Lucene search
K

41 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Firmware: armffa: Fixed FFA device names for logical partitions. Each physical partition can provide multiple services, each with a unique UUID. Each such service can be represented as a logical partition with a unique combinatio...

5.5CVSS5.8AI score0.00136EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44379

MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...

5.3CVSS5.6AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 3:16 p.m.16 views

CVE-2026-9712

When creating an export through the pretix API, API clients are returned an UUID value for their export job a long, random string like 35742818-c375-4d15-839f-d49aecce94d6. Using this UUID, the API client can then request the actual file for download. The same kind of UUID is used in other places...

7CVSS0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41877

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An Insecure Direct Object Reference IDOR flaw exists in the Authorization Services Protection API endpoint. An authenticated client can bypass authorization checks by providing the unique...

6.8CVSS5.8AI score0.00303EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/23 4:0 a.m.3 views

CVE-2026-41988

uuid before 14.0.0 can make unexpected writes when external output buffers are used, and the UUID version is 3, 5, or 6. In particular, UUID version 4, which is very commonly used, is unaffected by this issue...

3.2CVSS5.7AI score0.00138EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.7 views

PT-2026-34639

Name of the Vulnerable Software and Affected Versions uuid versions prior to 14.0.0 Description Unexpected writes can occur when external output buffers are used and the UUID version is 3, 5, or 6. Recommendations Update to version 14.0.0 or later...

3.2CVSS5.2AI score0.00138EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/06 11:57 a.m.5 views

CVE-2026-31410

A flaw was found in ksmbd in the Linux kernel. This vulnerability occurs because ksmbd incorrectly uses a fallback identifier when a volume's Universal Unique Identifier UUID is not available in FSOBJECTIDINFORMATION. This could lead to improper volume identification...

5.8AI score0.00164EPSS
Exploits0References4
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.191 views

HTTPS Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/vncinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.244 views

HTTPS Fetch, Windows Command Shell, Reverse UDP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Spawn a piped command shell staged. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/shell/reverseudp msf payloadreverseudp show actions ...actions... msf payloadreverseudp set ACTION msf...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.133 views

HTTPS Fetch, Windows shellcode stage, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/https/x86/custom/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION msf...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.146 views

HTTPS Fetch, Windows shellcode stage, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTPS server. Custom shellcode stage. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/https/x86/custom/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.155 views

HTTP Fetch, Bind IPv6 TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Listen for an IPv6 connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/bindipv6tcpuuid msf payloadbindipv6tcpuuid show actions ...actions... msf payloadbindipv6tcpuuid set ACTION msf...

5.5AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.175 views

HTTP Fetch, Windows Command Shell, Bind TCP Stager with UUID Support (Windows x86)

Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Listen for a connection with UUID Support Windows x86 Module Options msf use payload/cmd/windows/http/x86/shell/bindtcpuuid msf payloadbindtcpuuid show actions ...actions... msf payloadbindtcpuuid set ACTION...

5.8AI score
Exploits0
Metasploit
Metasploit
added 2026/04/02 7:2 p.m.180 views

HTTP Fetch, Reverse TCP Stager with UUID Support

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker with UUID Support Module Options msf use payload/cmd/windows/http/x86/patchupdllinject/reversetcpuuid msf payloadreversetcpuuid show actions ...actions... msf payloadreversetcpuuid set ACTION msf...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/03/12 10:54 a.m.3 views

CVE-2026-2366

A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker knows the victim'...

3.1CVSS5.8AI score0.00275EPSS
Exploits0References5
Veracode
Veracode
added 2026/02/23 7:51 a.m.7 views

Insecure Direct Object Reference (IDOR)

pretix is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to improper authorization checks on file access endpoints, which allows an attacker to retrieve sensitive files of other users by supplying a known UUID...

7CVSS6AI score0.00226EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/02/03 3:16 p.m.5 views

CVE-2025-65017

Decidim is a participatory democracy framework. In versions from 0.30.0 to before 0.30.4 and from 0.31.0.rc1 to before 0.31.0, the private data exports can lead to data leaks in case the UUID generation, causing collisions for the generated UUIDs. This issue has been patched in versions 0.30.4 an...

8.2CVSS0.00262EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/24 7:36 p.m.5 views

CVE-2021-47720

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS8.1AI score0.003EPSS
Exploits1References1
CVE
CVE
added 2025/12/23 7:34 p.m.13 views

CVE-2021-47720

Orangescrum 1.8.0 is affected by an authenticated SQL injection via multiple parameters (old_project_id, project_id, uuid, uniqid). The root cause is insufficient validation of input parameters, allowing attackers with authorization to manipulate database queries and potentially extract or modify...

8.7CVSS7.6AI score0.003EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/23 7:34 p.m.35 views

CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

8.7CVSS0.003EPSS
Exploits1References3
Rows per page
Query Builder