Lucene search
K

690 matches found

GithubExploit
GithubExploit
added 2026/05/24 5:24 a.m.86 views

OSWE-Notes

OSWE Exploit Helpers Helper modules for writing OSWE exploit...

5.8AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/23 1:29 a.m.27 views

SUSE CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS5.8AI score0.00369EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/23 1:27 a.m.19 views

SUSE CVE-2026-46595

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

8.1CVSS5.8AI score0.0044EPSS
Exploits0References24
NVD
NVD
added 2026/05/22 4:16 a.m.16 views

CVE-2026-39835

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

7.5CVSS0.00369EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2026/05/22 2:31 a.m.8 views

CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key, then the source-address validation would be skipped...

5.8AI score0.0044EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 2:31 a.m.60 views

CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh

SSH servers which use CertChecker as a public key callback without setting IsUserAuthority or IsHostAuthority could be caused to panic by a client presenting a certificate. CertChecker now returns an error instead of panicking when these callbacks are nil...

0.00369EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.16 views

Sunshine 信任管理问题漏洞

Sunshine is an Open Source Moonlight-based autonomous gaming streaming host developed by LizardByte. Earlier versions of Sunshine, such as 2026.516.143833, had vulnerabilities related to trust management. These vulnerabilities stemmed from improper handling of OpenSSL verification results. Custom...

9.8CVSS5.8AI score0.00291EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/22 12:0 a.m.20 views

PT-2026-42714

Name of the Vulnerable Software and Affected Versions SSH servers affected versions not specified Description SSH servers using CertChecker as a public key callback may experience a panic when a client presents a certificate if IsUserAuthority or IsHostAuthority are not set. A panic is a critical...

7.5CVSS5.8AI score0.00369EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Platform/x86: dell-wmi-sysman: Fixed the retrieval of WMI data blocks in sysfs callbacks. After retrieving WMI data blocks through sysfs callbacks, it is necessary to check the validity of these data blocks before dereferencing...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021598)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021598 advisory. In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ar...

7.8CVSS5.8AI score0.00248EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/16 1:56 a.m.10 views

CVE-2025-64526

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS6AI score0.00492EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.11 views

SUSE CVE-2026-43324

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/11 7:40 p.m.17 views

Arbitrary Code Injection

Overview @nyariv/sandboxjs is a Javascript sandboxing library. Affected versions of this package are vulnerable to Arbitrary Code Injection via createFunction in executorUtils.ts. An attacker can escape the sandbox and execute arbitrary code in the host environment by leveraging access to interna...

10CVSS6.2AI score0.00472EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/11 4:46 p.m.9 views

CVE-2026-44993

OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been...

5.4CVSS5.8AI score0.00265EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.15 views

PT-2026-39682

OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enforcement by triggering card-action flows in direct message conversations that should have been...

5.4CVSS5.8AI score0.00265EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 10:46 p.m.6 views

GHSA-WQFH-GQ79-J8MF free5GC's NEF nnef-callback route group is unauthenticated; forged callback requests are accepted into the processing path

Summary free5GC's NEF mounts the nnef-callback route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token e.g. Authorization: Bearer not-a-real-token is enough to reach the SMF-callback handler -- the callback body is parsed and dispatched into NEF business...

7.3CVSS5.9AI score0.00241EPSS
Exploits1References5
EUVD
EUVD
added 2026/05/08 3:31 p.m.12 views

EUVD-2026-28608

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9...

5.7AI score0.0013EPSS
Exploits0References8
NVD
NVD
added 2026/05/08 2:16 p.m.11 views

CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...

5.5CVSS0.00123EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.10 views

CVE-2026-43324

In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error has a somewhat involved history. The synchronization mechanism was introduced by commit 7dbd8f4cabd9...

7.8CVSS5.7AI score0.0013EPSS
Exploits0References9
OSV
OSV
added 2026/05/08 2:16 p.m.12 views

UBUNTU-CVE-2026-43333

In the Linux kernel, the following vulnerability has been resolved: bpf: reject direct access to nullable PTRTOBUF pointers checkmemaccess matches PTRTOBUF via basetype which strips PTRMAYBENULL, allowing direct dereference without a null check. Map iterator ctx-key and ctx-value are PTRTOBUF |...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References10
Rows per page
Query Builder