Lucene search
+L

833 matches found

CVE
CVE
added yesterday45 views

CVE-2026-55518

Avo (Ruby on Rails) suffers a server-side authorization gap in the association attach endpoint. Prior to 3.32.1 and 4.0.0.beta.51, the UI checks attach_? and GET /resources/:resource/:id/:related/new, but POST /resources/:resource/:id/:related (Avo::AssociationsController#create) does not enforce...

9.6CVSS5.3AI score
Exploits0References4
Veracode
Veracode
added 2 days ago5 views

Remote Code Execution (RCE)

github.com/julien040/anyquery, is vulnerable to Remote Code Execution RCE. The vulnerability is due to the server mode allowing unrestricted use of native SQLite ATTACH DATABASE commands, which allows an unauthenticated attacker to write arbitrary files to writable locations on the filesystem and...

6.6AI score0.00416EPSS
Exploits0References2Affected Software1
OSV
OSV
added 3 days ago4 views

CVE-2026-49988 Repomix: attach_packed_output can bypass file-read secret scanning for supported local files

Repomix is a tool that packs repositories into AI-friendly files. Prior to 1.14.1, the Repomix MCP server attachpackedoutput and readrepomixoutput flow can register and read arbitrary local .json, .txt, .md, or .xml files without the filesystemreadfile runSecretLint safety check or Repomix...

6.8CVSS6.2AI score0.00169EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 11:42 p.m.14 views

CVE-2026-50180

Summary: CVE-2026-50180 in Langroid’s SQLChatAgent allows arbitrary PostgreSQL file reads due to an incomplete DANGEROUS_SQL_PATTERNS blocklist. The blocklist misses several pg_read * and related functions (e.g., pg_read_file, pg_stat_file, pg_ls_logdir, pg_ls_waldir, pg_current_logfile) and does...

8.7CVSS6.1AI score0.00686EPSS
Exploits0References2
OSV
OSV
added 2026/07/09 11:42 p.m.4 views

CVE-2026-50180 Langroid: SQLChatAgent _validate_query blocklist misses pg_read_file family enabling arbitrary file read

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.64.0, SQLChatAgent in langroid ships a validatequery defense-in-depth layer whose DANGEROUSSQLPATTERNS regex blocklist enumerates dangerous SQL primitives by specific function name. The list misses...

8.7CVSS6.2AI score0.00686EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/07/01 7:1 p.m.15 views

repomix: attach_packed_output can bypass file-read secret scanning for supported local files

attachpackedoutput can register arbitrary .json/.txt/.md/.xml files and bypass the MCP file-read safety check Summary Repomix's MCP server exposes a normal filesystemreadfile tool that reads absolute paths only after running the project's secret check. However, the attachpackedoutput plus...

6.8CVSS6.1AI score0.00169EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-52951

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by...

7.8CVSS6.2AI score0.00138EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:6 a.m.8 views

tcp: restrict SO_ATTACH_FILTER to priv users

...

7CVSS5.8AI score0.00128EPSS
Exploits0
OSV
OSV
added 2026/06/26 8:17 p.m.3 views

DEBIAN-CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:17 p.m.4 views

UBUNTU-CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/26 7:40 p.m.7 views

EUVD-2026-39894

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.8AI score0.00122EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.7 views

CVE-2026-53289

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:9 a.m.7 views

SUSE CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.8AI score0.00128EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.16 views

PT-2026-52919

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference exists in the IOMMU subsystem. The group-domain pointer can be NULL if a default domain fails to allocate during the first probe. This leads to a system crash...

5.5CVSS6AI score0.00107EPSS
Exploits0References13
NVD
NVD
added 2026/06/25 9:16 a.m.9 views

CVE-2026-53236

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.5CVSS0.00128EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:39 a.m.24 views

CVE-2026-53236

CVE-2026-53236 affects the Linux kernel where a patch restricts SO_ATTACH_FILTER (cBPF) usage on TCP sockets to CAP_NET_ADMIN, mitigating a potential side-channel leaking TCP sequence/ACK data. Debian/Ubuntu entries show patches across newer kernel builds (e.g., Linux 6.1 series with 6.1.176-1~de...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/25 8:39 a.m.2 views

CVE-2026-53236 tcp: restrict SO_ATTACH_FILTER to priv users

In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52331

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A side-channel issue exists where an unprivileged application can attach a filter to TCP sockets to leak TCP sequence and acknowledgment numbers. This is achieved through the use of SO...

5.5CVSS6.1AI score0.00128EPSS
Exploits0References19
EUVD
EUVD
added 2026/06/24 6:32 p.m.8 views

EUVD-2026-38819

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by the attach, before the actual full bo init step in xedmabufinitobj...

6AI score0.00138EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 6:32 p.m.7 views

EUVD-2026-38818

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now that we do the alloc & init before the attach, we can now combine this as one unit and have the init d...

5.7AI score0.00138EPSS
Exploits0References4
Rows per page
Query Builder