Lucene search
K

9199 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/02 3:38 p.m.11 views

CVE-2026-42074

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...

9.3CVSS6AI score0.00544EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/02 2:15 p.m.8 views

EEF-CVE-2026-48862 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency

Summary Allocation of Resources Without Limits or Throttling vulnerability in elixir-mint Mint allows attacker-controlled HTTP/2 servers to exhaust memory in a Mint client via PUSHPROMISE flooding. In lib/mint/http2.ex, Mint.HTTP2.decodepushpromiseheadersandaddresponse/5 inserts a :reservedremote...

8.2CVSS5.9AI score0.00384EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 12:31 a.m.15 views

EUVD-2026-33798

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.4 views

WordPress plugin Slider Revolution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.5AI score0.00153EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 10:16 p.m.14 views

CVE-2026-0086

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS0.00075EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.35 views

CVE-2026-0086

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.11 views

CVE-2026-0086

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 9:14 p.m.29 views

CVE-2026-0086

CVE-2026-0086 affects the Android component DisableSupervisionActivity.kt, where in onCreate a missing null check can permit deletion of supervision data. This enables local escalation of privilege without extra execution privileges and without user interaction. CVSSv3.1 vector (L, L, N, U) yield...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0086

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 2:48 p.m.28 views

PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)

This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...

8.5CVSS5.9AI score0.96775EPSS
Exploits228References1
RedhatCVE
RedhatCVE
added 2026/06/01 1:41 p.m.12 views

CVE-2026-9759

A flaw was found in the ROHC dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a NULL pointer dereference, resulting in a denial of service. Mitigation If the ROHC protocol dissector is not being used, it can be disabled via the...

5.5CVSS5.7AI score0.00092EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.17 views

PT-2026-45592

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00075EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from a lack of null value checks in the onCreate function within DisableSupervisionActivity.kt. This vulnerability may lead to local privileg...

6.8CVSS5.2AI score0.00075EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-476417007

In onCreate of DisableSupervisionActivity.kt, there is a possible way to delete supervision data due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

6.8CVSS5.9AI score0.00075EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/31 9:11 p.m.11 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.8 views

RockyLinux 9 : kernel (RLSA-2026:21556)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21556 advisory. kernel: proc: use the same treatment to check proclseek as ones for procreaditer et.al CVE-2025-38653 kernel: ima: don't clear IMADIGSIG flag when setti...

9.4CVSS6.2AI score0.00514EPSS
Exploits0References39
Cvelist
Cvelist
added 2026/05/29 1:13 p.m.39 views

CVE-2026-45610 WWBN AVideo plugin/LoginControl/set.json.php: 2FA toggle endpoint has no CSRF protection, letting an attacker page silently disable a logged-in victim's 2FA

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...

5.7CVSS0.0011EPSS
Exploits0References1
CVE
CVE
added 2026/05/29 1:13 p.m.21 views

CVE-2026-45610

CVE-2026-45610 relates to a CSRF vulnerability in WWBN AVideo where plugin/LoginControl/set.json.php exposes a 2FA disable action (type=set2FA) without CSRF protection. The code path checks only User::isLogged() and then directly calls LoginControl::setUser2FA(User::getId(), …) based on POST valu...

6.5CVSS5.7AI score0.0011EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/05/29 8:17 a.m.8 views

WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by dodoh4t in WordPress Plugin Disable Comments for Any Post Types Remove comments versions = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/28 10:16 a.m.17 views

CVE-2026-46241

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registration fails to avoid a potential use-after-free and resource leak. This issue was flagged by Sashiko...

7.8CVSS0.00125EPSS
Exploits0References4
Rows per page
Query Builder