Lucene search
K

347 matches found

AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.4 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS6AI score0.00294EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/25 8:42 a.m.4 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:32 p.m.9 views

EUVD-2026-38809

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/23 4:52 p.m.6 views

Gogs Vulnerable to Privilege Escalation via Collaboration Access Mode Validation

Summary A repository admin collaborator can escalate their privileges to owner-level access by exploiting an off-by-one error in the ChangeCollaborationAccessMode function. Vulnerable Code In internal/database/repocollaboration.go, line 129: go func r Repository ChangeCollaborationAccessModeuserI...

7CVSS5.9AI score0.00499EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/17 9:53 p.m.21 views

CVE-2026-50202 Steeltoe's static JWKS cache shared across schemes and never invalidated

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Security.Authentication.CloudFoundryBase prior to version 3.4.0, Steeltoe.Security.Authentication.JwtBearer prior to version 4.2.0, and...

5.9CVSS0.0029EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/16 11:53 a.m.7 views

EUVD-2026-37078

Firefox for iOS preserved cookies set on the initial PDF request across cross-origin HTTP redirects in TemporaryDocument, allowing a malicious site to inject arbitrary cookies into requests to an unrelated target domain. This vulnerability was fixed in Firefox for iOS 152.0...

4.3CVSS5.4AI score0.001EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-50181

Name of the Vulnerable Software and Affected Versions Daytona versions prior to 0.185.0 Description Organization role update and delete endpoints authorized the caller as an owner of the organization in the request path but mutated the target role using only its identifier without verifying the...

7.7CVSS5.8AI score0.00186EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.12 views

PT-2026-49771

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.25 Description An issue in internal and webchat command authentication allows senders to inherit wildcard ownerAllowFrom state across channel boundaries. This enables attackers to send commands on affected...

6.5CVSS5.5AI score0.00245EPSS
Exploits0References5
Fedora
Fedora
added 2026/06/13 1:13 a.m.20 views

[SECURITY] Fedora 44 Update: chezmoi-2.70.5-1.fc44

Manage your dotfiles across multiple diverse machines, securely...

6.1CVSS7.8AI score0.00287EPSS
Exploits0
NVD
NVD
added 2026/06/12 7:16 p.m.17 views

CVE-2026-28742

Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence of per-device keys,...

9.8CVSS0.0033EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/10 8:59 a.m.11 views

CVE-2025-40808

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions, SIPROTEC 5 6MD85 CP200 All versions, SIPROTEC 5 6MD85 CP300 All versions, SIPROTEC 5 6MD86 CP200 All versions, SIPROTEC 5 6MD86 CP300 All versions, SIPROTEC 5 6MD89 CP300 All versions, SIPROTEC 5 6MU85 CP300 All versions,...

6.9CVSS5.6AI score0.00186EPSS
Exploits0References1
Circl
Circl
added 2026/06/05 11:25 p.m.11 views

CVE-2026-11429

creationtimestamp| type| source ---|---|--- 2026-06-05 23:25:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mnlbxhyq522a 2026-06-06 00:00:40+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mnldvvpv6p2k 2026-06-06 00:00:41+00:00| seen|...

10CVSS5.3AI score0.01145EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.12 views

CVE-2026-2402

CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authentication attempts with different credentials on a sequence of requests to multiple endpoints...

6.9CVSS5.6AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:21 p.m.9 views

CVE-2026-29200

A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...

9.9CVSS5.4AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.12 views

CVE-2026-45006

OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration changes by bypassing an incomplete denylist protection. Attackers can persist malicious config...

8.8CVSS5.5AI score0.00489EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.17 views

PT-2026-46016

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A heap buffer overflow out-of-bounds write exists in the persistent ram save old function within the pstore/ram component. The issue occurs when the function is called multiple times for...

7.8CVSS5.5AI score0.00136EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/02 6:44 p.m.9 views

CVE-2019-25722

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

7.6CVSS5.9AI score0.00193EPSS
Exploits0References4
CVE
CVE
added 2026/06/02 8:31 a.m.16 views

CVE-2026-34907

CVE-2026-34907 describes a Reflected Cross‑Site Scripting (XSS) vulnerability in Wirtualna Uczelnia caused by insecure handling of the locale parameter across multiple endpoints. An attacker can craft a URL with JavaScript in the locale parameter; when a victim opens the link, the injected script...

5.1CVSS5.7AI score0.00285EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.17 views

CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS0.00088EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.30 views

CVE-2025-22424

CVE-2025-22424 is described across multiple sources as an Android vulnerability arising from improper input validation that can cause images to be revealed across users, enabling local privilege escalation with no extra execution privileges. The NVD entry assigns a CVSS v3.1 base score of 7.8 (Hi...

7.8CVSS5.9AI score0.00088EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder