Lucene search
+L

3354 matches found

cvelist
cvelist
added 2026/05/28 6:27 p.m.40 views

CVE-2026-47330 Use of uninitialized value in Ubuntu Linux AppArmor notification handling

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

3.3CVSS0.00092EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/28 6:27 p.m.14 views

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/05/28 6:27 p.m.46 views

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches that can use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses. Affected component: AppArmor/notif...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References1Affected Software1
osv
osv
added 2026/05/28 6:27 p.m.8 views

GHSA-W76H-Q7C6-JPJP compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

6.7CVSS6AI score0.00012EPSS
Exploits0References4
github
github
added 2026/05/28 6:27 p.m.17 views

compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem

A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. Finding 1 Critical: SSRF CWE-918 The HTTPSFetcher.dofetch method passes a user-supplied URL directly to requests.get without validation. This allows an attacker to...

6AI score0.00012EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/05/28 4:16 p.m.9 views

PYSEC-2026-192

Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in FileSystemLoader and CachingFileSystemLoader do not guard against reading files outside their search paths when given an absolute path to resolve. This allows malicious template authors to load and...

7.5CVSS5.9AI score0.00335EPSS
Exploits0References1
osv
osv
added 2026/05/28 9:41 a.m.4 views

CVE-2026-46238 batman-adv: stop caching unowned originator pointers in BAT IV

In the Linux kernel, the following vulnerability has been resolved: batman-adv: stop caching unowned originator pointers in BAT IV BAT IV keeps the last-hop neighbor address in each neighnode, but some paths also cache an originator pointer derived from a temporary lookup. That pointer is not own...

8.8CVSS5.8AI score0.00262EPSS
Exploits0References11
susecve
susecve
added 2026/05/28 3:56 a.m.13 views

SUSE CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References9
redhatcve
redhatcve
added 2026/05/28 1:53 a.m.17 views

CVE-2026-45912

A flaw was found in the Linux kernel's ext4 filesystem. During certain file operations, specifically when splitting data extents, an issue with caching can lead to incorrect tracking of disk space. This can result in errors in space accounting, potentially impacting data integrity and the overall...

7CVSS5.8AI score0.00123EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.12 views

PT-2026-44479

Name of the Vulnerable Software and Affected Versions Ubuntu Linux version 6.8 Ubuntu Linux version 7.0 Ubuntu Linux version 7.17 Description AppArmor SAUCE patches contain an issue where an uninitialized variable may be used within the notification handling code. This can be triggered by an...

3.3CVSS5.8AI score0.00092EPSS
Exploits0
cnnvd
cnnvd
added 2026/05/28 12:0 a.m.12 views

Python Liquid 路径遍历漏洞

Python Liquid is a Python engine developed by James for processing Liquid templates. Versions of Python Liquid prior to 2.2.0 had a path traversal vulnerability. This vulnerability stemmed from the lack of protection in FileSystemLoader and CachingFileSystemLoader against reading absolute paths,...

8.2CVSS5.8AI score0.00335EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.9 views

PT-2026-53850

Name of the Vulnerable Software and Affected Versions Rancher versions 2.13.0 through 2.13.5 Rancher versions 2.14.0 through 2.14.1 Description Incorrect authentication caching in the GitHub authentication provider occurs during team membership expansion, causing cached principals to be reused...

9CVSS5.7AI score0.0037EPSS
Exploits0References19
ubuntucve
ubuntucve
added 2026/05/28 12:0 a.m.19 views

CVE-2026-47330

Ubuntu Linux 6.8, 7.17 and 7.0 contain AppArmor SAUCE patches which can, under certain circumstances, use an uninitialized variable in notification handling code. The bug can be triggered by an unprivileged local user and can result in the incorrect caching of AppArmor notification responses...

3.3CVSS5.8AI score0.00092EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/28 12:0 a.m.24 views

PT-2026-44731

Name of the Vulnerable Software and Affected Versions Trestle affected versions not specified Description Security issues were discovered in the trestle/core/remote/cache.py module. The HTTPSFetcher. do fetch function passes a user-supplied URL directly to requests.get without validation, enablin...

6.7CVSS6.2AI score0.00012EPSS
Exploits0References9
redhat
redhat
added 2026/05/27 9:42 p.m.15 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References5
redhat
redhat
added 2026/05/27 9:13 p.m.67 views

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

5.3CVSS5.8AI score0.00514EPSS
Exploits0References5
osv
osv
added 2026/05/27 2:17 p.m.14 views

UBUNTU-CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/05/27 12:59 p.m.9 views

CVE-2026-46099

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6inputcore and rplinput call ip6routeinput which sets a NOREF dst on the skb, then pass it to dstcachesetip6 invoking dsthold unconditionally. On PREEMPTRT, ksoftirqd is...

8.1CVSS5.7AI score0.00321EPSS
Exploits0References8Affected Software1
cve
cve
added 2026/05/27 12:17 p.m.35 views

CVE-2026-45912

CVE-2026-45912 – Linux kernel ext4 caching during extent splitting . The issue affects the ext4 file system in the Linux kernel where, during ext4_split_extent_at(), the kernel may cache or mishandle extents while splitting, potentially leaving a hole in the extent status tree and causing space a...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
attackerkb
attackerkb
added 2026/05/27 12:17 p.m.8 views

CVE-2026-45912

In the Linux kernel, the following vulnerability has been resolved: ext4: don't cache extent during splitting extent Caching extents during the splitting process is risky, as it may result in stale extents remaining in the status tree. Moreover, in most cases, the corresponding extent block entri...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder