Lucene search
K

1856 matches found

Wiz blog
Wiz blog
added 2026/05/07 1:0 p.m.17 views

Build Fast, Build Secure: Wiz findings are now in Lovable

With Wiz in Lovable, every builder can catch and fix risks in real time, keeping apps secure as they’re created...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/07 1:53 a.m.8 views

Improperly Implemented Security Check for Standard

Overview Affected versions of this package are vulnerable to Improperly Implemented Security Check for Standard in the handlePathSwitchRequestMain function. An attacker can cause persistent service disruption and corrupt internal security context by sending a crafted PathSwitchRequest message fro...

7.1CVSS5.9AI score0.00266EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/07 1:53 a.m.10 views

Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest

Summary The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, whic...

7.1CVSS5.9AI score0.00266EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/05/07 1:53 a.m.15 views

GHSA-77X9-RF64-92GV Free5GC AMF Bypasses UE Security Capabilities on NGAP PathSwitchRequest

Summary The AMF in Free5GC v4.2.1 does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored values, as mandated by 3GPP TS 33.501 §6.7.3.1. A malicious gNB can overwrite the AMF's stored UE security capabilities with arbitrary values, whic...

6.1CVSS5.9AI score0.00266EPSS
Exploits1References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2026/05/06 12:0 a.m.4 views

Supporting the National Cyber Strategy: How TrendAI™ Helps

A deeper look at the first three pillars and outlining how our capabilities directly support government agencies working to bring this strategy to life...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 4 : OpenShift Container Platform 4.10.12 (RHSA-2022:1600)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1600 advisory. - cri-o: Default inheritable capabilities for linux container should be empty CVE-2022-27652 - credentials: Stored XSS vulnerabiliti...

5.4CVSS5.8AI score0.7855EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37269

Name of the Vulnerable Software and Affected Versions Kubewarden versions prior to 1.35.0 Description An attacker with permissions to create AdmissionPolicy or AdmissionPolicyGroup can craft a policy using the can i host callback to enumerate RBAC permissions of any user or service account across...

4.3CVSS5.8AI score0.00171EPSS
Exploits0References11
AlmaLinux
AlmaLinux
added 2026/05/04 12:0 a.m.12 views

Important: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7CVSS5.8AI score0.00188EPSS
Exploits1References4
OSV
OSV
added 2026/05/03 12:6 p.m.8 views

RLSA-2026:12423 Important: libcap security update

Libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities. Security Fixes: libcap: libcap: Privilege escalation via TOCTOU race condition in capsetfile CVE-2026-4878 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

6.7CVSS5.8AI score0.00188EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/05/01 8:31 p.m.81 views

ExploitMind-Linux-Privesc-Toolkit

ExploitMind Linux PrivEsc Toolkit Script de...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/01 1:56 p.m.35 views

CVE-2026-31710 smb: client: fix dir separator in SMB1 UNIX mounts

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifsmountgettcon with SMB1 UNIX mounts, @cifssb-mntcifsflags needs to be read or updated only after calling resetcifsunixcaps, otherwise it might end up with missing...

0.001EPSS
Exploits0References2
Microsoft Secure
Microsoft Secure
added 2026/04/30 4:0 p.m.6 views

What’s new, updated, or recently released in Microsoft Security

New capabilities in Microsoft Agent 365; new Microsoft Defender and GitHub integration At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the ...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/04/23 1:26 a.m.6 views

SUSE CVE-2026-31460

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointer is valid before accessing it. cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6...

5.7AI score0.00107EPSS
Exploits0References3
Fedora
Fedora
added 2026/04/23 12:57 a.m.8 views

[SECURITY] Fedora 42 Update: libcap-2.73-3.fc42

libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities...

5.3AI score
Exploits0
EUVD
EUVD
added 2026/04/22 6:31 p.m.8 views

EUVD-2026-24990

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.10 views

uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.3AI score0.00091EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.5 views

GHSA-X4MC-MQM7-GG39 uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/04/22 5:57 p.m.6 views

CVE-2026-31460

A flaw was found in the drm/amd/display component of the Linux kernel. This vulnerability occurs because the system attempts to access extended backlight capabilities without first verifying if the pointer to these capabilities is valid, specifically when dealing with LVDS connectors. An attacker...

5.5CVSS5.7AI score0.00107EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.29 views

CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS0.00091EPSS
Exploits1References1
NVD
NVD
added 2026/04/22 2:16 p.m.5 views

CVE-2026-31460

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointer is valid before accessing it. cherry picked from commit 3f797396d7f4eb9bb6eded184bbc6f033628a6f6...

5.5CVSS0.00107EPSS
Exploits0References2
Rows per page
Query Builder