Lucene search
K

1292 matches found

UbuntuCve
UbuntuCve
added 2026/04/15 8:16 p.m.4 views

CVE-2026-40917

A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the icnsslurp function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious ICNS file, potentially leading to application crashes or information disclosure on systems that process...

7.1CVSS5.8AI score0.00167EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/13 5:38 a.m.3 views

CVE-2026-4151

A flaw was found in GIMP. Remote attackers can exploit this vulnerability by tricking a user into opening a specially crafted ANI Animated Cursor file or visiting a malicious web page. This issue stems from an integer overflow during the parsing of ANI files, caused by insufficient validation of...

7.8CVSS7.5AI score0.00664EPSS
Exploits0References5
NVD
NVD
added 2026/04/11 1:16 a.m.6 views

CVE-2026-4151

GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a...

7.8CVSS0.00664EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.6 views

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2026-1494)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1494 advisory. In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 In the Linux kernel, the following vulnerability has be...

9.8CVSS6.5AI score0.00395EPSS
Exploits0References136
Amazon
Amazon
added 2026/03/27 12:0 a.m.14 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: pagepool: Fix use-after-free in pagepoolrecycleinring CVE-2025-38129 In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper CVE-2025-40110 In th...

7.8CVSS6.6AI score0.00395EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/27 12:0 a.m.3 views

GIMP < 3.2.0 Multiple Vulnerabilities (macOS)

The version of GIMP installed on the remote macOS host is prior to 3.2.0. It is, therefore, affected by multiple vulnerabilities: - An integer overflow condition exists in PSD file parsing due to improper validation of user-supplied data. An unauthenticated, local attacker can exploit this, via a...

7.8CVSS7.6AI score0.00755EPSS
Exploits0References17
RedhatCVE
RedhatCVE
added 2026/03/26 3:9 p.m.6 views

CVE-2026-33326

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS5.7AI score0.00257EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 8:16 p.m.3 views

CVE-2026-33326

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS0.00257EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/24 7:8 p.m.3 views

CVE-2026-33326

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS5.7AI score0.00257EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/24 7:8 p.m.5 views

CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS5.7AI score0.00257EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/24 7:8 p.m.23 views

CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS0.00257EPSS
Exploits0References1
CVE
CVE
added 2026/03/24 7:8 p.m.9 views

CVE-2026-33326

Summary: Keystone 6 core prior to 6.5.2 had a bypass in isFilterable for findMany via the cursor parameter, allowing potential disclosure by confirming protected field values. The root cause is that the cursor input type reused UniqueWhere checks not patched by the previous fix for CVE-2025-46720...

4.3CVSS5.7AI score0.00257EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/24 7:8 p.m.5 views

CVE-2026-33326 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany

Keystone is a content management system for Node.js. Prior to version 6.5.2, field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterab...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.5 views

Keystone 安全漏洞

Keystone is a powerful CMS developed under OpenStack. It helps you build and expand faster than any other CMS or application framework. Versions of Keystone prior to 6.5.2 contained security vulnerabilities. These vulnerabilities stemmed from the findMany query, where the access control mechanism...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/03/23 12:0 a.m.160 views

📄 Cursor IDE MCP Deeplink Remote Code Execution

This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...

8.8CVSS6.2AI score0.07598EPSS
Exploits2
Github Security Blog
Github Security Blog
added 2026/03/19 6:37 p.m.7 views

@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)

Summary field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterable bypass for update and delete mutations added checks to the where...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/19 6:37 p.m.1 views

GHSA-CGCG-Q9JH-5PR2 @keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany (CVE-2025-46720 incomplete fix)

Summary field.isFilterable access control can be bypassed in findMany queries by passing a cursor. This can be used to confirm the existence of records by protected field values. The fix for CVE-2025-46720 field-level isFilterable bypass for update and delete mutations added checks to the where...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/03/19 12:27 a.m.4 views

SUSE CVE-2026-23249

In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...

5.7AI score0.00141EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/19 12:0 a.m.13 views

PT-2026-26483

Name of the Vulnerable Software and Affected Versions Keystone versions prior to 6.5.2 Description Keystone is a content management system for Node.js. An access control bypass exists in findMany queries through the cursor parameter. Specifically, the field.isFilterable access control can be...

4.3CVSS5.8AI score0.00257EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/18 6:31 p.m.5 views

EUVD-2026-12852

In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btrees at the same time, after which it needs to evaluate both btrees to confirm that the corruptions a...

5.7AI score0.00141EPSS
Exploits0References5
Rows per page
Query Builder