Lucene search
K

152 matches found

Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007614)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007614 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data...

5.9AI score0.0018EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/16 9:54 p.m.11 views

Flowise: Cypher Injection in GraphCypherQAChain

Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...

9.8CVSS6.2AI score0.00504EPSS
Exploits1References3Affected Software2
OSV
OSV
added 2026/03/20 5:25 p.m.3 views

GHSA-564F-WX8X-878H Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.3CVSS5.8AI score0.00211EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/20 5:25 p.m.7 views

Vikunja read-only users can delete project background images via broken object-level authorization

Summary The DELETE /api/v1/projects/:project/background endpoint checks CanRead permission instead of CanUpdate, allowing any user with read-only access to a project to permanently delete its background image. Details The RemoveProjectBackground handler pkg/modules/background/handler/background.g...

5.4CVSS5.8AI score0.00211EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.12 views

IBM DB2 Recovery Expert 安全漏洞

IBM DB2 Recovery Expert is a database recovery tool developed by IBM. Version 5.5 IF 2 of IBM Db2 Recovery Expert contains a security vulnerability. This vulnerability stems from an insecure mechanism used to verify data integrity during transmission, which could allow attackers to modify or...

9.1CVSS5.8AI score0.00152EPSS
Exploits0References1
Debian
Debian
added 2026/02/21 2:42 a.m.8 views

[SECURITY] [DLA 4486-1] nova security update

Debian LTS Advisory DLA-4486-1 [email protected] https://www.debian.org/lts/security/ Carlos Henrique Lima Melara February 20, 2026 https://wiki.debian.org/LTS Package : nova Version : 2:22.4.0-1deb11u7 CVE ID : CVE-2026-24708 Debian Bug : 1128294 Dan Smith discovered that nova, a cloud...

8.2CVSS5.8AI score0.00341EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.7 views

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Nova vulnerability (USN-8049-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8049-1 advisory. Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use th...

8.2CVSS5.8AI score0.00341EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 6:30 p.m.7 views

GHSA-M4F3-QP2W-GWH6 OpenStack Nova calls qemu-img without format restrictions for resize

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.9AI score0.00341EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/18 12:0 a.m.7 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/18 12:0 a.m.7 views

CVE-2026-24708

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in a...

8.2CVSS5.5AI score0.00341EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/02/17 4:40 p.m.3 views

USN-8049-1: Nova vulnerability

Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...

8.2CVSS5.6AI score0.00341EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.4 views

PT-2026-20566

Dan Smith discovered that Nova incorrectly called qemu-img without a format restriction when resizing disks. An attacker could possibly use this issue to destroy data on the host system...

8.2CVSS5.6AI score0.00341EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:19 a.m.7 views

CVE-2021-31850

A denial-of-service vulnerability in Database Security DBS prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. The configuration of Archiving through the User interface incorrectly allowed the creation of directories and files i...

6.1CVSS6.6AI score0.00967EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 11:6 p.m.11 views

EUVD-2025-205801

RustFS has a gRPC Hardcoded Token Authentication Bypass...

9.8CVSS6.5AI score0.2903EPSS
Exploits3References3
NVD
NVD
added 2025/12/30 5:15 p.m.7 views

CVE-2025-68926

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

9.8CVSS0.2903EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/12/30 4:59 p.m.32 views

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

9.8CVSS0.2903EPSS
Exploits3References1
CVE
CVE
added 2025/12/30 4:59 p.m.26 views

CVE-2025-68926

CVE-2025-68926 – RustFS hardcoded gRPC token authentication bypass . Affected RustFS versions prior to 1.0.0-alpha.78 expose a publicly visible hardcoded token, “rustfs rpc”, used for gRPC authentication on both client and server. The token is non-configurable and identical across deployments, en...

9.8CVSS6.7AI score0.2903EPSS
Exploits3References1Affected Software1
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203741

In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...

6AI score0.0018EPSS
Exploits0References5
OSV
OSV
added 2025/12/16 3:15 p.m.8 views

AZL-72469 CVE-2025-68261 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function ext4destroyinlinedatanolock changes the inode data layout by clearing EXT4INODEINLINEDATA and...

5.9AI score0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 2:45 p.m.15 views

CVE-2025-68261

CVE-2025-68261 concerns a race in ext4 where inline data destruction (ext4_destroy_inline_data_nolock) and block mapping (ext4_map_blocks) can concurrently modify inode layout, causing a state where EXT4_INODE_EXTENTS flag is observed incorrectly and triggers a kernel BUG in fs/ext4/indirect.c (l...

6.1AI score0.0018EPSS
Exploits0References9
Rows per page
Query Builder