Lucene search
K

706 matches found

CVE
CVE
added yesterday20 views

CVE-2026-47732

Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...

7.1CVSS6.1AI score0.00044EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 5:35 p.m.9 views

CVE-2026-53083

A flaw was found in the Linux kernel. A missing condresched in the bpffdarraymapclear loop, specifically when handling BPF Berkeley Packet Filter PROGARRAY maps with numerous entries, can lead to an RCU Read-Copy Update stall. This can result in a Denial of Service DoS under heavy system load, as...

5.5CVSS5.7AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 5:17 p.m.11 views

CVE-2026-53083

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix RCU stall in bpffdarraymapclear Add a missing condresched in bpffdarraymapclear loop. For PROGARRAY maps with many entries this loop calls progarraymappokerun per entry which can be expensive, and without yielding this c...

0.00156EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Quota: Fixed a livelock issue between quotactl and freezesuper. When a filesystem is frozen, quotactlblock enters a retry loop, waiting for the filesystem to thaw. It acquires sumount, checks the freeze state, releases sumount, a...

5.5CVSS5.8AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: AppArmor: Fixed the rlimit settings for posix cpu timers. posix cpu timers require an additional step beyond simply setting the rlimit. The code should be refactored so it’s clear which code is setting the limits, and the posi...

7.3CVSS5.9AI score0.00114EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 7:16 a.m.19 views

CVE-2026-13006

ACE vulnerability in conditional configuration file processing by QOS.CH logback-core up to and including version 1.5.36 in Java applications, allows an attacker to execute arbitrary code circumventing existing protections against CVE-2025-11226 by compromising an existing logback configuration...

7CVSS0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.21 views

PT-2026-51676

Name of the Vulnerable Software and Affected Versions logback-core versions prior to 1.5.35 Description An arbitrary code execution issue exists in the conditional configuration file processing of Java applications. An attacker can execute arbitrary code by compromising an existing logback...

7CVSS6.5AI score0.00122EPSS
Exploits0References13
OSV
OSV
added 2026/06/19 9:42 p.m.11 views

GHSA-4VRG-R928-H5VV SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

3.7CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 9:42 p.m.11 views

SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

5.8AI score
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/09 12:25 p.m.37 views

CVE-2026-46328

The CVE-2026-46328 entry concerns the Linux kernel AppArmor policy: fix rlimit for posix CPU timers. The issue arose because Posix CPU timers required an additional step beyond setting the rlimit, and the patch refactors the code to make clear which code sets the limit and to conditionally update...

7.3CVSS5.4AI score0.00114EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47786

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in AppArmor regarding the handling of resource limits rlimit for POSIX CPU timers. POSIX CPU timers require an additional step beyond the standard setting of the rlimit t...

7.3CVSS5.9AI score0.00114EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 5:4 p.m.12 views

CVE-2026-46426

Budibase is an open-source low-code platform. Prior to 3.38.2, the file upload endpoint POST /api/attachments/process does not enforce active-content restrictions for authenticated users. The checks for dangerous file extensions are conditionally wrapped inside if isPublicUser or if isPublicUser ...

7.6CVSS5.8AI score0.00175EPSS
Exploits0References3Affected Software1
Packet Storm News
Packet Storm News
added 2026/05/22 12:0 a.m.15 views

Formal Verification of Probing Security Via Conditional Independence

Side-channel attacks are a major threat to the security of cryptosystems. Masking is a widely used countermeasure against such attacks, but proving the security of masked algorithms is error-prone without formal verification. In this work, we propose a novel approach to formal verification of...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/21 8:35 p.m.10 views

GHSA-F74W-272X-MQCV NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags

Summary The refresh-token cookie was set with httpOnly: true but missing both the secure flag and the sameSite attribute. Over plain HTTP the cookie could be intercepted on the network; without sameSite, browsers attached it to cross-site POSTs, enabling CSRF against the token-refresh endpoint...

5.4CVSS5.7AI score0.00099EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: md/raid10: preventing soft lockup during flush writes Currently, there is no limit for plugged bio in raid1/raid10. While performing flush writes, raid1 uses condresched, whereas raid10 does not. Too many writes can cause a soft...

5.5CVSS6.3AI score0.00112EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: dmcrypt: added condresched to dmcryptwrite. The loop in dmcryptwrite may run for an unlimited amount of time; therefore, condresched is needed in it. This commit fixes the following warnings: 3391.153255 C12 watchdog: BUG: sof...

5.5CVSS6.4AI score0.00186EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/18 12:0 a.m.20 views

Learning to Look Benign: Targeted Evasion of Malware Detectors Via API Import Injection

Machine learning-based malware detectors are widely deployed in antivirus and endpoint detection systems, yet their reliance on static features makes them vulnerable to adversarial manipulation. This paper investigates whether a malware sample can be intentionally misclassified as a specific beni...

5.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:11 p.m.10 views

CVE-2026-43292

In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: prevent RCU stalls in kasanreleasevmallocnode When CONFIGPAGEOWNER is enabled, freeing KASAN shadow pages during vmalloc cleanup triggers expensive stack unwinding that acquires RCU read locks. Processing a large...

5.7AI score0.00122EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 8:21 p.m.14 views

CVE-2026-25863

Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...

8.7CVSS5.9AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2026/05/04 7:16 p.m.19 views

CVE-2026-25863

Conditional Fields for Contact Form 7 WordPress plugin through version 2.7.2 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...

8.7CVSS0.00435EPSS
Exploits0References2
Rows per page
Query Builder