Lucene search
K

3312 matches found

CVE
CVE
added 6 hours ago13 views

CVE-2026-9545

CVE-2026-9545 describes an information-disclosure in curl/libcurl when using HTTP/3 early data with a cached SSL session. In the scenario, a site is initially served by a legitimate HTTP/3 server, but on a second transfer to the same hostname the connection is constructed to a counterfeit host (i...

5.9AI score
Exploits0References3
Nuclei
Nuclei
added 9 hours ago17 views

WordPress Varnish/Nginx Proxy Caching <= 1.8.3 - Information Exposure

Razvan Stanga Varnish/Nginx Proxy Caching = 1.8.3 contains an insertion of sensitive information into sent data vulnerability caused by improper handling of embedded sensitive data, letting attackers retrieve sensitive information, exploit requires crafted requests. id: CVE-2025-62126 info: name:...

5.3CVSS5.9AI score0.00659EPSS
Exploits0References3
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-39027

Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header...

9.6CVSS5.8AI score0.00244EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago5 views

EUVD-2026-40297

Rancher has over-inclusive team membership expansion in GitHub App authentication provider...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References6
NVD
NVD
added 3 days ago7 views

CVE-2026-41053

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
CVE
CVE
added 3 days ago28 views

CVE-2026-41053

CVE-2026-41053 affects Rancher’s GitHub authentication provider, specifically the team membership expansion, where an incorrect authentication caching flaw could grant principal access to any logged-in user. Affected versions are 2.13 prior to 2.13.6 and 2.14 prior to 2.14.2. Root cause: faulty c...

8.8CVSS5.8AI score0.0037EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 3 days ago32 views

CVE-2026-41053 Over-inclusive team membership expansion in GitHub App authentication provider for Rancher

Incorrect authentication caching in the team member ship expansion of the Rancher Github authentication provider caused it granting principal access to any logged in user, in 2.13 before 2.13.6 and 2.14 before 2.14.2...

8.8CVSS0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 3 days ago9 views

PT-2026-53850

Name of the Vulnerable Software and Affected Versions Rancher versions 2.13.0 through 2.13.5 Rancher versions 2.14.0 through 2.14.1 Description Incorrect authentication caching in the GitHub authentication provider occurs during team membership expansion, causing cached principals to be reused...

8.8CVSS5.7AI score0.0037EPSS
Exploits0References6
OSV
OSV
added 4 days ago6 views

PYSEC-2026-555 toui allows user-specific variables to be shared between users

Impact Websites that use Website.uservars property in versions. Patches It affects versions v2.0.1 to v2.4.0. Please upgrade to v2.4.1 Workarounds Do not use Website.uservars in websites when using versions v2.0.1 to v2.4.0. Also, do not use Website.signinuser in version v2.4.0 only. Explanation...

9.1CVSS7.1AI score0.00651EPSS
Exploits0References6
Fedora
Fedora
added 6 days ago4 views

[SECURITY] Fedora 43 Update: docker-buildkit-0.31.0-1.fc43

Concurrent, cache-efficient, and Dockerfile-agnostic builder toolkit...

8.8CVSS6.3AI score0.004EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/25 11:12 p.m.8 views

CVE-2026-53006

A flaw was found in the Linux kernel's IPv6 Internet Protocol version 6 implementation. This vulnerability, a Use-After-Free UAF error, occurs due to incorrect caching of network packet addresses before a memory operation. An attacker could potentially exploit this flaw to cause memory corruption...

9.8CVSS6AI score0.00377EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oop...

6AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 7:17 p.m.9 views

CVE-2026-53943

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 6:32 p.m.5 views

EUVD-2026-38907

In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate group add input before caching BUG OCFS2IOCGROUPADD can trigger a BUGON in ocfs2setnewbufferuptodate: kernel BUG at fs/ocfs2/uptodate.c:509! Oops: invalid opcode: 0000 1 SMP KASAN NOPTI RIP:...

6AI score0.00176EPSS
Exploits0References9
CVE
CVE
added 2026/06/24 6:13 p.m.29 views

CVE-2026-53943

The CVE-2026-53943 entry describes a Ghost CMS vulnerability where, on sites behind a shared caching layer, an unauthenticated user can send an x-ghost-preview header that poisons cached responses, altering rendered frontend output. In affected configurations, this cached, request-specific previe...

9.6CVSS5.9AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 6:13 p.m.27 views

CVE-2026-53943 Ghost: Cache-poisoning XSS in Ghost frontend via x-ghost-preview header

Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being shared between different visitors, an unauthenticated user could send an x-ghost-preview header that altered the rendered frontend response. In affecte...

9.6CVSS0.00244EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 4:30 p.m.6 views

EUVD-2026-38982

In the Linux kernel, the following vulnerability has been resolved: perf/amd/ibs: Avoid calling perfallowkernel from the IBS NMI handler Calling perfallowkernel from the NMI context is unsafe and could be fatal. Capture the permission at event-initialization time by storing it in event-hw.flags,...

5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:30 p.m.6 views

CVE-2026-53114

CVE-2026-53114 affects the Linux kernel perf/amd/ibs component. The flaw arises from calling perf_allow_kernel() within the IBS NMI handler, which is unsafe and could be fatal. The fix caches the permission at event initialization by storing it in event-&gt;hw.flags and makes the NMI handler rely...

5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52982

The CVE-2026-52982 issue affects the Linux kernel driver rtl8150 for Realtek RTL8150 USB Ethernet devices. A use-after-free (UAF) can occur in rtl8150_start_xmit() when reading skb-&gt;len for tx_bytes statistics after usb_submit_urb() is issued, because the skb may be freed in the USB completion...

9.8CVSS5.7AI score0.00543EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.29 views

CVE-2026-52982 net: usb: rtl8150: fix use-after-free in rtl8150_start_xmit()

In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix use-after-free in rtl8150startxmit syzbot reported a KASAN slab-use-after-free read in rtl8150startxmit when accessing skb-len for tx statistics after usbsubmiturb has been called: BUG: KASAN:...

9.8CVSS0.00543EPSS
Exploits0References8
Rows per page
Query Builder