Lucene search
K

87 matches found

Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-8472 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS0.00243EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42405

GitLab has remediated an issue in GitLab EE affecting all versions from 18.9 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user with minimal access permissions to read work item metadata from private projects due to...

4.3CVSS6AI score0.00243EPSS
Exploits0References3
CVE
CVE
added 4 days ago83 views

CVE-2026-8472

CVE-2026-8472 affects GitLab Enterprise Edition and reports a privilege/authorization issue where an authenticated user with minimal access could read work item metadata from private projects. The root cause is missing authorization checks, enabling unintended metadata access. Affected versions i...

4.3CVSS6AI score0.00243EPSS
Exploits0References3Affected Software1
SUSE CVE
SUSE CVE
added 2026/07/03 3:5 a.m.6 views

SUSE CVE-2026-53097

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...

5.8AI score0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.13 views

PT-2026-50428

Name of the Vulnerable Software and Affected Versions Plane CE version 1.3.1 Description A low-privileged project member can submit arbitrary HTML and JavaScript via the description html field. This occurs when creating an intake work item through the 'API v1 intake' endpoint. Recommendations At...

6.9CVSS5.9AI score0.00165EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.9 views

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8.8CVSS5.5AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/28 2:43 a.m.11 views

CVE-2026-45898

A flaw was found in the Linux kernel's Remote Direct Memory Access RDMA Internet Wide Area RDMA Protocol iWARP subsystem. Incorrect work submission logic in the iwcm component can lead to multiple queueing of work items. This allows a work item to be processed and freed while still present in the...

9.8CVSS5.8AI score0.00465EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43722

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the libata-scsi SAT implementation where non-NCQ Native Command Queuing commands can suffer from starvation. When a non-NCQ command is issued while NCQ commands are...

5.8AI score0.00164EPSS
Exploits0References13
NVD
NVD
added 2026/04/29 6:16 p.m.6 views

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8.8CVSS0.00163EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/29 5:18 p.m.4 views

CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS5.3AI score0.00163EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/29 5:18 p.m.6 views

CVE-2026-5712

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS5.3AI score0.00163EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/29 5:18 p.m.30 views

CVE-2026-5712 IdentityIQ Role Editor Incorrect Authorization Vulnerability

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS0.00163EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/29 5:18 p.m.5 views

EUVD-2026-26260

This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned capability that would allow role editing...

8CVSS5.3AI score0.00163EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.11 views

PT-2026-35962

Name of the Vulnerable Software and Affected Versions IdentityIQ affected versions not specified Description An authenticated identity acting as the requestor or assignee of a work item can edit a role definition without possessing the required capability for role editing. Recommendations At the...

8.8CVSS5.8AI score0.00163EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/24 2:33 p.m.33 views

CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel pmsrfreewk in cfg80211pmsrwdevdown When the nl80211 socket that originated a PMSR request is closed, cfg80211releasepmsr sets the request's nlportid to zero and schedules pmsrfreewk to process the abort...

7.8CVSS0.00129EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue with the delayed work item otgevent in the fslotgremove function, which could lea...

5.8AI score0.00181EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/24 12:23 p.m.31 views

CVE-2023-54071 wifi: rtw88: use work to update rate to avoid RCU warning

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use work to update rate to avoid RCU warning The ieee80211ops::starcupdate must be atomic, because ieee80211chanbwchange holds rcuread lock while calling drvstarcupdate, so create a work to do original things...

0.00166EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-40171

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvmet-fc: move lsop put work to nvmetfclsreqop It's possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport...

6AI score0.00188EPSS
Exploits0References3
CVE
CVE
added 2025/10/20 3:26 p.m.13 views

CVE-2025-40007

CVE-2025-40007 — Linux kernel netfs reference leak (concrete details) The issue is in netfs: fix reference leak inside the Linux kernel’s netfs code. A commit (20d72b00ca81) changed netfs_alloc_request() to initialize the reference counter to 2 instead of 1, under the assumption that the request’...

6.4AI score0.00205EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/18 12:0 a.m.6 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a cyclic delayed work-item leading to reuse after release, which could lead to memory corruption...

6.1AI score0.00222EPSS
Exploits0References3
Rows per page
Query Builder