Lucene search
K

1365 matches found

ATTACKERKB
ATTACKERKB
added 2026/02/18 2:53 p.m.6 views

CVE-2025-71235

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

5AI score0.00118EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2026/02/18 2:53 p.m.6 views

CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

5.5CVSS5.2AI score0.00118EPSS
Exploits0References11
hivepro
hivepro
added 2026/02/17 11:51 a.m.4 views

Attackers Don’t Need Signatures. Neither Should Your Defense.

How signatureless detection closes the most dangerous gap in enterprise vulnerability management — and why CISOs are rethinking their approach to exposure. Continuous Threat Exposure Management The Hidden Limitation Costing You Sleep Every CISO faces the same unanswered question after a board...

6.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/02/14 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/io-wq: check IOWQBITEXIT inside work run loop Currently this is checked before running the pending work. Normally this is quite fine, as work items eith...

5.5CVSS6AI score0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/02/12 7:15 p.m.11 views

CVE-2026-21435

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

7.5CVSS0.00413EPSS
Exploits0References2
OSV
OSV
added 2026/02/12 3:29 p.m.4 views

GHSA-PX4R-G4P3-HHQV webtransport-go: CloseWithError can block indefinitely

Summary An attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream, blocking transmission of the WTCLOSESESSION capsule and causing the close operati...

5.3CVSS5.7AI score0.00413EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.5 views

PT-2026-7628

An issue was discovered in OpenSatKit 2.2.1. The DirName field in the telecommand is provided by the ground segment and must be treated as untrusted input. The program copies DirName into the local buffer DirWithSep using strcpy. The size of this buffer is OS MAX PATH LEN. If the length of DirNam...

5.9AI score0.00199EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.4 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: cups (UTSA-2026-005326)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005326 advisory. OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sen...

5.5CVSS5.5AI score0.00195EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/02/09 8:35 p.m.7 views

Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...

8.8CVSS6AI score0.00502EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/09 8:35 p.m.3 views

GHSA-2453-MPPF-46CJ Craft CMS Vulnerable to SQL Injection in Element Indexes via `criteria[orderBy]`

Summary The element-indexes/get-elements endpoint is vulnerable to SQL Injection via the criteriaorderBy parameter JSON body. The application fails to sanitize this input before using it in the database query. An attacker with Control Panel access can inject arbitrary SQL into the ORDER BY clause...

8.7CVSS6.1AI score0.00502EPSS
Exploits1References6
Veracode
Veracode
added 2026/02/05 6:32 a.m.6 views

Integer Overflow

Apache HTTP Server is vulnerable to an integer overflow. The vulnerability is due to an integer overflow in the ACME certificate renewal backoff logic after repeated renewal failures, which allows an attacker or misconfiguration to trigger continuous, delay-free renewal attempts...

7.5CVSS7.6AI score0.00402EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/01/30 1:42 p.m.6 views

SUSE-SU-2026:0350-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to fix various security issues The following security issues were fixed: - CVE-2022-50282: chardev: fix error handling in cdevdeviceadd bsc1249739. - CVE-2022-50630: mm: hugetlb: fix UAF in hugetlbhandleuserfault bsc1254785. - CVE-2022-50700:...

7.8CVSS7AI score0.00465EPSS
Exploits2References145
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.12 views

SUSE SLES15: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2026:0317-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0317-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: -...

7.8CVSS7.2AI score0.00465EPSS
Exploits2References1224
OSV
OSV
added 2026/01/29 1:32 p.m.4 views

CLSA-2026-1769693558 cups: Fix of CVE-2025-58436

CVE-2025-58436: fix issue where slow messages could delay cupsd...

5.5CVSS5.8AI score0.00195EPSS
Exploits1References1
OSV
OSV
added 2026/01/28 7:19 p.m.7 views

CVE-2025-68934 Discourse Has Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, authenticated users can submit crafted payloads to /drafts.json that cause On^2 processing in Base62.decode, tying up workers for 35-60 seconds per request. This affects all users as t...

6.5CVSS5.8AI score0.00235EPSS
Exploits0References3
OSV
OSV
added 2026/01/27 9:50 a.m.7 views

CLSA-2026-1769507433 cups: Fix of CVE-2025-58436

CVE-2025-58436: fix issue where slow messages could delay cupsd...

5.5CVSS6AI score0.00195EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.9 views

PT-2026-4930

Name of the Vulnerable Software and Affected Versions Phpscript-sgh version 0.1.0 Description The software contains a time-based blind SQL injection issue in the admin interface. Attackers can manipulate database queries through the id parameter. Exploitation involves crafting malicious payloads...

8.8CVSS5.4AI score0.00297EPSS
Exploits0References6
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.17 views

DoS due to improper input validation vulnerability in Apache Tomcat - CVE-2024-24549

A vulnerability was found in the Tomcat package due to its handling of HTTP/2 requests. Specifically, when an HTTP/2 request surpasses the predetermined limits for headers configured within the server, the associated HTTP/2 stream isn't reset immediately. Instead, the reset action occurs only aft...

7.5CVSS5.8AI score0.23072EPSS
Exploits1
CVE
CVE
added 2026/01/26 7:36 p.m.25 views

CVE-2026-1190

Summary: CVE-2026-1190 affects Keycloak when used as a SAML client; it fails to validate the NotOnOrAfter timestamp in SubjectConfirmationData, allowing an attacker to delay SAML response expiration and potentially extend valid session duration. What’s affected: Keycloak’s SAML brokering function...

3.1CVSS5.8AI score0.00369EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4811

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language SAML setup, it fails to validate the NotOnOrAfter timestamp within the SubjectConfirmationData. This allows an attacker to delay the expiration of SAML...

3.1CVSS5.8AI score0.00369EPSS
Exploits0References3
Rows per page
Query Builder