Lucene search
K

712 matches found

OSV
OSV
added 2026/05/08 3:16 p.m.9 views

UBUNTU-CVE-2026-43370

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm-processinfo assignment with cmpxchg to prevent race when parent/child processes sharing a drmfile both try to acquire the same VM after fork. cherry picked...

7.8CVSS5.7AI score0.00126EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.10 views

SUSE CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.11 views

PT-2026-39232

Name of the Vulnerable Software and Affected Versions Wagtail versions prior to 7.0.7 Wagtail versions prior to 7.3.2 Wagtail versions prior to 7.4 Description A CMS user lacking page editing permissions can access page revisions via the revision compare view by knowing the primary keys of two...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/06 11:7 p.m.11 views

CVE-2026-43245

A flaw was found in the Linux kernel's NTFS filesystem driver. The -dcompare function, responsible for comparing directory entries, was found to perform blocking operations. This behavior, along with the misuse of namescachep for memory allocations, could lead to system unresponsiveness or a deni...

7.5CVSS5.8AI score0.00441EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 12:16 p.m.6 views

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

7.5CVSS0.00441EPSS
Exploits0References5
NVD
NVD
added 2026/05/06 12:16 p.m.9 views

CVE-2026-43121

In the Linux kernel, the following vulnerability has been resolved: iouring/zcrx: fix userref race between scrub and refill paths The iozcrxputniovuref function uses a non-atomic check-then-decrement pattern atomicread followed by separate atomicdec to manipulate userrefs. This is serialized...

4.7CVSS0.00088EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.32 views

CVE-2026-43245 ntfs: ->d_compare() must not block

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

7.5CVSS0.00441EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.11 views

CVE-2026-43245

In the Linux kernel, the following vulnerability has been resolved: ntfs: -dcompare must not block ... so don't use getname there. Switch it and ntfsdhash, while we are at it to kmallocPATHMAX, GFPNOWAIT. Yes, ntfsdhash almost certainly can do with smaller allocations, but let ntfs folks deal wit...

7.5CVSS5.7AI score0.00441EPSS
Exploits0
OSV
OSV
added 2026/05/05 4:38 p.m.6 views

CLSA-2026-1777999127 Fix CVE(s): CVE-2026-28387, CVE-2026-28388, CVE-2026-28389, CVE-2026-28390

SECURITY UPDATE: fix UAF/double-free in DANE client by using X509free for dane-mcert - debian/patches/CVE-2026-28387.patch: fix UAF/double-free in DANE client by using X509free for dane-mcert - CVE-2026-28387 SECURITY UPDATE: NULL check delta-crlnumber before ASN1INTEGERcmp in checkdeltabase -...

8.1CVSS5.8AI score0.00885EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/01 5:33 p.m.9 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the RWStlReader::ReadAscii process when buffers returned by StandardReadLineBuffer::ReadLine are not properly length-validated before being used in strncasecmp or accessed directly. An attacker can cause denial of...

7.1CVSS5.8AI score0.00106EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 8:29 p.m.8 views

CLSA-2026-1777059908 binutils: Fix of 4 CVEs

CVE-2022-47673: fix out-of-bounds reads in parsemodule bfd/vms-alpha.c, combined backport of upstream commits c9178f28, 942fa4fb, 77c225bd, 65cf035b and c093f5ee patch also covers CVE-2023-25584 - CVE-2022-47695: fix segfault in objdump comparesymbols on synthetic plt symbols - CVE-2022-47696:...

7.8CVSS6.7AI score0.00461EPSS
Exploits3References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of the cmpxchg serialization to access so-tx.buf. This vulnerability may lead to the...

7.8CVSS7AI score0.00104EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/16 9:10 p.m.9 views

Mojic: Observable Timing Discrepancy in HMAC Verification

Summary The CipherEngine in Mojic v2.1.3 uses a standard equality operator !== to verify the HMAC-SHA256 integrity seal during the decryption phase. This creates an Observable Timing Discrepancy CWE-208, allowing a potential attacker to bypass the file integrity check via a timing attack. Details...

4.7CVSS6AI score0.00108EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/15 6:31 p.m.5 views

EUVD-2026-22892

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

5.3CVSS5.8AI score0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 10:21 a.m.6 views

CVE-2026-40737

Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through = 1.1.4...

5.3CVSS5.8AI score0.00212EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/15 12:7 a.m.3 views

CVE-2026-40105

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 10.4-rc-1, through 16.10.15, 17.0.0-rc-1, through 17.4.7 and 17.5.0-rc-1 through 17.10.0 contain a reflected cross-site scripting vulnerability XSS in the comparison view between...

6.5CVSS5.8AI score0.00549EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/14 11:13 p.m.7 views

GHSA-HG7G-56H5-5PQR CAPTCHA Bypass in WWBN/AVideo via Attacker-Controlled Length Parameter and Missing Token Invalidation on Failure

Summary objects/getCaptcha.php accepts the CAPTCHA length ql directly from the query string with no clamping or sanitization, letting any unauthenticated client force the server to generate a 1-character CAPTCHA word. Combined with a case-insensitive strcasecmp comparison over a 33-character...

5.3CVSS5.9AI score0.00218EPSS
Exploits1References4
OSV
OSV
added 2026/04/14 10:33 p.m.3 views

GHSA-W4FJ-87J5-F25C XWiki has Reflected Cross-Site Scripting (XSS) in page history compare

Impact A reflected cross-site scripting vulnerability XSS in the compare view between revisions of a page allows executing JavaScript code in the user's browser. If the current user is an admin, this can not only affect the current user but also the confidentiality, integrity and availability of...

6.5CVSS5.7AI score0.00549EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/04/10 8:24 p.m.8 views

CVE-2026-40194

phpseclib is a PHP secure communications library. Starting in 0.1.1 and prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::getbinarypacket uses PHP's != operator to compare a received SSH packet HMAC against the locally computed HMAC. != on equal-length binary strings in PHP uses memcmp,...

3.7CVSS5.8AI score0.00334EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30168

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.19.0 Description The Linux kernel contains a flaw in the RedBoot partition table parser. When CONFIG FORTIFY SOURCE is enabled and a recent compiler is used, a buffer overflow can occur during the parsing...

9.8CVSS5.7AI score0.00443EPSS
Exploits0References471
Rows per page
Query Builder