Lucene search
K

104 matches found

NVD
NVD
added last week11 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS0.00111EPSS
Exploits0References3
NVD
NVD
added last week9 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS0.00112EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.31 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS0.00111EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/08 12:0 a.m.38 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

0.00112EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:0 a.m.5 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS6AI score0.00112EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/08 12:0 a.m.5 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS6AI score0.00111EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 12:0 a.m.7 views

CVE-2026-50812

SQLite 3.53.1 and earlier trunk builds of the SQLite Session Extension are affected by a NULL pointer dereference in sqlite3changeset_apply_v3() when applying a malformed changeset, reaching sqlite3_value_type() with a NULL sqlite3_value pointer, leading to denial of service. The issue is tied to...

5.5CVSS6AI score0.00112EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 12:0 a.m.8 views

CVE-2026-50813

CVE-2026-50813 concerns SQLite, with the issue arising before Fossil check-in 869a51ae84df. The vulnerability permits a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path. The available documents do not specify the exact affected versi...

6.1CVSS6AI score0.00111EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 12:0 a.m.2 views

CVE-2026-50812

A NULL pointer dereference in the SQLite Session Extension in SQLite 3.53.1 and SQLite trunk builds before check-in e807d4e3798efd53 allows an attacker who can supply a malformed changeset blob to cause a denial of service. The issue occurs when sqlite3changesetapplyv3 applies a corrupt changeset...

5.5CVSS6.1AI score0.00112EPSS
Exploits0References5
OSV
OSV
added 2026/07/08 12:0 a.m.3 views

CVE-2026-50813

An issue in SQLite before Fossil check-in 869a51ae84df allows a local attacker to obtain sensitive information via the Session Extension changeset concat/changegroup merge path...

6.1CVSS6.1AI score0.00111EPSS
Exploits0References5
OSV
OSV
added 2026/06/23 6:21 p.m.3 views

CVE-2026-55736 Private action arguments can be set by user input in Ash

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.9AI score0.00152EPSS
Exploits0References9
CVE
CVE
added 2026/06/23 6:21 p.m.14 views

CVE-2026-55736

CVE-2026-55736 (Ash project) : A logic flaw in Ash allows end-user input to set private action arguments intended to be server-controlled. In non-atomic paths, private arguments are stripped only when the parameter key is an atom; if the key is a string, the private argument remains controllable ...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/23 6:21 p.m.6 views

CVE-2026-55736

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/23 6:21 p.m.3 views

CVE-2026-55736 Private action arguments can be set by user input in Ash

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS5.9AI score0.00152EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/23 6:21 p.m.41 views

CVE-2026-55736 Private action arguments can be set by user input in Ash

Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are meant t...

5.9CVSS0.00152EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 6:21 p.m.7 views

EEF-CVE-2026-55736 Private action arguments can be set by user input in Ash

Summary Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with public?: false are...

5.9CVSS5.8AI score0.00152EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.14 views

PT-2026-51581

Name of the Vulnerable Software and Affected Versions ash-project ash versions 3.0.0 through 3.29.2 Description An issue exists where users can set the value of a private action argument intended to be controlled exclusively by trusted server-side code. Action arguments declared with public?: fal...

5.9CVSS5.7AI score0.00152EPSS
Exploits0References13
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-46288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point ...

8.4CVSS7.1AI score0.0014EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/09 2:21 a.m.12 views

SUSE CVE-2026-46288

In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in ofunittestchangeset The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct devicenode. The call to ofnodeputnchangeset can...

5.5CVSS5.5AI score0.0014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/08 7:40 p.m.10 views

CVE-2026-46288

A flaw was found in the Linux kernel. This vulnerability, a use-after-free UAF, occurs within the ofunittestchangeset function due to improper handling of device node references. An attacker could exploit this by causing a device node's memory to be freed while it is still in use. This could lead...

8.4CVSS5.4AI score0.0014EPSS
Exploits0References4
Rows per page
Query Builder