Lucene search
+L

387 matches found

EUVD
EUVD
added 3 hours ago4 views

EUVD-2026-45694

In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6siocdevprivate. After patch 1/2 in this series, vti6update unlinks and relinks the tunnel through t-net. vti6siocdevprivate still uses devnetdev for the collision lookup. For a tunnel moved through...

5.5AI score
Exploits0References9
NVD
NVD
added 6 hours ago3 views

CVE-2026-63921

In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6siocdevprivate. After patch 1/2 in this series, vti6update unlinks and relinks the tunnel through t-net. vti6siocdevprivate still uses devnetdev for the collision lookup. For a tunnel moved through...

Exploits0References8
NVD
NVD
added 6 hours ago4 views

CVE-2026-63917

In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6tnl.net in vti6changelink. ip netns add ns1 ip netns add ns2 ip -n ns1 link add vti6test type vti6 remote ::1 local ::2 key 7 ip -n ns1 link set vti6test netns ns2 ip -n ns2 link set vti6test type vti6 remote ::3...

Exploits0References8
Positive Technologies
Positive Technologies
added 22 hours ago6 views

PT-2026-61234

In the Linux kernel, the following vulnerability has been resolved: ip6: vti: Use ip6 tnl.net in vti6 changelink. ip netns add ns1 ip netns add ns2 ip -n ns1 link add vti6 test type vti6 remote ::1 local ::2 key 7 ip -n ns1 link set vti6 test netns ns2 ip -n ns2 link set vti6 test type vti6 remot...

5.4AI score
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.9 views

CVE-2026-53075

A flaw was found in the Linux kernel's Point-to-Point Protocol PPP subsystem. A local unprivileged user can exploit this vulnerability by creating a new user namespace and bypassing authorization checks for unattached administrative input/output controls ioctls. This allows the user to perform...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53075

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative...

8.8CVSS6AI score0.00182EPSS
Exploits1References3
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-53075

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

8.8CVSS0.00182EPSS
Exploits1References8
EUVD
EUVD
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38943

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

5.7AI score0.00182EPSS
Exploits1References8
CVE
CVE
added 2026/06/24 4:30 p.m.13 views

CVE-2026-53075

The CVE-2026-53075 issue affects the Linux kernel PPP subsystem. A local unprivileged user can create a new user namespace (CLONE_NEWUSER), obtain CAP_NET_ADMIN only in that namespace, and still perform unattached PPP administrative IOCTLs (PPPIOCNEWUNIT, PPPIOCATTACH, PPPIOCATTCHAN) against an i...

8.8CVSS5.7AI score0.00182EPSS
Exploits1References8
OSV
OSV
added 2026/06/24 4:30 p.m.3 views

CVE-2026-53075 ppp: require CAP_NET_ADMIN in target netns for unattached ioctls

In the Linux kernel, the following vulnerability has been resolved: ppp: require CAPNETADMIN in target netns for unattached ioctls /dev/ppp open is currently authorized against file-fcred-userns, while unattached administrative ioctls operate on current-nsproxy-netns. As a result, a local...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.15 views

PT-2026-51969

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Point-to-Point Protocol PPP implementation where /dev/ppp open is authorized against file-f cred-user ns, while unattached administrative ioctls operate on...

8.8CVSS5.8AI score0.00182EPSS
Exploits1References153
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.16 views

SUSE CVE-2026-46120

In the Linux kernel, the following vulnerability has been resolved: ip6gre: Use cached t-net in ip6erspanchangelink. After commit 5e72ce3e3980 "net: ipv6: Use link netns in newlink of rtnllinkops", ip6erspannewlink correctly resolves the per-netns ip6gre hash via linknet. ip6erspanchangelink was...

7.8CVSS5.8AI score0.00126EPSS
Exploits0References56
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Shadow

A vulnerability was discovered in Shadow 4.5. The newgidmap function part of shadow-utils is setuid, allowing an unprivileged user to be placed in a user namespace where setgroups2 is allowed. This enables an attacker to remove themselves from a supplementary group, potentially granting them acce...

5.3CVSS6.3AI score0.01596EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in firejail

A privilege context switching issue was discovered in the join.c file of Firejail 0.9.68. By creating a fake Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment where the Linux user namespace remains the initial user...

7.8CVSS6.5AI score0.00382EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux

A heap out-of-bounds write that affects Linux since v2.6.19-rc1 was discovered in net/netfilter/xtables.c. This vulnerability allows an attacker to gain privileges or cause a Denial-of-Service attack through heap memory corruption by manipulating the user name space...

8.3CVSS6.3AI score0.78684EPSS
Exploits21References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in docker.io

In Docker versions prior to 9.03.15 and 20.10.3, there is a vulnerability related to the --userns-remap option. This option allows access to the remapped root directory, enabling privilege escalation to the actual root directory. When using --userns-remap, if the root user in the remapped namespa...

6.8CVSS6.9AI score0.01065EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 6:11 a.m.10 views

BIT-GITLAB-2026-4527 Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...

6.5CVSS5.8AI score0.00153EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/14 9:0 p.m.10 views

CVE-2026-45781 MCP Registry: OCI ownership validation fails open on upstream rate limits, allowing attacker-controlled package claims

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...

3.5CVSS5.8AI score0.00206EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/14 7:27 a.m.211 views

Exploit for CVE-2026-46300

Security Research & Legal Disclaimer This repository is for educ...

6AI score0.03663EPSS
Exploits11
Vulnrichment
Vulnrichment
added 2026/05/14 5:34 a.m.9 views

CVE-2026-4527 Cross-Site Request Forgery (CSRF) in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.10 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to create unauthorized Jira subscriptions for a targeted user's namespace via a specially crafted link due...

6.5CVSS5.8AI score0.00153EPSS
Exploits0References3
Rows per page
Query Builder