Lucene search
K

712 matches found

NVD
NVD
added 2026/07/03 7:16 a.m.7 views

CVE-2026-9079

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS0.01064EPSS
Exploits1References3
OSV
OSV
added 2026/07/03 6:16 a.m.3 views

CVE-2026-9079 stale proxy password leak

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

9.8CVSS6.1AI score0.01064EPSS
Exploits1References5
EUVD
EUVD
added 2026/07/03 6:16 a.m.9 views

EUVD-2026-41510

libcurl had a flaw that when instructed to clear proxy authentication credentials which made it not do so, leaving the old credentials around to get used for subsequent transfers that should not know nor use them...

6AI score0.01064EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/25 11:6 p.m.38 views

CVE-2026-43920 FOSSBilling: Unauthenticated update patcher endpoint allows remote maintenance execution

FOSSBilling is a free, open-source billing and client management system. In versions 0.5.4 through 0.7.2, the /run-patcher maintenance endpoint in FOSSBilling was accessible without authentication, which allowed unauthenticated remote users to trigger update patch routines that modify configurati...

6.9CVSS0.00545EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.7 views

CVE-2026-53153

In the Linux kernel, the following vulnerability has been resolved: mm/listlru: drain before clearing xarray entry on reparent memcgreparentlistlrus clears the dying memcg's xarray entry with xasstore&xas, NULL before reparenting its per-node lists into the parent. This opens a window where a...

7.8CVSS5.7AI score0.00106EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: fs/ntfs3: Allocate memory before using it. KMSAN reports: Multiple uninitialized values were detected: - KMSAN: uninit-value in ntfsreadhdr 3 - KMSAN: uninit-value in bcmp 3 Memory is allocated by getname, which is a wrapper f...

5.5CVSS5.8AI score0.00168EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-9546

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.8AI score0.00652EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.6 views

SASL double-free

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

9.8CVSS5.8AI score0.0108EPSS
Exploits1References1Affected Software2
curl security advisories
curl security advisories
added 2026/06/24 8:0 a.m.6 views

sending old referer

A vulnerability in libcurl caused the HTTP Referer: header to persist even when explicitly cleared. While the documentation states that passing NULL to CURLOPTREFERER suppresses the header, the option failed to clear the internal state. As a result, the previous referrer string was erroneously...

7.5CVSS5.9AI score0.00652EPSS
Exploits1References1Affected Software2
SUSE CVE
SUSE CVE
added 2026/06/10 2:25 a.m.10 views

SUSE CVE-2026-46315

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

5.5CVSS5.5AI score0.00114EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/09 7:38 a.m.47 views

CVE-2026-46315 io_uring/waitid: clear waitid info before copying it to userspace

In the Linux kernel, the following vulnerability has been resolved: iouring/waitid: clear waitid info before copying it to userspace IORINGOPWAITID stores its result fields in struct iowaitid::info and later copies them to userspace siginfo. The prep path initializes the request arguments, but it...

0.00114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47792

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the 9p filesystem implementation, the v9fs apply options function incorrectly applies parsed mount flags using a bitwise OR operation instead of replacing existing flags. For 9P2000.L...

9.8CVSS5.3AI score0.00525EPSS
Exploits0References330
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.41 views

CVE-2026-46279 mm/alloc_tag: clear codetag for pages allocated before page_ext initialization

In the Linux kernel, the following vulnerability has been resolved: mm/alloctag: clear codetag for pages allocated before pageext initialization Due to initialization ordering, pageext is allocated and initialized relatively late during boot. Some pages have already been allocated and freed befor...

0.00127EPSS
Exploits0References3
CVE
CVE
added 2026/06/05 11:28 p.m.31 views

CVE-2026-8976

The CVE-2026-8976 entry concerns the WordPress plugin RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator . It states a vulnerability in all versions up to and including 5.1.7: an authorization bypass where the plugin does not properly verify a user’s perm...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References22
Vulnrichment
Vulnrichment
added 2026/06/05 11:28 p.m.12 views

CVE-2026-8976 RSS Aggregator by Feedzy <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure via Multiple AJAX Sub-Actions

The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7. This is due to the plugin not properly verifying that a user is authorized to perform an action...

4.3CVSS5.6AI score0.0029EPSS
Exploits0References22
Patchstack
Patchstack
added 2026/06/05 10:46 a.m.12 views

WordPress RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin <= 5.1.7 - Missing Authorization to Authenticated (Contributor+) Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability

Missing Authorization to Authenticated Contributor+ Import Job Creation, Execution, Purge, Log Clearing, and Information Disclosure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Feedzy versions = 5.1.7...

4.3CVSS5.5AI score0.0029EPSS
Exploits0References1Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/29 8:3 a.m.8 views

drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

...

7.1CVSS5.4AI score0.00119EPSS
Exploits0
OSV
OSV
added 2026/05/28 9:40 a.m.5 views

CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/05/28 9:40 a.m.18 views

CVE-2026-46229

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.5CVSS5.7AI score0.00119EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.13 views

PT-2026-44314

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.11-1.1 Description An out-of-bounds font access occurs in the fbcon rotate font function when console rotation fails. The system retains the ol...

9.1CVSS6.2AI score0.00514EPSS
Exploits9References294
Rows per page
Query Builder