Lucene search
+L

1571 matches found

OSV
OSV
added 2026/06/08 3:46 p.m.2 views

CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg

In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extractkvectosg Patch series "Fix bugs in extractitertosg", v3. Fix bugs in the kvec and user variants of extractitertosg. This series is growing due to useful remarks made by...

9.8CVSS6.6AI score0.00457EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/08 2:57 a.m.11 views

firefox: thunderbird: Information disclosure due to incorrect boundary conditions in the Audio/Video component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure due to incorrect boundary conditions in the Audio/Video component...

7.5CVSS5.4AI score0.00323EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47345

Name of the Vulnerable Software and Affected Versions STACKIT IaaS API affected versions not specified Description A missing authorization check allows authenticated, low-privileged attackers to escalate privileges to full organization compromise. By exploiting the unvalidated 'PUT servers...

9.8CVSS5.2AI score0.00302EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.13 views

CVE-2026-20223

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References1
CVE
CVE
added 2026/06/04 7:28 a.m.25 views

CVE-2026-50211

Technical details about CVE-2026-50211 are not publicly provided in the supplied documents. Monitor for updates as additional data may reveal affected products, root cause, and mitigations.

9.8CVSS5.8AI score0.0029EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/03 9:37 p.m.13 views

Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Rendering

Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like securityContext and inject multi-document YAML to create additional unintended Kubernetes resources. Details The server interpolates...

10CVSS6.2AI score0.00347EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.27 views

PT-2026-46126

Name of the Vulnerable Software and Affected Versions jupyter enterprise gateway versions prior to 3.3.0 Description Unsafe Jinja2 template rendering allows for Kubernetes manifest injection. The server interpolates untrusted environment variables such as KERNEL XXX into Kubernetes manifests...

10CVSS6.3AI score0.00347EPSS
Exploits0References16
Packet Storm News
Packet Storm News
added 2026/05/31 12:0 a.m.13 views

A New Framework for Cybersecurity Refusals in AI Agents

Agentic scaffolds have dramatically improved LLM performance on complex, long-horizon tasks, yielding both broad benefits and amplified risks in domains like cybersecurity. Existing benchmarks for AI agents in cybersecurity focus mainly on measuring proficiency--how effectively agents can complet...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.17 views

SUSE CVE-2026-46234

In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsockupdatebuffersize, the buffer size was being clamped to the maximum first, and then to the minimum. If a user sets a minimum buffer size larger than the maximum, the minimum check...

5.5CVSS5.9AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 10:16 a.m.15 views

CVE-2026-46115

In the Linux kernel, the following vulnerability has been resolved: block: add pgmap check to biovecphysmergeable biovecphysmergeable is used by the request merge, DMA mapping, and integrity merge paths to decide if two physically contiguous bvec segments can be coalesced into one. It currently h...

9.8CVSS0.00491EPSS
Exploits0References5
OSV
OSV
added 2026/05/28 9:35 a.m.3 views

CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3)

In the Linux kernel, the following vulnerability has been resolved: dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never split across parity blocks. This assumption is false. Consider...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/28 9:35 a.m.13 views

EUVD-2026-32889

In the Linux kernel, the following vulnerability has been resolved: dm-verity-fec: fix reading parity bytes split across blocks take 3 fecdecodebufs assumes that the parity bytes of the first RS codeword it decodes are never split across parity blocks. This assumption is false. Consider...

5.8AI score0.00117EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vsock update buffer size function where the buffer size clamping order is incorrect. The system clamped the buffer size to the maximum value first and then to the...

9.8CVSS6.1AI score0.03663EPSS
Exploits18References285
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.16 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the assumption in dm-verity-fec that parity-check bytes are not split across blocks, allowing for...

5.8AI score0.00117EPSS
Exploits0References2
Redos
Redos
added 2026/05/24 12:0 a.m.12 views

ROS-20260524-73-0032

A vulnerability in the vim text editor is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

6.6CVSS6.2AI score0.00168EPSS
Exploits0
Redos
Redos
added 2026/05/24 12:0 a.m.12 views

ROS-20260524-73-0031

A vulnerability in the vim text editor is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

4.4CVSS6.2AI score0.00177EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/05/22 5:36 a.m.16 views

Cisco Patches CVSS 10.0 Secure Workload REST API Flaw Enabling Data Access

Cisco has rolled out updates for a maximum-severity security flaw impacting Secure Workload that could allow an unauthenticated, remote attacker to access sensitive data. Tracked as CVE-2026-20223 CVSS score: 10.0, the vulnerability arises from insufficient validation and authentication when...

10CVSS5.9AI score0.00835EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:47 a.m.8 views

CVE-2026-9152

A missing authentication vulnerability exists in the Altium 365 SearchService. A legacy SOAP endpoint exposes search index operations without requiring authentication, session tokens, or any form of identity verification. An unauthenticated network attacker who can reference a target workspace's...

10CVSS5.8AI score0.00339EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/20 4:6 p.m.11 views

EUVD-2026-31131

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/20 4:6 p.m.11 views

CVE-2026-20223

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder