Lucene search
K

919 matches found

EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-40961

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

5.8AI score
Exploits0References3
Cvelist
Cvelist
added yesterday25 views

CVE-2026-58172 Ocelot - IP Allow/Block List Bypass for WebSocket Upgrade Requests

Ocelot through 24.1.0, fixed in commit f156fd4, contains a security control bypass vulnerability that allows denied clients to circumvent IP-based access restrictions by sending WebSocket upgrade requests. The WebSocket upgrade pipeline branch configured via MapWhen in OcelotPipelineExtensions.cs...

9.3CVSS
Exploits0References4
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-38363

MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 6 days ago11 views

CVE-2026-54091

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS0.00471EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-54091

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths agains...

7.5CVSS5.9AI score0.00471EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 6 days ago5 views

CVE-2026-53198

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS5.6AI score0.00466EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/06/24 4:28 p.m.8 views

CVE-2026-52952

Summary: CVE-2026-52952 affects the Linux kernel IOMMU subsystem. A race occurs during device recovery when multiple memory domains are attached concurrently, which can trigger a Use-After-Free (UAF) due to concurrent domain detachment and re-attachment in a multi-device group sharing the same RI...

8.8CVSS5.7AI score0.00131EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/24 3:59 p.m.7 views

Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered

A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC. "The main common goal was to disrupt the 'assembly lines' cybercriminals...

5.8AI score
Exploits0
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-48517

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type nam...

7.5CVSS0.00246EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:3 p.m.4 views

CVE-2026-48517

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type nam...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 9:3 p.m.5 views

CVE-2026-48517 MessagePack-CSharp: Typeless deserialization type restrictions do not recurse into arrays or generic arguments

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, MessagePack-CSharp's typeless deserialization includes MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType as a safety check for dangerous types. The default implementation checks the outer type nam...

6.3CVSS5.9AI score0.00246EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.12 views

PT-2026-51401

Name of the Vulnerable Software and Affected Versions MessagePack for C versions prior to 2.5.301 MessagePack for C versions prior to 3.1.7 Description Typeless deserialization in MessagePack-CSharp uses MessagePackSerializerOptions.ThrowIfDeserializingTypeIsDisallowedType to prevent the...

7.5CVSS5.9AI score0.00246EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in sudo

In Sudo version 1.8.29, the fact that a user has been blocked for example, by using the “!” character in the shadow file instead of a password hash was not taken into consideration. This allows an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

7.5CVSS6.7AI score0.0339EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox

When Firefox is configured to block the storage of all cookies, it is still possible to store data in localstorage by using an iframe with a source of ‘about:blank’. This could allow malicious websites to store tracking data without permission. This vulnerability affects Firefox versions earlier...

6.5CVSS6.7AI score0.0048EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in usbredir

A use-after-free vulnerability was discovered in usbredir in versions prior to 0.11.0, specifically in the usbredirparserserialize function within usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data, especially in cases where the destination is...

6.4CVSS6.6AI score0.00309EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

If a PAC URL was set, and the server hosting the PAC was unreachable, OCSP requests would be blocked, resulting in incorrect error pages being displayed. This vulnerability affects Firefox 102, Firefox ESR 91.11, Thunderbird 102, and Thunderbird 91.11...

4.3CVSS6.4AI score0.0058EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in python-tornado

Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in th...

7.5CVSS7AI score0.01051EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 10:41 a.m.6 views

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS6.1AI score0.01286EPSS
Exploits4References6
Veracode
Veracode
added 2026/06/16 7:23 p.m.8 views

Denial Of Service (DoS)

Netty is vulnerable to Denial of Service DoS. The vulnerability is due to improper management of blocked streams in the HTTP/3 codec, which allows an attacker to create an unlimited number of blocked streams and exhaust memory, leading to an out-of-memory condition and service disruption...

7.5CVSS5.2AI score0.00366EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/16 1:39 p.m.6 views

redis: use-after-free in unblock client flow may allow remote code execution

A flaw was found in Redis. The unblock client flow does not handle an error return from the processCommandAndResetClient when re-executing a blocked command. If a blocked client is evicted during this flow, an authenticated attacker can cause a use-after-free issue. This potentially leads to...

8.8CVSS6.1AI score0.01286EPSS
Exploits4References6
Rows per page
Query Builder