Lucene search
+L

1126 matches found

oraclelinux
oraclelinux
added 3 days ago5 views

kernel security, bug fix, and enhancement update

4.18.0-553.141.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS7AI score0.0031EPSS
Exploits0
cve
cve
added 2026/07/08 12:0 a.m.22 views

CVE-2026-55429

Coder's CVE-2026-55429 describes a cross-workspace agent rebinding vulnerability in UpsertWorkspaceApp and insertAgentApp where a provisioner payload can bind a victim app to an attacker-controlled agent due to lack of workspace verification. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, ...

8.7CVSS6AI score0.00508EPSS
Exploits0References6Affected Software1
redhatcve
redhatcve
added 2026/06/30 1:29 a.m.9 views

CVE-2026-53324

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

5.5CVSS5.7AI score0.00115EPSS
Exploits0References4
snyk
snyk
added 2026/06/29 2:23 p.m.10 views

Interpretation Conflict

Overview fast-uri is a Dependency-free RFC 3986 URI toolbox Affected versions of this package are vulnerable to Interpretation Conflict in its parse, normalize, and equal functions, which call the nonexistent URL.domainToASCII static method and silently swallow the resulting TypeError into...

8.7CVSS5.8AI score0.00312EPSS
Exploits0References2
euvd
euvd
added 2026/06/26 9:54 p.m.15 views

EUVD-2026-31689

Hackney has SSRF allowlist bypass in hackneyurl:normalize/2 via percent-encoded host...

6.9CVSS5.8AI score0.00201EPSS
Exploits1References5
cve
cve
added 2026/06/26 7:41 p.m.16 views

CVE-2026-53324

CVE-2026-53324 is addressed in the Linux kernel’s net: mana path. The fix replaces per-device debugfs directory naming that previously used a hardcoded "0" for PFs and pci_slot_name(pdev->slot) for VFs with pci_name(pdev), which yields the unique BDF address. This eliminates two issues: (1) po...

5.5CVSS5.8AI score0.00115EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2026/06/25 4:50 p.m.33 views

CVE-2026-50573 pnpm: Unsafe default behavior breaks integrity check

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm install in non-frozen mode can accept new remote package content after detecting that the downloaded tarball does not match the integrity recorded in pnpm-lock.yaml. When a package is already locked with an integrity value, and the...

6.8CVSS0.00113EPSS
Exploits1References1
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.11 views

PT-2026-51975

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Berkeley Packet Filter BPF verifier within the regsafe function. The issue occurs when comparing two scalar registers that both carry BPF ADD CONST values; the check...

7.8CVSS5.8AI score0.00116EPSS
Exploits0References9
vulnrichment
vulnrichment
added 2026/06/19 9:39 p.m.5 views

CVE-2026-56082 Supabase - Unauthenticated Cross-Tenant Billing Log Tampering via public.record_build_time RPC

Capgo Cap-go/capgo before 12.128.2 contains an improper access control vulnerability in the SECURITY DEFINER PostgREST RPC function public.recordbuildtime, which is granted to the anon role and callable with only the public Supabase publishable sbpublishable anon key. An unauthenticated attacker...

8.7CVSS6AI score0.00242EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.20 views

PT-2026-50538

Name of the Vulnerable Software and Affected Versions Tinyproxy versions prior to commit ff45d3b Description Tinyproxy fails to reconcile conflicting Content-Length and Transfer-Encoding: chunked headers, forwarding both verbatim to the backend while using Content-Length to determine the number o...

9.3CVSS6.1AI score0.00439EPSS
Exploits0References11
snyk
snyk
added 2026/06/15 8:20 p.m.14 views

Interpretation Conflict

Overview python-multipart is an A streaming multipart parser for Python Affected versions of this package are vulnerable to Interpretation Conflict through the parseoptionsheader function. An attacker can bypass field name or filename-based access controls, or manipulate file upload destinations ...

6.3CVSS5.4AI score0.00177EPSS
Exploits0References2
snyk
snyk
added 2026/06/15 5:19 p.m.11 views

Interpretation Conflict

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results between differen...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
snyk
snyk
added 2026/06/15 5:19 p.m.9 views

Interpretation Conflict

Overview org.webjars.npm:tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of PAX extended header size overrides in intermediary metadata headers. An attacker can cause inconsistent archive parsing results...

6.9CVSS5.3AI score0.00107EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.21 views

PT-2026-49577

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.16 Description An interpretation differential exists in how the software parses tar archives. The issue occurs because the library applies a PAX extended header's size= record and other PAX overrides to the next...

6.9CVSS5.8AI score0.00107EPSS
Exploits1References6
nessus
nessus
added 2026/06/14 12:0 a.m.8 views

SUSE SLED15 / SLES15 Security Update : avahi (SUSE-SU-2026:2297-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:2297-1 advisory. This update for avahi fixes the following issue: - CVE-2026-34933: Prior to version 0.9-rc4, any unprivileged local use...

5.5CVSS5.3AI score0.00203EPSS
Exploits1References4
osv
osv
added 2026/06/12 3:52 p.m.4 views

CVE-2026-6046 Plugin bot username conflict allows user account to be used as bot identity in Mattermost Server

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to validate that a username returned during bot registration belongs to a bot account, which allows an unprivileged attacker to intercept private messages sent by plugins via direct message channels ...

5.3CVSS6AI score0.0019EPSS
Exploits0References3
snyk
snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/symfony is a PHP framework for web applications and a set of reusable PHP components. Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sendin...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References3
snyk
snyk
added 2026/06/09 9:58 p.m.4 views

Interpretation Conflict

Overview symfony/runtime is an Enables decoupling PHP applications from global state Affected versions of this package are vulnerable to Interpretation Conflict via the SymfonyRuntime::getInput process. An attacker can modify environment variables and enable debug mode by sending specially crafte...

9.8CVSS5.8AI score0.00328EPSS
Exploits0References3
oraclelinux
oraclelinux
added 2026/06/05 12:0 a.m.21 views

kernel security update

4.18.0-553.129.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

7.8CVSS5.6AI score0.00378EPSS
Exploits4
snyk
snyk
added 2026/06/04 4:22 p.m.8 views

Interpretation Conflict

Overview Affected versions of this package are vulnerable to Interpretation Conflict in the pngpushreadchunk function in the push-mode APNG parser. An attacker can inject chunked data with a malicious PNG file containing attacker-controlled bytes in an ignored ancillary chunk, which are then...

5.4CVSS5.5AI score0.00202EPSS
Exploits0References2
Rows per page
Query Builder