820b6ba...

7.5CVSS0.00385EPSS
Exploits0References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the stackmap overflow check in bpfgetstackid Syzkaller reported a KASAN vulnerability related to out-of-bounds write operations in bpfgetstackid, when copying stack trace data. This issue occurs when the perf trace...

5.9AI score0.00157EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ipv6: ioam: Fixed a heap buffer overflow in ioam6fillTraceData. In the receive path, ioam6fillTraceData uses trace-nodelen to determine how much data to write for each node. It relies on this field directly from the incoming...

9.8CVSS6AI score0.00642EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: perf: sched: Fixed a crash in perf when using the new isusertask helper. To obtain a user space stacktrace, the current task must be a user task that has executed in user space. It was previously possible to determine whether a...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51963

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A null-pointer dereference exists in the xdp master redirect function. This occurs when the function attempts to call the master's ndo xdp get xmit slave while the master device is not u...

7.5CVSS5.7AI score0.00385EPSS
Exploits0References9
NVD
NVD
added 2026/06/22 12:16 a.m.9 views

CVE-2026-12823

A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the publ...

4.8CVSS0.00115EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/21 11:45 p.m.5 views

CVE-2026-12823 Browserbase Skills Autobrowse Trace Artifact default permission

A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the publ...

4.8CVSS5.4AI score0.00115EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/21 11:45 p.m.39 views

CVE-2026-12823 Browserbase Skills Autobrowse Trace Artifact default permission

A security flaw has been discovered in Browserbase Skills up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the publ...

4.8CVSS0.00115EPSS
Exploits0References6
CVE
CVE
added 2026/06/21 11:45 p.m.16 views

CVE-2026-12823

Technical details about CVE-2026-12823 (affected product, vulnerable component, impact, remediation) are not publicly provided in the supplied documents. Monitor for updates.

4.8CVSS5.4AI score0.00115EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.16 views

PT-2026-51265

Name of the Vulnerable Software and Affected Versions Browserbase versions prior to 20260526 Description An issue exists in the Autobrowse Trace Artifact Handler component where a flaw in an unknown function allows for the manipulation of default permissions, resulting in incorrect permission...

4.8CVSS5.8AI score0.00115EPSS
Exploits0References13
GithubExploit
GithubExploit
added 2026/06/20 3:43 a.m.121 views

ghidra-12.1.2-rce-ace-calc-poc

Ghidra 12.1.2 Conditional ACE/RCE Calc PoCs This repository p...

6.5AI score
Exploits0
OSV
OSV
added 2026/06/19 10:10 p.m.21 views

GHSA-F4XH-W4CJ-QXQ8 LangSmith SDK TracingMiddleware: Arbitrary server-side file read

Summary An attacker who can send an HTTP request to a server running the LangSmith SDK's TracingMiddleware can cause that server to read an arbitrary file from its local filesystem and upload the contents to LangSmith as a trace attachment. Depending on how the distributed trace system is deploye...

7.7CVSS6AI score0.00174EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 9:15 p.m.4 views

GHSA-GX93-M64W-5M6H Allure Report: Stored XSS via unescaped ANSI helper in status message/trace rendering

Summary The ansi.js Handlebars helper in allure-generator passes user-controlled statusMessage and statusTrace values from test result files through the ansi-to-html library and wraps the output in Handlebars SafeString without HTML escaping. Since ansi-to-html does not escape HTML entities by...

6.1CVSS6AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.6 views

PT-2026-55945

Name of the Vulnerable Software and Affected Versions LangSmith Client SDKs versions prior to 0.8.18 Description An issue exists in the TracingMiddleware where an attacker can send an HTTP request to a server to force the reading of an arbitrary file from the local filesystem. The contents of the...

7.7CVSS6.2AI score0.00174EPSS
Exploits0References11
OSV
OSV
added 2026/06/18 3:5 p.m.6 views

GHSA-W5CV-PW74-4RXC opentelemetry-collector-contrib: githubreceiver silently ignores configured required_headers authentication

githubreceiver Silently Ignores Configured requiredheaders Authentication Summary The githubreceiver webhook handler does not enforce the requiredheaders configuration. Headers are validated at startup config rejects empty keys/values but never checked on incoming requests. This follows the same...

6.9CVSS5.5AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/10 12:0 a.m.30 views

Runtime Skill Audit: Targeted Runtime Probing for Agent Skill Security

Agent skills let LLM agents reuse instructions, resources, tools, and workflows, but they also create a new place for malicious behavior to hide. A skill may look benign in its documentation or code while becoming harmful only when it is invoked with particular user requests, local assets,...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-52611

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.5AI score0.00157EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.12 views

CVE-2026-41004

A flaw was found in Spring Cloud Config Server. When trace logging is enabled, sensitive information is inadvertently written in plain text to the logs. A highly privileged local user could exploit this vulnerability to gain unauthorized access to confidential data, leading to information...

4.4CVSS5AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-2652

A flaw was found in mlflow. When the mlflow server is configured with basic authentication and served via uvicorn, an architectural mismatch in the FastAPI permission middleware allows unauthenticated remote attackers to bypass authentication on specific routes. This bypass enables attackers to...

8.6CVSS7.2AI score0.01502EPSS
Exploits1References5
EUVD
EUVD
added 2026/06/04 11:41 a.m.10 views

EUVD-2025-210059

HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability. The error occurs due to an undefined property being accessed in the application's JavaScript code. Specifically, the code attempts to read the property dashboard key from an object that is undefined...

4.3CVSS5.9AI score0.00157EPSS
Exploits0References1
Rows per page
Query Builder