Lucene search
+L

64 matches found

attackerkb
attackerkb
added 2026/06/24 6:23 p.m.2 views

CVE-2026-49220

Jellyfin is an open source self hosted media server. Prior to 10.11.9, a potential XSS attack exists in Jellyfin which can allow a non-privileged user to execute arbitrary Javascript in the context of a logged-in Administrative user, resulting in numerous potential issues. The Client header durin...

5.7CVSS6.1AI score0.00194EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/24 6:23 p.m.12 views

CVE-2026-49220

CVE-2026-49220 affects Jellyfin up to version 10.11.8, where a vulnerability in the AuthenticateByName flow allows a non-privileged user to inject HTML/JavaScript in the Client header that executes in an Administrative user session when accessing a user’s detail from the dashboard. This is a user...

5.7CVSS6.1AI score0.00194EPSS
Exploits0References1
osv
osv
added 2026/06/19 12:31 a.m.8 views

GHSA-X44P-GG67-52FC Duplicate Advisory: PraisonAI: Coarse-Grained Tool Approval Cache Bypasses Per-Invocation Consent for Shell Commands

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ffp3-3562-8cv3. This link is maintained to preserve external references. Original Description PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing...

6.8CVSS5.8AI score0.00116EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/18 10:12 p.m.21 views

CVE-2026-56074 PraisonAI - Tool Approval Cache Bypass via Coarse-Grained Caching

PraisonAI before 1.5.128 caches tool approval decisions by tool name only, not by invocation arguments, allowing subsequent executecommand calls to bypass approval prompts. Attackers can exploit this by obtaining initial approval for a benign command, then silently exfiltrate API keys and...

6.8CVSS0.00116EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.17 views

PT-2026-44159

Summary CustomReports uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports based on report-sharing rules - The detail flow only checks generic reports or reports config permissions As a result, a low-privileged...

7.1CVSS5.8AI score0.00035EPSS
Exploits0References6
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcomaddsysmonsubdev The kfree function should be called when ofirqgetbyname fails or devmrequestthreadedirq fails in qcomaddsysmonsubdev. Otherwise, a memory leak will occur; therefore, addi...

5.8AI score0.00211EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux

In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: check the return value after calling platformgetresourcebyname. If platformgetresourcebyname returns NULL, it may lead to a null-ptr-deref issue. Therefore, we need to check the return value. Patchwork:...

5.5CVSS6.2AI score0.00259EPSS
Exploits0References1
fedora
fedora
added 2026/05/15 10:45 p.m.17 views

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6AI score0.61469EPSS
Exploits41
fedora
fedora
added 2026/05/15 9:9 p.m.14 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6AI score0.61469EPSS
Exploits41
redhatcve
redhatcve
added 2026/05/06 10:16 a.m.13 views

CVE-2026-43072

A flaw was found in the drm/vc4 component of the Linux kernel. The platformgetirqbyname function, which returns an integer that can indicate an error, was not properly validated before being passed to devmrequestthreadedirq. This oversight in error handling could potentially lead to system...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References4
nvd
nvd
added 2026/05/05 4:16 p.m.12 views

CVE-2026-43072

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platformgetirqbyname returns an int platformgetirqbyname will return a negative value if an error happens, so it should be checked and not just passed directly into devmrequestthreadedirq hoping all will be ok...

5.5CVSS0.00114EPSS
Exploits0References7
osv
osv
added 2026/05/05 3:29 p.m.2 views

CVE-2026-43072 drm/vc4: platform_get_irq_byname() returns an int

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: platformgetirqbyname returns an int platformgetirqbyname will return a negative value if an error happens, so it should be checked and not just passed directly into devmrequestthreadedirq hoping all will be ok...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References10
cve
cve
added 2026/05/05 3:29 p.m.30 views

CVE-2026-43072

CVE-2026-43072 affects the Linux kernel drm/vc4 code path: platform_get_irq_byname() may return a negative error value, which was previously passed directly to devm_request_threaded_irq() without proper checking. The issue has been resolved in updated kernel code, and multiple OS-specific advisor...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References7Affected Software1
cnnvd
cnnvd
added 2026/05/05 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the platformgetirqbyname function returning an int value. This value is passed directly to the...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References1
thn
thn
added 2026/04/21 10:22 a.m.9 views

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Cybersecurity researchers have discovered a vulnerability in Google's agentic integrated development environment IDE, Antigravity, that could be exploited to achieve code execution. The flaw, since patched, combines Antigravity's permitted file-creation capabilities with an insufficient input...

7.5CVSS6.5AI score0.01402EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/04/03 12:0 a.m.18 views

PT-2026-30040

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a device node reference leak in the logicvc drm config parse function. The function calls of get child by name to find the "layers" node but fails to release th...

9.8CVSS6.8AI score0.03663EPSS
Exploits18References468
fedora
fedora
added 2026/02/15 1:13 a.m.21 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.5.2-15.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

8.2CVSS5.5AI score0.00339EPSS
Exploits0
fedora
fedora
added 2026/01/04 1:3 a.m.13 views

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

6.3CVSS6.4AI score0.00394EPSS
Exploits0
cvelist
cvelist
added 2025/12/30 12:37 p.m.29 views

CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...

0.00168EPSS
Exploits0References4
osv
osv
added 2025/12/30 12:37 p.m.9 views

CVE-2022-50888 remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio()

In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5wcssinitmmio q6v5wcssinitmmio will call platformgetresourcebyname that may fail and return NULL. devmioremap will use res-start as input, which may causes null-ptr-deref...

6.4AI score0.00168EPSS
Exploits0References7
Rows per page
Query Builder