Lucene search
K

16995 matches found

CVE
CVE
added 2026/05/08 2:21 p.m.16 views

CVE-2026-43388

CVE-2026-43388 (Linux kernel, DAMON) : The vulnerability arises in mm/damon/core/damos_walk(), which sets ctx->walk_control to a caller-provided control structure before checking if the context is running. If the context is inactive, it returns -EINVAL without clearing the pointer, leaving a d...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/08 2:16 p.m.17 views

CVE-2026-44336

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

9.6CVSS0.00619EPSS
Exploits1References1
NVD
NVD
added 2026/05/08 2:16 p.m.13 views

CVE-2026-43306

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type...

5.5CVSS0.00122EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.7 views

CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References5
OSV
OSV
added 2026/05/08 2:16 p.m.4 views

UBUNTU-CVE-2026-43309

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/08 1:32 p.m.33 views

CVE-2026-44336 PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection

PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP Model Context Protocol server praisonai mcp serve registers four file-handling tools by default — praisonai.rules.create, praisonai.rules.show, praisonai.rules.delete, and praisonai.workflow.show. Each accepts a pat...

9.4CVSS0.00619EPSS
Exploits1References1
CVE
CVE
added 2026/05/08 1:11 p.m.15 views

CVE-2026-43311

CVE-2026-43311 resolves a Linux kernel Tegra PMC issue where generic_handle_irq() was called from a non-interrupt context during system suspend resume, causing kernel warnings. The fix defers the call to an IRQ work, enabling safe execution in hard IRQ context. For PREEMPT_RT kernels, the patch u...

5.5CVSS5.7AI score0.00121EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:11 p.m.33 views

CVE-2026-43311 soc/tegra: pmc: Fix unsafe generic_handle_irq() call

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: pmc: Fix unsafe generichandleirq call Currently, when resuming from system suspend on Tegra platforms, the following warning is observed: WARNING: CPU: 0 PID: 14459 at kernel/irq/irqdesc.c:666 Call trace:...

0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 1:11 p.m.33 views

CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid

In the Linux kernel, the following vulnerability has been resolved: md raid: fix hang when stopping arrays with metadata through dm-raid When using device-mapper's dm-raid target, stopping a RAID array can cause the system to hang under specific conditions. This occurs when: - A dm-raid managed...

0.00121EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/08 1:11 p.m.7 views

CVE-2026-43306

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type...

5.8AI score0.00122EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/08 1:11 p.m.37 views

CVE-2026-43306 bpf: crypto: Use the correct destructor kfunc type

In the Linux kernel, the following vulnerability has been resolved: bpf: crypto: Use the correct destructor kfunc type With CONFIGCFI enabled, the kernel strictly enforces that indirect function calls use a function pointer type that matches the target function. I ran into the following type...

0.00122EPSS
Exploits0References4
CVE
CVE
added 2026/05/08 1:11 p.m.16 views

CVE-2026-43285

Linux kernel mm/slab: do not access current->mems_allowed_seq if !allow_spin. The issue arises when get_from_any_partial() runs in NMI context, since seqcount_spinlock_t is not NMI-safe and can trigger a deadlock in the write/read sequence. Affected code path can lead to inconsistent lock stat...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/08 12:6 p.m.10 views

CVE-2026-39858

A flaw was found in Traefik. A remote attacker can exploit an authentication bypass vulnerability by injecting spoofed trust context through unsanitized alias headers. This is due to Traefik's forwarded-header sanitization logic not properly handling alias header names that use underscores instea...

10CVSS5.7AI score0.00479EPSS
Exploits1References7
OSV
OSV
added 2026/05/08 9:41 a.m.13 views

CLSA-2026-1778233301 python3.9: Fix of 7 CVEs

CVE-2025-1795: fix incorrect parsing of email addresses with special chars - CVE-2025-4516: fix use-after-free in unicode-escape decoder with non-strict error handler - CVE-2025-6069: fix quadratic complexity in HTMLParser special input - CVE-2025-8291: fix zip64 end-of-central-directory record...

6.5CVSS6.5AI score0.00744EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 5:46 a.m.5 views

BIT-JRE-2025-24855

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS7.1AI score0.00324EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.8 views

SUSE CVE-2026-43273

In the Linux kernel, the following vulnerability has been resolved: ceph: supply snapshot context in cephzeropartialobject The cephzeropartialobject function was missing proper snapshot context for its OSD write operations, which could lead to data inconsistencies in snapshots. Reproducer:...

5.7AI score0.00117EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/08 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43423

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: fncm: Fix atomic context locking issue The ncmsetalt function was holding a mut...

5.7AI score0.00091EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.17 views

PT-2026-38849

numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal...

7.8CVSS5.8AI score0.00324EPSS
Exploits1References4
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.8 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40989 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/08 12:0 a.m.8 views

ch.sbb:spring-cloud-stream-binder-solace (>=8.0.0 <=9.0.2), cn.herodotus.dante:dante-authentication-autoconfigure (>=4.0.0.0-M2 <=4.0.0.0-M3) +157 more potentially affected by CVE-2026-40990 via org.springframework.cloud:spring-cloud-function-context (>=5.0.0-M1 <=5.0.1)

org.springframework.cloud:spring-cloud-function-context MAVEN version =5.0.0-M1, =8.0.0, =4.0.0.0-M2, =4.0.0.0-M2, =4.0.0.0-M2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =6.0.0-beta.2, =1.0.0, =1.0.0, =2.0.0-RC1, =8.0.4 and more S...

6.5CVSS5.4AI score0.00211EPSS
Exploits0
Rows per page
Query Builder