Lucene search
K

91 matches found

SUSE CVE
SUSE CVE
added 2026/06/09 2:20 a.m.10 views

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

5.5CVSS5.4AI score0.00125EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.12 views

AppLockZ - TrustedApp App Lock and Fingerprint Lock 安全漏洞

AppLockZ - TrustedApp App Lock and Fingerprint Lock is a mobile application security tool developed by AppLockZ - TrustedApp. Version 4.2.11 of AppLockZ - TrustedApp App Lock and Fingerprint Lock contains a security vulnerability. This vulnerability stems from the PIN lock being implemented as a...

2.4CVSS5.8AI score0.00186EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Several Linux PV device frontends are vulnerable to attacks by backends that use grant table interfaces to remove access rights from resources. This can lead to potential data leaks, data corruption by malicious backends, and denial of service attacks. The backends that use these interfaces may n...

7CVSS6.6AI score0.00359EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Istio 代码问题漏洞

Istio is an open-source platform that connects, manages, and protects microservices. Versions of Istio prior to 1.28.6 and 1.29.2 have code vulnerabilities. These vulnerabilities arise when creating a RequestAuthentication resource that points to an internal service’s jwksUri, and Istio does not...

7.7CVSS5.9AI score0.00329EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.11 views

PT-2026-36778

The Magic Export & Import WordPress plugin before 1.2.0 stores exported CSV files at a publicly accessible location, making it possible for any visitors to leak sensitive user information...

5.8AI score0.0027EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.12 views

PT-2026-35374

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1...

7.7CVSS5.2AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. There is a security vulnerability in uutils coreutils. This vulnerability arises from the fact that the mktemp utility fails to properly handle the empty TMPDIR environment variable. Unlike GNU mktemp,...

3.3CVSS5.8AI score0.00133EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/14 11:18 p.m.12 views

Permissive Cross-domain Policy with Untrusted Domains

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Permissive Cross-domain Policy with Untrusted Domains via the allowOrigin function. An attacker can access sensitive user data and perform unauthorized actions by...

8.6CVSS5.7AI score0.00335EPSS
Exploits1References2
OSV
OSV
added 2026/04/01 9:13 p.m.1 views

GHSA-CMW6-HCPP-C6JP ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load

Summary The issue is in onnx.load — the code checks for symlinks to prevent path traversal, but completely misses hardlinks, which is the problem, since a hardlink looks exactly like a regular file on the filesystem. The Real Problem The validator in onnx/checker.cc only calls issymlink and never...

4.7CVSS5.9AI score0.00176EPSS
Exploits0References4
OSV
OSV
added 2026/03/24 7:16 p.m.38 views

UBUNTU-CVE-2026-23919

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.8AI score0.00154EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.3 views

CVE-2026-1567

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 An XML External Entity XXE vulnerability in IBM InfoSphere Information Server could allow attackers to retrieve sensitive information from the server...

7.5CVSS5.9AI score0.00311EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.17 views

Ubuntu 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8052-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8052-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...

9.8CVSS7.1AI score0.09796EPSS
Exploits8References754
EUVD
EUVD
added 2026/02/05 7:13 a.m.3 views

EUVD-2025-206874

Infinera DNA is vulnerable to a time-based SQL injection vulnerability due to insufficient input validation, which may result in leaking of sensitive information...

6.3CVSS5.6AI score0.00251EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/27 4:30 p.m.5 views

CVE-2026-1477

An out-of-band SQL injection vulnerability OOB SQLi has been detected in the Performance Evaluation EDD application developed by Gabinete Técnico de Programación. Exploiting this vulnerability in the parameter 'Idusuario' and 'Idevaluacion’ in ‘/evaluacioncompetenciasevaluaold.aspx’, could allow ...

9.3CVSS5.8AI score0.00327EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/12 10:11 p.m.7 views

EUVD-2025-203174

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via...

6.3CVSS6.4AI score0.00369EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/11 12:0 a.m.8 views

PT-2025-50592

A vulnerability in TeamViewer DEX Client former 1E Client - Content Distribution Service NomadBranch.exe prior version 25.11 for Windows allows malicious actors to coerce the service into transmitting data to an arbitrary internal IP address, potentially leaking sensitive information...

4.3CVSS6.9AI score0.00221EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

Microsoft Windows 访问控制错误漏洞

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Windows. An attacker could exploit this vulnerability to obtain sensitive information. The following products and versions are...

7.1CVSS6.1AI score0.00381EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-40236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - virtio-net: zero unused hash fields When GSO tunnel is negotiated virtionethdrtnlfromskb tries to initialize the tunnel metadata but forget to zero unused rxhas...

6AI score0.00162EPSS
Exploits0References2
CVE
CVE
added 2025/11/14 7:37 p.m.33 views

CVE-2025-13033

The CVE-2025-13033 entry concerns Nodemailer’s email parsing library. A flaw in handling specially formatted recipient addresses allows an attacker to craft a recipient that embeds an external address within quotes, causing misdirection of mail to the attacker’s external address rather than the i...

7.5CVSS6.1AI score0.00544EPSS
Exploits0References7
Cisco
Cisco
added 2025/10/15 4:0 p.m.160 views

Multiple Cisco Products Snort 3 MIME Denial of Service Vulnerabilities

Multiple Cisco products are affected by vulnerabilities in the HTTP Multipurpose Internet Mail Extensions MIME Decoder that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak possible sensitive information or to restart. For more information about these...

6.5CVSS7.1AI score0.00392EPSS
Exploits0References1
Rows per page
Query Builder