Lucene search
+L

246 matches found

NVD
NVD
added 2 days ago9 views

CVE-2026-15783

A missing authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with write access to any repository to read metadata from private repositories they did not have access to, including private repository owners and names, branch names, commit SHAs,...

5.3CVSS0.00273EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.11 views

CVE-2026-53440

A flaw was found in Jenkins. This vulnerability allows a remote attacker to perform phishing attacks. The 'Delegate to servlet container' security realm does not properly validate the 'from' parameter, which can be manipulated to redirect users to an attacker-controlled domain after they log in...

4.3CVSS5.9AI score0.00239EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.16 views

Astra Linux – Vulnerability in libxml2

A flaw was discovered in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function, where an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by...

5.9CVSS5.8AI score0.00755EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/06/19 5:29 a.m.102 views

imagemagick-gs-delegate-hijack-poc

ImageMagick Ghostscript Delegate Search Path PoC This reposit...

5.8AI score
Exploits0
OSV
OSV
added 2026/06/12 8:43 a.m.6 views

BIT-JENKINS-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.3AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 2026/06/10 2:16 p.m.2 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS6AI score
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 1:6 p.m.47 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

0.00239EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 1:6 p.m.12 views

EUVD-2026-36024

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/10 1:6 p.m.9 views

CVE-2026-53440

Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attackers to perform phishing attacks by redirecting users to an attacker-controlled domain...

4.3CVSS5.5AI score0.00239EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 10:16 p.m.23 views

CVE-2026-44471

gitoxide is an implementation of git written in Rust. Prior to 0.21.1, a malicious tree can be constructed that will, when checked out with gitoxide, permit writing an attacker-controlled symlink into any existing directory the user has write access to. During checkout, all symlink index entries...

7.8CVSS0.00248EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/04/12 11:24 p.m.5 views

SUSE CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

4.7CVSS5.8AI score0.00086EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/10 9:28 p.m.2 views

libxml2: libxml2: Denial of Service via uncontrolled recursion in XML catalog processing

A flaw was found in libxml2, an XML parsing library. This uncontrolled recursion vulnerability occurs in the xmlCatalogXMLResolveURI function when an XML catalog contains a delegate URI entry that references itself. A remote attacker could exploit this configuration-dependent issue by providing a...

5.9CVSS6.1AI score0.00755EPSS
Exploits1References5
EUVD
EUVD
added 2026/04/10 6:31 p.m.3 views

EUVD-2026-21394

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

4.7CVSS5.8AI score0.00086EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 4:16 p.m.7 views

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

5.5CVSS0.00086EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/04/10 4:16 p.m.4 views

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

5.5CVSS5.8AI score0.00086EPSS
Exploits0References2
OSV
OSV
added 2026/04/10 4:16 p.m.4 views

UBUNTU-CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

5.5CVSS5.8AI score0.00086EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/10 4:7 p.m.3 views

Incorrect Behavior Order

Overview Affected versions of this package are vulnerable to Incorrect Behavior Order in the Delegate process when the User parameter is unset and the unit is running. An attacker can cause a system service to terminate unexpectedly by creating or manipulating a unit with these settings. This is...

5.7CVSS5.8AI score0.00086EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/10 3:10 p.m.35 views

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

4.7CVSS0.00086EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/04/10 3:10 p.m.5 views

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

5.5CVSS5.2AI score0.00086EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/10 3:10 p.m.5 views

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

4.7CVSS5.8AI score0.00086EPSS
Exploits0References1
Rows per page
Query Builder