Lucene search
K

1858 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : libcap vulnerability (USN-8193-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8193-1 advisory. Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could possibly use this issue to inject or strip...

7CVSS6AI score0.00188EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34490

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
OSV
OSV
added 2026/04/21 3:45 p.m.7 views

USN-8193-1 libcap2 vulnerability

Ali Raza discovered that libcap incorrectly handled file capability updates. A local attacker could possibly use this issue to inject or strip capabilities into arbitrary executables and escalate privileges...

7CVSS5.9AI score0.00188EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1050a Security Update: kernel (UTSA-2026-007055)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007055 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be...

5.5CVSS5.4AI score0.00154EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.4 views

Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011187)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011187 advisory. In the Linux kernel, the following vulnerability has been resolved: media: cx231xx: set devicecaps for 417 The videodevice for the MPEG encoder did not set devicecap...

5.5CVSS6.3AI score0.00176EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/16 12:31 p.m.5 views

EUVD-2024-55545

The authentication endpoint fails to adequately validate user-supplied input before reflecting it back in the response. This allows an attacker to inject malicious script payloads into the input parameters, which are then executed by the victim's browser. Successful exploitation can enable an...

6.1CVSS5.8AI score0.0024EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/15 11:25 p.m.3 views

CVE-2026-4880 Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication

The Barcode Scanner +Mobile App – Inventory manager, Order fulfillment system, POS Point of Sale plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication in all versions up to, and including, 1.11.0. This is due to the plugin trusting a user-supplied...

9.8CVSS5.8AI score0.00503EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/15 9:30 p.m.4 views

EUVD-2026-23007

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

8.4CVSS5.8AI score0.00269EPSS
Exploits0References2
CVE
CVE
added 2026/04/15 3:17 p.m.19 views

CVE-2026-20205

Summary: CVE-2026-20205 affects Splunk MCP Server app versions below 1.0.3. A user with access to the Splunk _internal index** or with the high-privilege capability mcp_tool_admin can view users’ sessions and authorization tokens in clear text. The vulnerability requires either local access to lo...

7.2CVSS5.8AI score0.00278EPSS
Exploits0References1
Fedora
Fedora
added 2026/04/13 1:11 a.m.6 views

[SECURITY] Fedora 43 Update: libcap-2.76-4.fc43

libcap is a library for getting and setting POSIX.1e formerly POSIX 6 draft 15 capabilities...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/04/12 5:54 a.m.8 views

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

Unknown threat actors compromised CPUID "cpuid.com", a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT. The incident...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/12 12:0 a.m.9 views

Beyond Static Sandboxing: Learned Capability Governance for Autonomous AI Agents

Autonomous AI agents built on open-source runtimes such as OpenClaw expose every available tool to every session by default, regardless of the task. A summarization task receives the same shell execution, subagent spawning, and credential access capabilities as a code deployment task, a 15x...

6AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/10 12:0 a.m.3 views

Personal AI Infrastructure 4.0.3

PAI is a Personalized AI Platform designed to magnify your capabilities. It's designed for humans most of all, but can be used by teams, companies, or Federations of Planets desiring to be better versions of themselves. The goal of the project is to get people working with AI and lower the bar...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/10 12:0 a.m.8 views

openSUSE 16 Security Update : mapserver (openSUSE-SU-2026:20476-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20476-1 advisory. Changes in mapserver: - Update to release 8.6.1 msSLDParseRasterSymbolizer: fix potential heap buffer overflow boo1260869 CVE-2026-33721 GetFeatureInfo...

7.5CVSS6AI score0.00865EPSS
Exploits1References3
OSV
OSV
added 2026/04/09 4:16 p.m.3 views

ALPINE-CVE-2026-4878

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.7AI score0.00188EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/09 2:49 p.m.3 views

EUVD-2026-20910

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

6.7CVSS5.8AI score0.00188EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/09 2:49 p.m.69 views

CVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

6.7CVSS0.00188EPSS
Exploits1References33
AlpineLinux
AlpineLinux
added 2026/04/09 2:49 p.m.2 views

CVE-2026-4878

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.7AI score0.00188EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.21 views

CVE-2026-30080

OpenAirInterface v2.2.0 accepts Security Mode Complete without any integrity protection. Configuration has supported integrity NIA1 and NIA2. But if an UE sends initial registration request with only security capability IA0, OpenAirInterface accepts and proceeds. This downgrade security context c...

0.00252EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006762 advisory. In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be...

5.5CVSS5.6AI score0.00154EPSS
Exploits0References4
Rows per page
Query Builder