Lucene search
K

819 matches found

EUVD
EUVD
added 20 hours ago6 views

EUVD-2026-43591

SAP Commerce Cloud could retain a sample OAuth2 client with publicly documented sample credentials originating from sample configuration provided in SAP Help Portal documentation. If left unchanged, an unauthenticated attacker could use these well-known credentials to obtain a valid access token...

9.1CVSS6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.5 views

keycloak: Keycloak: Security restriction bypass allows unauthorized ROPC token acquisition

A flaw was found in Keycloak's Client Policies, specifically within the org.keycloak.protocol.oidc component. When certain condition providers client-type, client-roles, client-attributes, client-scopes are used to enforce security restrictions, the reject-ropc-grant executor is silently bypassed...

6.5CVSS5.8AI score0.00267EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 4:29 p.m.8 views

EUVD-2026-38918

In the Linux kernel, the following vulnerability has been resolved: quota: Fix race of dquotscanactive with quota deactivation dquotscanactive can race with quota deactivation in quotareleaseworkfn like: CPU0 quotareleaseworkfn CPU1 dquotscanactive ==============================...

5.7AI score0.00129EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/22 9:1 p.m.18 views

openstack-keystone: OpenStack Keystone: Unauthorized access and privilege escalation via AWS signature validation flaw

A flaw was found in OpenStack Keystone. This vulnerability allows an attacker to obtain a valid OpenStack's Keystone token, leading to access to unauthorized resources or privilege escalation within the OpenStack instance via sending a valid AWS Amazon Web Services signature to the /v3/ec2tokens ...

7.5CVSS5.8AI score0.00201EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/08 11:6 p.m.14 views

FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of escapeTdString

Summary The TDengine DAQ storage connector's escapeTdString at server/runtime/storage/tdengine/index.js:10 doubles single quotes but does not escape backslashes. TDengine's SQL parser treats ' as a literal single quote inside a string, so a tag id of the form x' OR 1=1-- escapes the first single...

5.5AI score0.00082EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 8:34 a.m.11 views

CVE-2026-10057 ITP Technology|ITS Intelligent SCADA System - Stored Cross-Site Scripting

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/29 8:34 a.m.17 views

EUVD-2026-33267

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.8AI score0.00176EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

QuickCMS 跨站脚本漏洞

QuickCMS is an open-source content management system developed by QuickCMS. QuickCMS has a cross-site scripting vulnerability. This vulnerability stems from an insecure HTTP-based plugin acquisition mechanism that makes it vulnerable to cross-site scripting attacks. Malicious attackers can...

4.8CVSS5.7AI score0.00185EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 5:11 p.m.13 views

androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/21 5:11 p.m.5 views

GHSA-763J-3P5V-JFC6 androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

4.8CVSS5.9AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: hisi: Fixed a potential UAF issue in OPP handling. Ensured that all required data is acquired before calling devpmoppputop, to maintain the correct order of resource acquisition and release...

5.2AI score0.00181EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/15 1:58 a.m.10 views

SUSE CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.7AI score0.00114EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.25 views

EUVD-2026-30016

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.7AI score0.00114EPSS
Exploits0References9
NVD
NVD
added 2026/05/13 4:16 p.m.43 views

CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.5CVSS0.00114EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/05/13 4:16 p.m.13 views

CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.7AI score0.00114EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 3:8 p.m.49 views

CVE-2026-43480 ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

0.00114EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/13 3:8 p.m.6 views

CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could lead to dereferencing error pointers in rt5682clkenable. Fix this by:...

5.5CVSS5.7AI score0.00114EPSS
Exploits0
CVE
CVE
added 2026/05/13 3:8 p.m.29 views

CVE-2026-43480

In CVE-2026-43480, the Linux kernel ASoC driver for the amd acp3x-rt5682-max9836 (acp3x_5682_init) failed to check the return value of clk_get(), risking dereferencing an error pointer in rt5682_clk_enable(). The fix is to switch to device-managed devm_clk_get() and add IS_ERR() checks for both c...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40687

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The acp3x 5682 init function fails to check the return value of clk get, which can lead to the dereferencing of error pointers within the rt5682 clk enable function. Recommendations Upda...

5.5CVSS5.5AI score0.00114EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-43480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x5682init function did not check the return value of clkget, which could...

5.5CVSS6AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder