Lucene search
K

9199 matches found

Cvelist
Cvelist
added 2026/05/27 12:58 p.m.39 views

CVE-2026-46074 spi: ch341: fix memory leaks on probe failures

In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB on probe failures to mirror disconnect and avoid memory leaks and use-after-free. Also add an...

0.00119EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 12:56 p.m.21 views

CVE-2026-46036

The CVE covers a race in the Linux kernel vfio/cdx driver where concurrent VFIO_DEVICE_SET_IRQS ioctls can observe inconsistent state of config_msi and cdx_irqs, leading to use-after-free of the cdx_irqs array. A per-device mutex (cdx_irqs_lock) is added to struct vfio_cdx_device and is acquired ...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:18 p.m.39 views

CVE-2026-45977 fbnic: close fw_log race between users and teardown

In the Linux kernel, the following vulnerability has been resolved: fbnic: close fwlog race between users and teardown Fixes a theoretical race on fwlog between the teardown path and fwlog write functions. fwlog is written inside fbnicfwlogwrite and can be reached from the mailbox handler...

0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 11:16 a.m.16 views

CVE-2026-42749

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS0.00243EPSS
Exploits0References1
CVE
CVE
added 2026/05/27 9:49 a.m.20 views

CVE-2026-42749

CVE-2026-42749 concerns a vulnerability in the WordPress plugin “Disable Comments for Any Post Types (Remove comments)” by Themeisle. Connected documents specify a Broken Authentication issue that enables an authentication bypass via an alternate path/channel, with potential for “Password Recover...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 9:49 a.m.6 views

CVE-2026-42749

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/27 9:49 a.m.32 views

CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS0.00243EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:49 a.m.10 views

EUVD-2026-32198

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 9:49 a.m.7 views

CVE-2026-42749 WordPress Disable Comments for Any Post Types (Remove comments) plugin <= 1.3.0 - Broken Authentication vulnerability

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
RubySec
RubySec
added 2026/05/27 12:0 a.m.57 views

Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion

Impact PROXY protocol support for Puma was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma reads incoming bytes into an internal buffer. It waits for "\r\n" to determine whether a PROXY v1 line is present. If an attacker opens a TCP connection and continuously sends bytes...

5.8AI score0.0007EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Disable Comments for Any Post Types (Remove comments) 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43658

Authentication Bypass Using an Alternate Path or Channel vulnerability in Themeisle Disable Comments for Any Post Types Remove comments comments-plus allows Password Recovery Exploitation.This issue affects Disable Comments for Any Post Types Remove comments: from n/a through = 1.3.0...

7.1CVSS5.8AI score0.00243EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-43690

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor fw unplug This patch removes the MCU halt and wait for halt procedures during panthor fw unplug as the MCU can be in a variety of states or the FW may not even be...

5.7AI score0.00137EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.12 views

CVE-2026-46031

net: ks8851: Reinstate disabling of BHs around IRQ handler...

7.5CVSS5.8AI score0.0037EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-46031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851irq AND a TX packet has been sent, then the driver enables TX queue via...

7.5CVSS5.8AI score0.0037EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/25 10:41 a.m.7 views

CVE-2026-46745

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

5.8AI score0.00574EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 10:41 a.m.49 views

CVE-2026-46745 Apache Airflow FAB provider: LDAP Filter Injection in FAB Auth Manager _search_ldap reachable via /auth/token

Apache Airflow FAB Auth Manager contains an LDAP filter injection vulnerability CWE-90 that allows unauthenticated attackers to exfiltrate directory data or bypass authentication. Upgrade to apache-airflow-providers-fab 3.6.4 or later. If immediate upgrade is not possible, disable LDAP...

0.00574EPSS
Exploits0References2
OSV
OSV
added 2026/05/25 9:50 a.m.8 views

MAL-2026-4419 Malicious code in @pmate/utils (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d918da5fdc17486ed55296e53c1de2f1d976895f77e33dc7f73991e36f393502 The exported detectTextimageBase64 function in src/detectText.ts sends caller-supplied image content to...

5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.19 views

PT-2026-43033

Name of the Vulnerable Software and Affected Versions apache-airflow-providers-fab versions prior to 3.6.4 Description Apache Airflow FAB Auth Manager is subject to an LDAP filter injection, which occurs when user-supplied input is improperly sanitized before being used in an LDAP filter. This...

5.8AI score0.00574EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/25 12:0 a.m.13 views

Oracle Linux 8 : firefox (ELSA-2026-19588)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2026-19588 advisory. 140.10.1-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 - diable wasisdk to prevent build failure with newer llvm 140.10.1 -...

9.6CVSS5.8AI score0.00375EPSS
Exploits0References5
Rows per page
Query Builder