Lucene search
K

689 matches found

Debian CVE
Debian CVE
added yesterday2 views

CVE-2026-53332

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

5.7AI score
Exploits0
EUVD
EUVD
added last week10 views

EUVD-2026-31393

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added last week7 views

golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00273EPSS
Exploits0References11Affected Software1
OSV
OSV
added last week2 views

GHSA-78MQ-XCR3-XM33 golang.org/x/crypto/ssh is vulnerable to invoking server panic during CheckHostKey/Authenticate flow

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 5:33 a.m.6 views

EUVD-2026-38674

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 4:17 p.m.11 views

CVE-2026-56694

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...

5.4CVSS0.00171EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 3:35 p.m.8 views

EUVD-2026-38466

NanoClaw before 2.1.0 contains a privilege escalation vulnerability in the channel-registration approval flow where handleChannelApprovalResponse fails to validate admin privileges over target agent groups. Scoped admins can submit forged or stale connect callback values to wire messaging channel...

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 3:35 p.m.10 views

CVE-2026-56694

NanoClaw

5.4CVSS5.9AI score0.00171EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 6:0 a.m.13 views

CVE-2026-7842

The CVE concerns the Infility Global WordPress plugin for WordPress (before 2.15.20). In admin callbacks import_list(), url_detail(), and file_detail(), the plugin does not sanitize or validate the orderby and order parameters before using them in SQL queries, enabling time-based blind SQL inject...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:0 a.m.8 views

EUVD-2026-38416

The Infility Global Infility Global WordPress plugin before 2.15.20 for WordPress does not sanitize or validate the orderby and order parameters in the importlist, urldetail, and filedetail admin page callbacks before using them in SQL queries, allowing authenticated attackers with Editor-level...

6.8CVSS5.9AI score0.00231EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 2:17 p.m.9 views

CVE-2026-6673

Mattermost versions 11.7.x = 11.7.0, 11.6.x = 11.6.2, 11.5.x = 11.5.5, 10.11.x = 10.11.17 fail to authenticate Atlassian Connect installed callbacks, allowing a remote unauthenticated attacker to inject a rogue sharedSecret and disrupt the Jira integration via POST to /ac/installed during the...

6.4CVSS0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/06/20 3:24 p.m.23 views

CVE-2026-56330

Capgo prior to 12.128.2 has an open redirect in the stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, successUrl, and cancelUrl parameters. Authenticated attackers can craft malicious billing URLs to redirect users to attacker-controlled domains for phishing and cre...

4.8CVSS5.9AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:36 p.m.5 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parse function. An attacker can cause memory corruption by mutating the input JSON string during parsing callbacks, which leads to the parser accessing freed memory. Remediation Upgrade oj to version 3.17.3 or...

9.1CVSS5.8AI score0.00117EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

When creating a callback via IPC to display the Color Picker window, multiple identical callbacks might be created at once. Eventually, all of them would be destroyed as soon as one of the callbacks is completed. This could lead to a use-after-free condition, resulting in a potentially exploitabl...

6.5CVSS6.6AI score0.00571EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: BPF, sockmap: Do not allow sockmapclose,destroy,unhash to call itself. Proto callback functions in sockmap should never call themselves by design. Protect against bugs like 1 and break out of the recursive loop to avoid a stac...

9.1CVSS6.2AI score0.01219EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Qemu

In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, which can lead to a NULL pointer dereferencing...

2.3CVSS6.3AI score0.00425EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Internal browser event interfaces were exposed to web content when privileged EventHandler listener callbacks were executed for those events. Web content that attempted to use those interfaces would not be able to do so with elevated privileges. However, the presence of these interfaces indicated...

8.8CVSS7.2AI score0.00561EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Block layer: The feature of freezing the request queue from within sysfs store callbacks has been removed. Freezing the request queue may cause a deadlock when combined with the dm-multipath driver and the queueifnopath option...

5.5CVSS5.4AI score0.00083EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf: Fixed reference state management for synchronous callbacks Currently, the verifier verifies callback functions both synchronous and asynchronous as if they would be executed only once. The next instruction to be explored ...

6AI score0.00181EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: shaper: Protection is added for late read accesses to the hierarchy. We retrieve a netdev during the preparation of Netlink operations pre-callbacks, and then we acquire a reference to it. Later, within the body of the...

7.8CVSS4.5AI score0.00127EPSS
Exploits0References1
Rows per page
Query Builder