Lucene search
K

476 matches found

OSV
OSV
added 2026/02/19 9:25 p.m.6 views

CVE-2026-26275 httpsig-hyper has Improper Digest Verification that May Allow Message Integrity Bypass

httpsig-hyper is a hyper extension for http message signatures. An issue was discovered in httpsig-hyper prior to version 0.0.23 where Digest header verification could incorrectly succeed due to misuse of Rust's matches! macro. Specifically, the comparison if matches!digest, expecteddigest treate...

7.5CVSS5.7AI score0.00162EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/02/19 3:26 p.m.22 views

CVE-2026-26223 SPIP < 4.4.8 Cross-Site Scripting via Iframe Tags in Private Area

SPIP before 4.4.8 allows cross-site scripting XSS in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in...

6.1CVSS0.00188EPSS
Exploits0References3
OSV
OSV
added 2026/02/18 11:6 a.m.7 views

CLSA-2026-1771412755 Update of alt-php

Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "Entrust Root Certification Authority" Certificate "ePKI Root Certification Authority" Certificate...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/18 11:4 a.m.8 views

CLSA-2026-1771412648 Update of alt-php

Update ca-certificates database to 20260210: - mozilla\certdata.h,nssckbi.h: Update Mozilla certificate authority bundle of the version 2.82. - The following certificates were updated: Certificate "ePKI Root Certification Authority" - The following certificates were added: Certificate "TrustAsia...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/18 10:59 a.m.11 views

CLSA-2026-1771412339 Update of ca-certificates

update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/18 10:50 a.m.7 views

CLSA-2026-1771411804 Update of ca-certificates

update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/18 10:46 a.m.9 views

CLSA-2026-1771411561 Update of ca-certificates

update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go Daddy Class 2 CA" - Certificate "Starfield Class...

5.8AI score
Exploits0References1
Oracle linux
Oracle linux
added 2026/02/16 12:0 a.m.10 views

kernel security update

6.12.0-124.38.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

7.8CVSS7.8AI score0.0071EPSS
Exploits0
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from failing to skip the rxnosta processing when the interface is not added. This could lead to warnin...

5.8AI score0.00173EPSS
Exploits0References7
OSV
OSV
added 2026/02/13 7:30 p.m.8 views

CLSA-2026-1771011008 Update of nss

update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "ePKI Root Certification Authority" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/02/13 6:58 p.m.13 views

CLSA-2026-1771009112 Update of nss

update to CKBI 2.82 from NSS 3.120 - updated certificates: - Certificate "ePKI Root Certification Authority" - Certificate "GlobalSign Root CA" - Certificate "Entrust.net Premium 2048 Secure Server CA" - Certificate "Comodo AAA Services root" - Certificate "XRamp Global CA Root" - Certificate "Go...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-27579

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 macOS versions prior to Tahoe 26.3 Description An issue existed where an application could potentially access protected user data due to insufficient permissions restrictions...

7.5CVSS5.8AI score0.00281EPSS
Exploits0References5
OSV
OSV
added 2026/02/10 7:11 a.m.7 views

CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...

2.9CVSS7.2AI score0.0017EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/10 2:6 a.m.7 views

kernel: ipv6: use RCU in ip6_output()

A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...

5.8AI score0.00193EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2026/02/09 12:0 a.m.8 views

kernel security update

5.14.0-611.30.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

7.8CVSS8AI score0.00517EPSS
Exploits3
Cvelist
Cvelist
added 2026/02/04 4:0 p.m.27 views

CVE-2026-23044 PM: hibernate: Fix crash when freeing invalid crypto compressor

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When cryptoallocacomp fails, it returns an ERRPTR value, not NULL. The cleanup code in savecompressedimage and loadcompressedimage unconditionally calls...

0.00145EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2026/02/04 12:0 a.m.6 views

osbuild-composer security update

149-4.0.1 - Add missing dependency over dracut-config-rescue for image-installer Orabug: 38587453 - Add OL10 support - Update repository URLs for baseos, appstream and UERK - Fix the label for UEKR repository - Simplify repository names JIRA: OLDIS-35893 - Ensure build on latest golang:...

4.3CVSS5.4AI score0.01127EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/03 4:55 p.m.7 views

An AI plush toy exposed thousands of private chats with children

Bondu’s AI plush toy exposed a web console that let anyone with a Gmail account read about 50,000 private chats between children and their cuddly toys. Bondu's toy is marketed as: “A soft, cuddly toy powered by AI that can chat, teach, and play with your child.” What it doesn’t say is that anyone...

5.3AI score
Exploits0
OSV
OSV
added 2026/01/31 12:16 p.m.3 views

UBUNTU-CVE-2026-23039

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drmatomichelperdisableall is called which sets both the fb and crtc for a plane to NULL before invoking a commit. This causes a kernel oops on every displ...

5.7AI score0.00194EPSS
Exploits0References5
CVE
CVE
added 2026/01/31 11:42 a.m.19 views

CVE-2026-23039

The CVE-2026-23039 issue affects the Linux kernel DRM Gud (drm/gud) code path. On USB disconnect, drm_atomic_helper_disable_all() clears plane fb and crtc by setting them to NULL before a commit, which can trigger a kernel oops. The fix implements guards to prevent NULL dereferences when accessin...

5.8AI score0.00194EPSS
Exploits0References2
Rows per page
Query Builder