Lucene search
K

49 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-41992

GNU gzip contains a global buffer overflow vulnerability in the LZH decompression logic caused by improper reuse of shared global state between different decompression formats within a single execution. GNU gzip maintains a global array that is shared across the LZ77, LZW, and LZH decompression...

7.5CVSS0.00294EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:33 a.m.6 views

CVE-2026-12053

GitLab has remediated an issue in GitLab EE affecting all versions from 19.1 before 19.1.1 that under certain conditions could have allowed a user to access sensitive information that had already been committed to a project, due to insufficient output filtering in Duo Workflows...

8.6CVSS5.8AI score0.00328EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.10 views

PT-2026-52198

Name of the Vulnerable Software and Affected Versions GitLab EE versions 19.1 through 19.1.0 Description Insufficient output filtering in Duo Workflows could allow a user to access sensitive information that had already been committed to a project. Recommendations Update GitLab EE to version 19.1...

8.6CVSS5.8AI score0.00328EPSS
Exploits0References9
OSV
OSV
added 2026/06/23 5:9 p.m.3 views

GHSA-89MR-XQFV-758M Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/23 5:9 p.m.9 views

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: Avoid using partially committed contexts. One major use of damoncall is the update of DAMON parameters online. This is done by calling damoncommitctx within the damoncall callback function. damoncommitctx can fail...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Fuse: Fixed corruption of the io-uring list for terminated, uncommitted requests. When a request terminates before it has been committed, the request is not removed from the queue’s list. This results in a dangling list entry,...

5.4AI score0.00155EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/10 12:0 a.m.7 views

Strategic Commitments Shape Collective Cybersecurity under AI Inequality

The growing integration of AI into cybersecurity is reshaping the balance between attackers and defenders. When access to advanced AI-enabled defence tools is uneven, resource-limited defenders may be unable to adopt effective protection, creating persistent system vulnerabilities. We study the...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/25 12:0 a.m.5 views

CBL Mariner 2.0 Security Update: CBL-Mariner Releases (CVE-2026-33948)

The version of CBL-Mariner Releases installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-33948 advisory. - jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b...

6.3CVSS5.7AI score0.00256EPSS
Exploits1References1
Qualys Blog
Qualys Blog
added 2026/04/15 6:2 p.m.13 views

Qualys VMDR and TotalCloud™ Now Available on Oracle Cloud Marketplace

Key Takeaways Qualys VMDR and TotalCloud are now available on the Oracle Cloud Marketplace, simplifying procurement and deployment for Oracle Cloud Infrastructure OCI customers. Organizations can deploy security faster with native OCI integration and one-click provisioning. The combined platform...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/30 5:51 p.m.3 views

EUVD-2026-16734

AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance...

5.3CVSS5.9AI score0.00228EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/26 9:44 p.m.5 views

EUVD-2026-8893

Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is...

7.1CVSS5.4AI score0.00275EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/24 12:53 a.m.3 views

kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling

A flaw was found in the Linux kernel's iouring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSGWAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket...

7.8CVSS5.9AI score0.00151EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/09 9:51 a.m.10 views

kernel: Linux kernel: Data corruption and system instability due to improper io_uring/net buffer handling

A flaw was found in the Linux kernel's iouring/net component. This vulnerability arises when ring provided buffers are partially committed during network operations, particularly when MSGWAITALL is enabled or with streaming sockets. A local attacker could exploit this by causing multiple socket...

7.8CVSS5.9AI score0.00151EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/01/15 12:25 a.m.7 views

SUSE CVE-2025-68805

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...

6.6AI score0.00155EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/14 11:17 p.m.6 views

CVE-2025-68805

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...

6AI score0.00155EPSS
Exploits0References4
NVD
NVD
added 2026/01/13 4:16 p.m.7 views

CVE-2025-68805

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...

0.00155EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/01/13 4:16 p.m.6 views

CVE-2025-68805

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...

5.7AI score0.00155EPSS
Exploits0References10
OSV
OSV
added 2026/01/13 3:29 p.m.7 views

CVE-2025-68805 fuse: fix io-uring list corruption for terminated non-committed requests

In the Linux kernel, the following vulnerability has been resolved: fuse: fix io-uring list corruption for terminated non-committed requests When a request is terminated before it has been committed, the request is not removed from the queue's list. This leaves a dangling list entry that leads to...

6.5AI score0.00155EPSS
Exploits0References5
CVE
CVE
added 2026/01/13 3:29 p.m.13 views

CVE-2025-68805

CVE-2025-68805 (fuse/io_uring) is addressed in OS/kernel security updates. Root cause: when an io-uring request is terminated before being committed, it remained in the queue, creating a dangling list entry that caused list corruption and use-after-free. Impact: potential corruption of the queue’...

6.2AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder