Lucene search
K

2412 matches found

Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.12 views

PT-2026-39623

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.15 Description An authorization issue in server mode affects the Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fail to filter user-owned objects by the...

9.9CVSS6AI score0.00455EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.9 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: postgresql-13 (UTSA-2026-017348)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017348 advisory. A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, an...

4.4CVSS5.8AI score0.02555EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.13 views

CVE-2026-43578

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

9.1CVSS5.8AI score0.00288EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 9:31 p.m.8 views

EUVD-2026-28168

OpenClaw versions 2026.3.31 before 2026.4.10 contain a privilege escalation vulnerability where heartbeat owner downgrade detection misses local background async exec completion events. Attackers can exploit this by providing untrusted completion content to leave a run in a more privileged contex...

9.1CVSS5.8AI score0.00288EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-38233

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.31 through 2026.4.9 Description A privilege escalation issue exists where heartbeat owner downgrade detection fails to identify local background async exec completion events. This allows attackers to provide untrusted...

9.1CVSS5.9AI score0.00288EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/05/01 9:32 a.m.8 views

WordPress Full Screen Background plugin <= 2.0.2 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Full Screen Background versions = 2.0.2...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.8 views

CVE-2026-41247

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.8CVSS5.9AI score0.01567EPSS
Exploits0References1
OSV
OSV
added 2026/04/24 8:40 p.m.12 views

GHSA-FPJQ-C37H-CQCV Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

7.7CVSS5.9AI score0.00369EPSS
Exploits1References5
NVD
NVD
added 2026/04/23 7:17 p.m.37 views

CVE-2026-41247

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.8CVSS0.01567EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/23 6:47 p.m.42 views

CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.3CVSS0.01567EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/23 6:47 p.m.2 views

CVE-2026-41247 elFinder: Command injection in resize background color parameter when using ImageMagick CLI

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.3CVSS5.9AI score0.01567EPSS
Exploits0References1
CVE
CVE
added 2026/04/23 6:47 p.m.10 views

CVE-2026-41247

Vulnerability overview: elFinder

9.8CVSS6.1AI score0.01567EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/23 1:26 a.m.7 views

SUSE CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

5.5CVSS5.6AI score0.00126EPSS
Exploits0References16
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34727

elFinder is an open-source file manager for web, written in JavaScript using jQuery UI. Prior to 2.1.67, elFinder contains a command injection vulnerability in the resize command. The bg background color parameter is accepted from user input and passed through image resize/rotate processing. In...

9.3CVSS6.1AI score0.01567EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.11 views

pretalx 跨站脚本漏洞

pretalx is an open-source meeting planning tool developed by pretalx. It focuses on providing the best experience for organizers, speakers, reviewers, and participants. Versions of pretalx prior to 2026.1.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of...

8.7CVSS5.7AI score0.00166EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 3:31 p.m.5 views

EUVD-2026-24794

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

5.6AI score0.00126EPSS
Exploits0References9
NVD
NVD
added 2026/04/22 2:16 p.m.6 views

CVE-2026-31455

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

7.8CVSS0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/22 1:53 p.m.29 views

CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount

In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfsunmountflushinodes pushed the AIL while background reclaim and inodegc are still running. This is broken independently of any use-after-free issues -...

0.00126EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/22 1:53 p.m.29 views

CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks

In the Linux kernel, the following vulnerability has been resolved: xfs: save ailp before dropping the AIL lock in push callbacks In xfsinodeitempush and xfsqmdquotlogitempush, the AIL lock is dropped to perform buffer IO. Once the cluster buffer no longer protects the log item from reclaim, the...

7.8CVSS0.00126EPSS
Exploits0References8
CVE
CVE
added 2026/04/22 1:53 p.m.19 views

CVE-2026-31455

CVE-2026-31455 pertains to the Linux kernel, specific to the XFS unmount path. During unmount, in xfs_unmount_flush_inodes(), the AIL is pushed while background reclaim and inodegc may still be running, which can lead to inodes being dirtied or re-queued into the AIL. The provided fix reorders th...

7.8CVSS5.6AI score0.00126EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder