Lucene search
K

264 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: fgraph: Do not enable the functiongraph tracer when setting the funcgraph-args option. When setting the funcgraph-args option, if the functiongraph tracer is disabled, it incorrectly enables itself. Moreover, it unregisters itsel...

5.5CVSS5.4AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: A possible memory leak has been fixed in btrfsgetdevargsfrompath. In btrfsgetdevargsfrompath, btrfsgetbdevandsb may fail if the path is invalid. In such cases, btrfsgetdevargsfrompath returns directly without freeing the...

5.5CVSS5.3AI score0.00195EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/17 4:39 p.m.4 views

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements via the NGINX configuration generator component. An attacker can inject arbitrary NGINX configuration directives by supplying crafted values to the serverTokens or extraAuthArgs...

8.6CVSS5.9AI score0.00567EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 3:16 p.m.11 views

CVE-2026-11311

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 2:4 p.m.69 views

CVE-2026-11311

CVE-2026-11311 affects NGINX Gateway Fabric when used with NGINX Plus. The vulnerability resides in the NGINX configuration generator: user-supplied values from the NginxProxy CRD serverTokens field and the AuthenticationFilter CRD extraAuthArgs field are rendered directly into NGINX configuratio...

8.6CVSS5.6AI score0.00567EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 2:4 p.m.22 views

CVE-2026-11311 NGINX Gateway Fabric vulnerability

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS0.00567EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 2:4 p.m.7 views

EUVD-2026-37720

When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...

8.6CVSS5.6AI score0.00567EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.15 views

PT-2026-50429

Name of the Vulnerable Software and Affected Versions NGINX Gateway Fabric affected versions not specified Description An injection issue exists in the NGINX configuration generator component when NGINX Plus is used as the data plane. User-supplied string values from the serverTokens field of the...

8.6CVSS6AI score0.00567EPSS
Exploits0References7
Snyk
Snyk
added 2026/06/10 7:23 p.m.5 views

Command Injection

Overview aws-cdk-lib is a Version 2 of the AWS Cloud Development Kit library Affected versions of this package are vulnerable to Command Injection via the NodejsFunction local bundling pipeline, when an attacker controls the value of one or more of the properties externalModules, define, loader,...

7.3CVSS5.9AI score0.00936EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 5:16 a.m.10 views

CVE-2026-11603

The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'argsfilterFormArray' Parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00205EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.8 views

PT-2026-50142

It was discovered that rabbitmq-c exposed credentials in command-line arguments under certain circumstances. A local attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. CVE-2023-35789 It was discovered that...

5.5CVSS6.2AI score0.00214EPSS
Exploits0References14
RedhatCVE
RedhatCVE
added 2026/06/01 10:3 p.m.12 views

CVE-2026-44450

Lumiverse is a full-featured AI chat application. Prior to 0.9.7, the MCP server creation endpoint validates the command field against an allowlist of binary names but forwards the args array to the child process without any validation. Every binary on the allowlist accepts an inline-code executi...

9.9CVSS6.3AI score0.00377EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 7:34 a.m.8 views

CVE-2026-49298 Apache Airflow: JWT Token Exposure in KubernetesExecutor Command-Line Arguments

A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be passed to the worker container as command-line arguments visible in the pod spec. An authenticated UI/API user with Kubernetes read-only access to the cluster e.g...

5.8AI score0.00488EPSS
Exploits0References2
NVD
NVD
added 2026/05/31 9:16 a.m.16 views

CVE-2026-10174

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS0.00228EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/31 8:0 a.m.36 views

CVE-2026-10174 Aider-AI Aider Pre-commit Hook args.py protection mechanism

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS0.00228EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/31 8:0 a.m.10 views

CVE-2026-10174 Aider-AI Aider Pre-commit Hook args.py protection mechanism

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/31 12:0 a.m.13 views

PT-2026-45183

A vulnerability was identified in Aider-AI Aider 0.86.3. Affected is an unknown function of the file aider/args.py of the component Pre-commit Hook Handler. Such manipulation of the argument git-commit-verify leads to protection mechanism failure. The attack may be launched remotely. The exploit ...

6.5CVSS6.3AI score0.00228EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/28 3:57 a.m.13 views

SUSE CVE-2026-45868

In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcsaddgpiofunc ofparsephandlewithargs returns a devicenode pointer with refcount incremented in gpiospec.np. The loop iterates through all phandles but never releases the reference, causing a...

5.8AI score0.00156EPSS
Exploits0References3
CVE
CVE
added 2026/05/27 12:15 p.m.22 views

CVE-2026-45868

CVE-2026-45868 affects the Linux kernel pinctrl: single subsystem (pcs_add_gpio_func). The of_parse_phandle_with_args() path increments a device_node refcount and loops through phandles without releasing it, causing a refcount leak. The fix adds of_node_put() to release the reference after extrac...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.11 views

PT-2026-43735

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak occurs in the pcs add gpio func function. The of parse phandle with args function returns a device node pointer with an incremented reference count in gpiospec.np...

5.5CVSS5.4AI score0.00156EPSS
Exploits0
Rows per page
Query Builder