Lucene search
K

2621 matches found

Snyk
Snyk
added 2026/06/05 4:20 p.m.6 views

Race Condition

Overview nocodb is a NocoDB Affected versions of this package are vulnerable to Race Condition through a race condition in the OAuth token exchange. An attacker can obtain multiple valid token pairs by making concurrent requests using the same authorization code and PKCE verifier. Remediation...

6.3CVSS5.4AI score0.00197EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Red Hat Quay 安全漏洞

Red Hat Quay is a container image repository platform operated by the American company Red Hat. Red Hat Quay has a security vulnerability; this vulnerability stems from the fact that GitLab’s OAuth verifier transmits sensitive credentials as plain-text parameters in URL queries, which may lead to...

2.7CVSS5.8AI score0.00196EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-45903

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 bpf: verifier: Refactor helper access type tracking, the verifier started relying on...

7.1CVSS6.1AI score0.00157EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/28 6:34 p.m.10 views

CVE-2026-45041 RustFS: Hard-coded RSA private key in license verifier permits arbitrary license forgery

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TESTPRIVATEKEY and uses it in production via parselicense to "verify" license tokens. Because the key is embedded in every...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:34 p.m.21 views

CVE-2026-45041

CVE-2026-45041 affects RustFS prior to 1.0.0-beta.2, where crates/appauth/src/token.rs embeds a 2048-bit RSA private key (TEST_PRIVATE_KEY) as a string constant and uses it in production to verify licenses. This allows anyone who can read the source or extract the key from binaries to mint arbitr...

8.7CVSS5.9AI score0.00239EPSS
Exploits0References1
PyPA
PyPA
added 2026/05/28 4:16 p.m.10 views

PYSEC-2026-176

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/05/28 4:16 p.m.5 views

UBUNTU-CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 3:10 p.m.10 views

CVE-2026-48523

PyJWT is a JSON Web Token implementation in Python. From 2.9.0 to 2.12.1, there is a verifier-side algorithm allow-list bypass when jwt.decode or jwt.decodecomplete are called with a PyJWK key. The token header alg is checked against the caller-supplied algorithms allow-list, but signature...

5.4CVSS5.8AI score0.00127EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2026/05/28 3:9 p.m.10 views

CVE-2026-48526

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, when the verifier is decoding JSON Web Tokens, while supporting both asymmetric and HMAC algorithms, the library does not validate use of JSON Web Keys in HMAC algorithm, allowing attacker to use the issuer public key as the...

7.4CVSS5.8AI score0.00394EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.12 views

SUSE CVE-2026-45903

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

5.9AI score0.00157EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 2:25 a.m.14 views

CVE-2026-45903

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF verifier. This vulnerability occurs because several BPF helper functions lack proper memory access flags, such as MEMRDONLY or MEMWRITE. Consequently, the verifier may incorrectly assume that buffer contents remain unchanged across...

7.1CVSS5.9AI score0.00157EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/28 12:42 a.m.13 views

CVE-2026-45933

A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The synclinkedregs function fails to preserve the register ID during bounds propagation, which can lead to incorrect register state. This issue may allow a local attacker to trigger a 'division by zero' error, resulting i...

7.8CVSS5.8AI score0.00172EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/27 3:33 p.m.12 views

EUVD-2026-32352

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

5.8AI score0.0016EPSS
Exploits0References7
NVD
NVD
added 2026/05/27 2:17 p.m.17 views

CVE-2026-45903

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

7.1CVSS0.00157EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.4 views

UBUNTU-CVE-2026-45886

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

5.5CVSS5.7AI score0.0016EPSS
Exploits0References8
CVE
CVE
added 2026/05/27 12:17 p.m.18 views

CVE-2026-45903

CVE-2026-45903 concerns the Linux kernel where the BPF verifier memory-access flag handling in helper prototypes was incorrect. After a verifier refactor, several helpers using ARG_PTR_TO_MEM lacked MEM_RDONLY or MEM_WRITE, causing the verifier to incorrectly assume buffers were unchanged across ...

7.1CVSS5.9AI score0.00157EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:17 p.m.41 views

CVE-2026-45903 bpf: Fix memory access flags in helper prototypes

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory access flags in helper prototypes After commit 37cce22dbd51 "bpf: verifier: Refactor helper access type tracking", the verifier started relying on the access type flags in helper function prototypes to perform...

0.00157EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:16 p.m.40 views

CVE-2026-45886 bpf: Fix bpf_xdp_store_bytes proto for read-only arg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpfxdpstorebytes proto for read-only arg While making some maps in Cilium read-only from the BPF side, we noticed that the bpfxdpstorebytes proto is incorrect. In particular, the verifier was throwing the following error...

0.0016EPSS
Exploits0References6
CVE
CVE
added 2026/05/27 12:16 p.m.21 views

CVE-2026-45886

CVE-2026-45886: In the Linux kernel, a patch fixes the bpf_xdp_store_bytes prototype for read-only arguments. The issue caused the verifier to treat the third argument as a BPF_WRITE target when NATed map memory was read-only, resulting in a forbidden write to a read-only map. The patch adjusts t...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/05/27 11:16 a.m.20 views

CVE-2026-45839

In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpfcoreparsespec CO-RE accessor strings are colon-separated indices that describe a path from a root BTF type to a target field, e.g. "0:1:2" walks through nested struct members...

7.8CVSS0.0012EPSS
Exploits0References7
Rows per page
Query Builder