Lucene search
K

264 matches found

OSV
OSV
added 2026/06/26 8:7 a.m.5 views

CVE-2026-11625 Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes

Bytes::Random::Secure versions through 0.29 for Perl share internal state across forked processes. When an object is initialised before forking, or when the functional interface is used, then the internal state for the PRNG is shared across processes and identical random streams will be produced...

7.5CVSS5.9AI score0.00447EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/06/24 12:0 a.m.2 views

CVE-2026-49269

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random...

8.6CVSS5.8AI score0.00303EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/15 6:1 p.m.90 views

Exploit for CVE-2025-2783

Chromium CVE-2025-2783: Sandbox Escape & Full-Chain RCE Exploi...

8.3CVSS6.3AI score0.08404EPSS
Exploits6
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.26 views

PT-2026-47795

Name of the Vulnerable Software and Affected Versions Waves Central for macOS versions 13.0.9 through 16.5.5 Description A trusted XPC client component is signed with hardened runtime entitlements that allow dynamic library injection. A local attacker can use the DYLD INSERT LIBRARIES environment...

7.8CVSS6AI score0.00151EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.21 views

PT-2026-47796

1 Local Privilege Escalation via DYLIB Injection CVE-2026-24064 2 Local Privilege Escalation via Insecure XPC Client Validation CVE-2026-24065 Multiple Local Privilege Escalation Vulnerabilities in Waves Audio Waves Central https://t.co/fkys4ePhWy...

5.4AI score0.00323EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/05 12:37 p.m.7 views

CVE-2026-11369 IDOR in Comment API Allows Cross-Process Comment Read and Write

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/05 12:37 p.m.48 views

CVE-2026-11369 IDOR in Comment API Allows Cross-Process Comment Read and Write

The Comment API GET /api/Comment and POST /api/Comment in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by the relatedObjectId. This Insecure Direct Object Reference IDOR vulnerability allows any authenticated...

7.1CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/05 12:37 p.m.25 views

CVE-2026-11369

The CVE-2026-11369 entry concerns an Insecure Direct Object Reference (IDOR) in the Comment API. The affected endpoints are GET /api/Comment and POST /api/Comment. The root cause is missing authorization checks to verify that a user has access to the object identified by relatedObjectId, allowing...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in PHP 7.3

In PHP versions 8.0. before 8.0.30, 8.1. before 8.1.22, and 8.2. before 8.2.8, various XML functions rely on the libxml global state to track configuration variables, such as whether external entities are loaded. This state is assumed to remain unchanged unless the user explicitly changes it by...

8.6CVSS6.8AI score0.0121EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.41 views

GPUBreach: Privilege Escalation Attacks on GPUs Using Rowhammer

NVIDIA GPUs with GDDR memories have been shown susceptible to Rowhammer-based bit-flips, similar to CPUs. However, Rowhammer exploits on GPUs have been limited to injecting untargeted bit-flips in victim data like weights of machine learning models, to degrade model accuracy, unlike CPU exploits...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/03/31 3:13 p.m.4 views

EUVD-2026-17484

ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed MDM-delivered and user-defined...

6.3CVSS5.8AI score0.00196EPSS
Exploits1References3
CISA KEV Catalog
CISA KEV Catalog
added 2026/03/20 12:0 a.m.16 views

Apple Multiple Products Improper Locking Vulnerability

Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes...

7.8CVSS5.8AI score0.00355EPSS
In wildExploits2
VulnCheck KEV
VulnCheck KEV
added 2026/03/18 12:0 a.m.4 views

VulnCheck KEV: CVE-2025-43510

A memory corruption issue was addressed with improved lock state checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A malicious application may cause unexpect...

7.8CVSS5.8AI score0.00355EPSS
In wildExploits2References4
Tenable Nessus
Tenable Nessus
added 2026/02/07 12:0 a.m.5 views

RockyLinux 8 : firefox (RLSA-2025:18285)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:18285 advisory. thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textur...

9.8CVSS7.4AI score0.00475EPSS
Exploits0References15
EUVD
EUVD
added 2026/02/02 1:23 p.m.8 views

EUVD-2026-5109

It was found that the XPC service offered by the privileged helper of Native Access uses the PID of the connecting client to verify its code signature. This is considered insecure and can be exploited by PID reuse attacks. The connection handler function uses xpcconnectiongetpidarg2 as argument f...

9.3CVSS5.5AI score0.00146EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/01/27 5:1 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: Fixed the issue where hugepmdunshare caused a race condition with GUP-fast. The hugepmdunshare function releases a reference to a page table that might have previously been shared across processes. This could...

4.7CVSS6.4AI score0.00111EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 7 : kernel-3.10.0-1160.99.1.el7 (AXSA:2023-6384:24)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6384:24 advisory. kernel: clsflower: out-of-bounds write in flsetgeneveopt CVE-2023-35788 hw: amd: Cross-Process Information Leak CVE-2023-20593 Tenable has extracted...

7.8CVSS6.9AI score0.05794EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : linux-firmware-20230404-117.git2e92a49f.el8.ML.1 (AXSA:2023-6487:08)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6487:08 advisory. hw: amd: Cross-Process Information Leak CVE-2023-20593 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

5.5CVSS6.8AI score0.05794EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.6 views

MiracleLinux 9 : linux-firmware-20230310-135.el9.ML.1 (AXSA:2023-6485:07)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6485:07 advisory. hw: amd: Cross-Process Information Leak CVE-2023-20593 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

5.5CVSS6.8AI score0.05794EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 7 : linux-firmware-20200421-81.git78c0348.el7 (AXSA:2023-6589:09)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6589:09 advisory. hw amd: Return Address Predictor vulnerability leading to information disclosure CVE-2023-20569 hw: amd: Cross-Process Information Leak CVE-2023-205...

5.5CVSS6.9AI score0.0616EPSS
Exploits2References3
Rows per page
Query Builder