Lucene search
K

2003 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-52980

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with...

6.2AI score0.00168EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 6:49 p.m.9 views

CVE-2026-52980

A flaw was found in the Linux kernel's sched/fair scheduler. When a new schedentity is forked, its reldeadline may be unexpectedly set, leading to an abnormally large deadline value. If the task later calls schedyield, this inflated deadline can cause an overflow in vruntime calculations. This ca...

7CVSS5.8AI score0.00168EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38848

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...

5.8AI score0.00168EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2026/06/24 5:19 p.m.17 views

CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch FCEB agencies to apply the fixes by June 26, 2026. The vulnerability in question...

9.8CVSS7.5AI score0.00889EPSS
Exploits1
NVD
NVD
added 2026/06/24 5:17 p.m.7 views

CVE-2026-52980

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...

0.00168EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 4:28 p.m.3 views

CVE-2026-52980 sched/fair: Clear rel_deadline when initializing forked entities

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Clear reldeadline when initializing forked entities A yield-triggered crash can happen when a newly forked schedentity enters the fair class with se-reldeadline unexpectedly set. The failing sequence is: 1. A task is...

5.8AI score0.00168EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 4:28 p.m.8 views

CVE-2026-52980

The CVE-2026-52980 issue affects the Linux kernel’s CFS scheduler: when forking a task, rel_deadline may be inherited in sched_entity, causing a relative deadline to be treated as absolute during the first enqueue. This leads to an inflated vruntime after yield_task_fair(), potential overflow of ...

5.8AI score0.00168EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-51874

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A crash can occur when a newly forked sched entity enters the fair class with se-rel deadline unexpectedly set. This happens because the sched fork function fails to clear rel deadline...

6AI score0.00168EPSS
Exploits0References13
The Hacker News
The Hacker News
added 2026/06/22 12:45 p.m.35 views

Google Sets Sept. 30 Deadline for Android Developer Verification in Four Countries

Google has set September 30, 2026, as the day it begins enforcing Android developer verification in the first four countries, and the major device-maker app stores are in from the start. On that date, certified Android phones in Brazil, Indonesia, Singapore, and Thailand will block normal install...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.31 views

RockyLinux 8 : kernel-rt (RLSA-2026:27354)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:27354 advisory. kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip unrelated mode...

9.8CVSS6.8AI score0.00353EPSS
Exploits11References17
AlmaLinux
AlmaLinux
added 2026/06/19 12:0 a.m.10 views

Important: kernel-rt security, bug fix, and enhancement update

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service CVE-2026-31419 kernel: drm/amd/display: Do not skip...

9.8CVSS6.5AI score0.00353EPSS
Exploits11References18
The Hacker News
The Hacker News
added 2026/06/17 5:50 a.m.14 views

CISA Warns of Actively Exploited Joomla JCE Flaw Allowing PHP Code Execution

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added a maximum-severity security flaw impacting Widget Factory Joomla Content Editor JCE to its Known Exploited Vulnerabilities KEV catalog, citing evidence of active exploitation. The vulnerability, tracked as...

10CVSS6.2AI score0.80425EPSS
Exploits19
NVD
NVD
added 2026/06/07 8:16 p.m.15 views

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS0.00311EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/07 7:30 p.m.10 views

CVE-2026-11460

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/07 7:30 p.m.8 views

CVE-2026-11460 Boost Serialization improper validation of specified type of input

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References6
CVE
CVE
added 2026/06/07 7:30 p.m.31 views

CVE-2026-11460

Boost Serialization up to 1.91 has an improper validation flaw in an unknown function. The vulnerability can be exploited remotely; the exploit has been published. No patch is currently available and the disclosure deadline has expired; maintainers were notified in Aug 2025.

7.5CVSS6.8AI score0.00311EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/07 12:0 a.m.17 views

PT-2026-47187

A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initiate the attack remotely. The exploit has been published and may be used. The maintainer was notifie...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References7
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-45360 Apache Airflow: Arbitrary import in custom deadline-reference deserialization

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS5.7AI score0.00651EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/01 10:29 a.m.8 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference. A DAG author whose code reaches the scheduler — the default on single-host deployments where the DAG...

7.3CVSS5.5AI score0.00651EPSS
Exploits0References2
PyPA
PyPA
added 2026/06/01 9:16 a.m.13 views

PYSEC-2026-186

Apache Airflow's scheduler-side deadline-reference decoder SerializedCustomReference.deserializereference imported and dispatched arbitrary class paths drawn from DAG-author-controlled serialized state without an allowlist or plugin-registry gate. A DAG author whose code reaches the scheduler — t...

7.3CVSS6AI score0.00651EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder