Lucene search
K

94 matches found

EUVD
EUVD
added 2026/07/02 7:39 p.m.8 views

EUVD-2026-41423

JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...

7.7CVSS5.9AI score0.00266EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55293

Name of the Vulnerable Software and Affected Versions JuiceFS versions prior to 1.3.2 Description An authentication bypass exists due to improper handler registration on the shared http.DefaultServeMux. This allows unauthenticated remote attackers to access sensitive debug and metrics endpoints...

7.7CVSS6AI score0.00266EPSS
Exploits0References7
NVD
NVD
added 2026/06/26 9:16 p.m.10 views

CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS0.00258EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/06/26 8:22 p.m.7 views

CVE-2026-48770

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS5.8AI score0.00258EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2026/06/26 8:22 p.m.96 views

CVE-2026-48770

Notepad++ prior to version 8.9.6.1 is affected by multiple issues arising from insecure handling of inter-process communication data. Specifically, a local attacker can trigger a denial of service (CVE-2026-48770) by sending a malformed WM_COPYDATA message where COPYDATA_FULL_CMDLINE is processed...

5CVSS5.8AI score0.00258EPSS
Exploits2References2Affected Software1
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.15 views

vim: command injection when decompressing .tgz archives

A flaw was found in Vim. When decompressing .tgz archives, the Vimuntar function builds shell commands using shellescape without the special flag. This allows a specially crafted archive filename to trigger Vim cmdline-special expansion and execute arbitrary commands in the context of the current...

7CVSS6.1AI score0.00552EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.9 views

CVE-2026-41492

Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is commonly supplied via the --security "token=..." startup flag, an unauthenticated attacker can...

9.8CVSS5.5AI score0.02187EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.13 views

CVE-2026-40173

Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...

9.4CVSS5.4AI score0.00509EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Vim

A heap-based buffer overflow vulnerability exists in the cmdlineerasechars function in the GitHub repository for Vim/Vim, prior to version 8.2.4899. These vulnerabilities could cause software to crash, modify memory, and potentially allow for remote execution...

7.8CVSS7.2AI score0.02481EPSS
Exploits1References2
OSV
OSV
added 2026/04/30 9:42 a.m.10 views

CLSA-2026-1777542146 vim: Fix of 3 CVEs

CVE-2023-1170: at the end of doput ops.c, clamp the cursor column back to the line length and recompute coladd under virtualedit=all so a Visual block put past the new NUL no longer leaves the cursor pointing past end-of-line. - CVE-2023-1175: in opyank ops.c, when the yank starts inside a...

7.3CVSS6.7AI score0.00483EPSS
Exploits3References1
ATTACKERKB
ATTACKERKB
added 2026/04/15 8:40 p.m.3 views

CVE-2026-40173

Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered on the default mux and reachable without authentication, exposing the full process command line...

9.4CVSS5.8AI score0.00509EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/15 12:0 a.m.9 views

PT-2026-33176

Name of the Vulnerable Software and Affected Versions Dgraph versions prior to 25.3.2 Description An unauthenticated credential disclosure exists where the '/debug/pprof/cmdline' endpoint is registered on the default mux and accessible without authentication. This exposes the full process command...

9.4CVSS5.9AI score0.00509EPSS
Exploits1References11
SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.9 views

SUSE CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References16
EUVD
EUVD
added 2026/03/25 12:30 p.m.6 views

EUVD-2026-15363

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.8AI score0.00119EPSS
Exploits0References3
NVD
NVD
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.5CVSS0.00119EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.12 views

CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.2 views

CVE-2026-23374

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.5CVSS5.7AI score0.00119EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/25 10:27 a.m.7 views

CVE-2026-23374 blktrace: fix __this_cpu_read/write in preemptible context

In the Linux kernel, the following vulnerability has been resolved: blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesave, and tracesavecmdline explicitly asserts preemption is disabled via...

5.5CVSS5.8AI score0.00119EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-23374

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blktrace: fix thiscpuread/write in preemptible context tracingrecordcmdline internally uses thiscpuread and thiscpuwrite on the per-CPU variable tracecmdlinesav...

5.5CVSS6.1AI score0.00119EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.2 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of “acpiid” if the “str” argument is at its maximum length...

7.8CVSS6.5AI score0.0037EPSS
Exploits1References3
Rows per page
Query Builder