Lucene search
K

1645 matches found

nvd
nvd
added 2026/06/26 7:16 p.m.8 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

7.2CVSS0.00278EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/26 6:22 p.m.37 views

CVE-2026-13372

Incorrect link resolution by display name in the custom PowerShell VPN editor in Devolutions Remote Desktop Manager 2026.2.5 through 2026.2.11 allows an authenticated attacker with write access to a shared workspace to execute a PowerShell script in another user's context via a display name...

0.00278EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.11 views

PT-2026-52892

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager versions 2026.2.5 through 2026.2.11 Description An issue exists in the custom PowerShell VPN editor where incorrect link resolution by display name allows an authenticated attacker with write access to a shar...

7.2CVSS5.9AI score0.00278EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.13 views

PT-2026-52963

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the mana network driver regarding the naming of debugfs directories. The driver previously used a hardcoded "0" for Physical Functions PFs and the pci slot name functi...

5.5CVSS6AI score0.00115EPSS
Exploits0References16
osv
osv
added 2026/06/25 10:34 p.m.10 views

GO-2026-5483 OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision in github.com/openfga/openfga

OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision in github.com/openfga/openfga...

8.8CVSS5.8AI score0.00211EPSS
Exploits0References2
euvd
euvd
added 2026/06/25 9:29 p.m.7 views

EUVD-2026-38380

MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2
osv
osv
added 2026/06/25 9:29 p.m.5 views

GHSA-Q2H6-GHWM-5QM8 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

Summary InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. Other hash-based collection formatters use the security-aware comparer when...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References3
osv
osv
added 2026/06/25 6:52 p.m.5 views

GHSA-2F33-PR97-265Q MessagePack-CSharp: ASP.NET Core MessagePackInputFormatter defaults to TrustedData for HTTP request bodies

Summary The parameterless MessagePackInputFormatter constructor uses default serializer options, which resolve to MessagePackSerializerOptions.Standard with MessagePackSecurity.TrustedData. The formatter is designed for ASP.NET Core MVC request bodies, which commonly cross an HTTP trust boundary...

6.3CVSS5.6AI score0.00236EPSS
Exploits0References3
osv
osv
added 2026/06/25 11:19 a.m.2 views

SUSE-SU-2026:22385-1 Security update for the Linux Kernel (Live Patch 2 for SUSE Linux Enterprise 16)

This update for the SUSE Linux Enterprise Kernel 6.12.0-160000.7.1 fixes various security issues The following security issues were fixed: - CVE-2026-23278: netfilter: nftables: always walk all pending catchall elements bsc1260907. - CVE-2026-31402: nfsd: fix heap overflow in NFSv4.0 LOCK replay...

9.8CVSS6.7AI score0.0049EPSS
Exploits8References16
nvd
nvd
added 2026/06/25 9:16 a.m.7 views

CVE-2026-53221

In the Linux kernel, the following vulnerability has been resolved: ip6vti: fix incorrect tunnel matching in vti6tnllookup In vti6tnllookup, when an exact match for a tunnel fails, the code falls back to searching for wildcard tunnels: - Tunnels matching the packet's local address, with any remot...

9.8CVSS0.00559EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52316

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ip6 vti module where the vti6 tnl lookup function fails to correctly validate tunnels during fallback searches. When an exact tunnel match fails, the system search...

9.8CVSS6AI score0.00559EPSS
Exploits0References17
nessus
nessus
added 2026/06/23 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-54266

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

8.8CVSS6AI score0.0009EPSS
Exploits0References3
nvd
nvd
added 2026/06/22 10:16 p.m.11 views

CVE-2026-48516

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

7.5CVSS0.00231EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/22 9:9 p.m.4 views

CVE-2026-48516

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/22 9:9 p.m.21 views

CVE-2026-48516

MessagePack for C# (MessagePack-CSharp) prior to versions 2.5.301 and 3.1.7 constructs InterfaceLookupFormatter with a default Dictionary<TKey,IGrouping> comparer instead of the security-aware comparer from options.Security.GetEqualityComparer(). This can enable a hash-collision CPU denial-...

7.5CVSS5.8AI score0.00231EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2026/06/22 9:9 p.m.24 views

CVE-2026-48516 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

6.3CVSS0.00231EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/22 9:9 p.m.6 views

CVE-2026-48516 MessagePack-CSharp: InterfaceLookupFormatter bypasses collision-resistant comparer settings

MessagePack for C is a MessagePack serializer for C. Prior to 2.5.301 and 3.1.7, InterfaceLookupFormatter constructs an internal Dictionary with the default equality comparer instead of the security-aware comparer supplied by options.Security.GetEqualityComparer. This formatter omission allows...

6.3CVSS5.8AI score0.00231EPSS
Exploits0References1
nvd
nvd
added 2026/06/22 6:16 p.m.11 views

CVE-2026-54269

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affected names are fields named hasOwnProperty, field or oneof names...

5.3CVSS0.00238EPSS
Exploits0References1
osv
osv
added 2026/06/22 4:16 p.m.4 views

DEBIAN-CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

6.1CVSS5.9AI score0.0009EPSS
Exploits0References1
nvd
nvd
added 2026/06/22 4:16 p.m.14 views

CVE-2026-54266

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, Angular's HttpTransferCache caches HTTP requests made during Server-Side Rendering SSR so that they can be reused during...

8.8CVSS0.0009EPSS
Exploits0References3
Rows per page
Query Builder