Lucene search
K

706 matches found

Cvelist
Cvelist
added last week35 views

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS0.00545EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.4 views

CVE-2026-53153

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

7.8CVSS5.7AI score0.00102EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Allocate memory before using it. KMSAN reports: Multiple uninitialized values were detected: - KMSAN: uninitvalue in ntfsreadhdr 3 - KMSAN: uninitvalue in bcmp 3 Memory is allocated by getname, which is a wrapper for...

5.5CVSS5.7AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 2:0 p.m.2 views

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

5.8AI score
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.15 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fixed NULL pointer access and potential loss of PEBS records When the intelpmudrainpebsicl function is called to drain PEBS records, the perfeventoverflow function might be called to process the last PEBS record. The...

5.7AI score0.00162EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: fsnotify: Clearing PARENTWATCHED flags lazily In some setups, directories can have many usually negative entries. Therefore, the fsnotifyupdatechilddentryflags function can take a significant amount of time. Since most of this...

4.7CVSS6.1AI score0.00159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix for the condition effect bit clearing issue As reported by MPDarkGuy on Discord, NULL pointer dereferences occurred because not all conditional effect bits were cleared. Properly clear all conditional effect bits...

5.5CVSS5.2AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: x86: fixed the exception handling annotation in clearuserrepgood This code no longer exists in the mainline, as it was removed in the commit d2c95f9d6802 “x86: do not use REPGOOD or ERMS for user memory clearing” from the upstrea...

5.5CVSS5.6AI score0.00142EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: nbd: The issue of task hanging when the signal interrupt nbdstartdeviceioctl occurs has been fixed. The following program is a simplified version of the reproducer function: c int mainvoid int sv2, fd; if socketpairAFUNIX,...

5.5CVSS5.7AI score0.00147EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.8 views

SUSE CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

5.5CVSS5.5AI score0.00156EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 7:38 a.m.39 views

CVE-2026-46315 io_uring/waitid: clear waitid info before copying it to userspace

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47792

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the 9p filesystem implementation, the v9fs apply options function incorrectly applies parsed mount flags using a bitwise OR operation instead of replacing existing flags. For 9P2000.L...

9.1CVSS5.3AI score0.00457EPSS
Exploits1References61
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.35 views

CVE-2026-46279 mm/alloc_tag: clear codetag for pages allocated before page_ext initialization

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.9 views

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References22
CVE
CVE
added 2026/06/05 11:28 p.m.26 views

CVE-2026-8976

The CVE-2026-8976 entry concerns the WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator . It states a vulnerability in all versions up to and including 5.1.7: an authorization bypass where the plugin does not properly verify a user’s perm...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References22
Patchstack
Patchstack
added 2026/06/05 10:46 a.m.10 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Feedzy versions = 5.1.7...

4.3CVSS5.5AI score0.0029EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:3 a.m.6 views

drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

...

7.1CVSS5.4AI score0.00119EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/05/28 9:40 a.m.11 views

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.5CVSS5.7AI score0.00119EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.12 views

PT-2026-44314

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds font access occurs in the fbcon rotate font function when console rotation fails. The system retains the ol...

9.1CVSS6.2AI score0.00514EPSS
Exploits8References294
SUSE CVE
SUSE CVE
added 2026/05/13 3:34 a.m.8 views

SUSE CVE-2026-43388

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3
Rows per page
Query Builder