Lucene search
K

12658 matches found

RedHat Linux
RedHat Linux
added 2026/05/27 10:1 a.m.12 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
Microsoft CVE
Microsoft CVE
added 2026/05/27 8:1 a.m.33 views

net: skbuff: propagate shared-frag marker through frag-transfer helpers

...

8.8CVSS5.2AI score0.0013EPSS
Exploits7
RedhatCVE
RedhatCVE
added 2026/05/27 2:12 a.m.18 views

CVE-2026-7790

A flaw was found in ninenines cowlib, specifically within the cowhttpte module's chunked transfer-encoding parser. An unauthenticated remote attacker can exploit this by sending an HTTP/1.1 request containing a Transfer-Encoding: chunked header with an excessively long hexadecimal string in the...

8.7CVSS5.7AI score0.00431EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/27 1:27 a.m.12 views

[SECURITY] Fedora 43 Update: curl-8.15.0-7.fc43

curl is a command line tool for transferring data with URL syntax, supporting FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMA P, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

7.5CVSS6.8AI score0.01301EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43988

Name of the Vulnerable Software and Affected Versions IBM Aspera High-Speed Transfer Endpoint versions 3.7.4 through 4.4.7 Fix Pack 1 IBM Aspera High-Speed Transfer Server versions 3.7.4 through 4.4.7 Fix Pack 1 Description A buffer overflow exists in the asperahttpd component. This issue allows ...

8.8CVSS6.3AI score0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

IBM Aspera High-Speed Transfer Endpoint和IBM Aspera High-Speed Transfer Server 代码问题漏洞

IBM Aspera High-Speed Transfer Endpoint and IBM Aspera High-Speed Transfer Server are products of American International Business Machines Corporation IBM. The IBM Aspera High-Speed Transfer Endpoint is a high-speed file transfer and data exchange node service. The IBM Aspera High-Speed Transfer...

7.5CVSS5.9AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43991

IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affected by a potential arbitrary file read in the asperahttpd component. An authenticated user may be ab...

6.5CVSS5.9AI score0.00325EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.10 views

PT-2026-43730

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the dw i3c master i2c xfers function. The function allocates memory for the xfer structure via dw i3c master alloc xfer, but if the pm runtime resume and get...

5.4AI score0.00155EPSS
Exploits0References13
Packet Storm News
Packet Storm News
added 2026/05/27 12:0 a.m.24 views

Refusal Before Decoding: Detecting and Exploiting Refusal Signals in Intermediate LLM Activations

In this paper, we investigate whether refusal behavior can be predicted from LLM intermediate activations before decoding using linear probes trained on residual stream activations at each transformer block. We find that refusal is linearly decodable well before the final layer, indicating that...

5.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44131

Name of the Vulnerable Software and Affected Versions crowdsec versions prior to 1.7.8 Description The AppSec component fails to read the HTTP request body when the Content-Length is not positive. This occurs specifically with HTTP/1.1 requests using Transfer-Encoding: chunked and HTTP/2 requests...

7.2CVSS5.9AI score0.00038EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.34 views

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50287)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50287 advisory. - net: skbuff: propagate shared-frag marker through frag-transfer helpers Hyunwoo Kim Orabug: 39420565 CVE-2026-46300 Tenable has extracted the preceding...

7.8CVSS5.8AI score0.03663EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.10 views

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2026-50288)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50288 advisory. - net: skbuff: propagate shared-frag marker through frag-transfer helpers Hyunwoo Kim Orabug: 39420568 CVE-2026-46300 Tenable has extracted the preceding...

7.8CVSS5.8AI score0.03663EPSS
Exploits11References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2026-50286)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2026-50286 advisory. - net: skbuff: propagate shared-frag marker through frag-transfer helpers Hyunwoo Kim Orabug: 39420559 CVE-2026-46300 Tenable has extracted the preceding...

7.8CVSS5.8AI score0.03663EPSS
Exploits11References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/26 9:30 p.m.10 views

Security Bulletin: Authentication bypass vulnerability found in Aspera High-Speed Transfer Server for Cloud Pak for Integration (CP4I)

Summary IBM Aspera High-Speed Transfer Server for Cloud Pak for Integration CP4I 1.5.20 has addressed an authentication vulnerability that may allow access to files in the local server storage. Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server for CP4i i...

9.1CVSS5.8AI score0.00312EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/26 5:16 p.m.9 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 5:11 p.m.9 views

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

7.3CVSS5.8AI score0.00252EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/26 3:50 p.m.8 views

CVE-2025-36145

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/26 3:50 p.m.30 views

CVE-2025-36145 Multiple Vulnerabilities in watsonx.data

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/26 3:50 p.m.7 views

CVE-2025-36145 Multiple Vulnerabilities in watsonx.data

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/26 3:50 p.m.8 views

EUVD-2025-209935

IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions...

5.4CVSS5.8AI score0.00166EPSS
Exploits0References1
Rows per page
Query Builder