Lucene search
K

9199 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: igb: The napisynchronize function was removed from igbdown. When an AFXDP zero-copy application terminates abruptly e.g., using kill -9, the XSK buffer pool is destroyed, but NAPI polling continues. The igbcleanrxirqzc functio...

5.5CVSS5.6AI score0.00112EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: iavf: Freeing qvectors before queues in iavfdisablevf. The iavffreequeues function clears adapter-numactivequeues, which iavffreeqvectors relies on. Therefore, the order of these two function calls in iavfdisablevf needs to be...

5.5CVSS6AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/amdgpu: fixed the gart.bo pincount leak. gmcv9,100gartdisable is not called when there’s no corresponding gartenable function in the SRIOV case. This will lead to a gart.bo pincount leak when the driver is unloaded...

5.5CVSS5.3AI score0.00222EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add the missing .thawnoirq hook The following warning is observed when using non-console UART instances during system hibernation: 37.371969 ------------ Cut here --- 37.376599 uart3rootclk already disabled 37.380810...

5.5CVSS5.8AI score0.0016EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux - уязвимость в cloud-init

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded URL with a local IP address. To prevent this, cloud-init’s default configurations disable platform enumeration...

8.8CVSS5.4AI score0.00205EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.1 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: usb: phy: fsl-usb: Fixed a use-after-free issue during delayed work when removing a device. The delayed work item, otgevent, is initialized in fslotgconf and scheduled under two conditions: 1. When a host controller binds to the...

5.2AI score0.00181EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disabled the unnecessary interrupt to avoid kernel panic. There is a hardware bug where the interrupt STMBUFHALF may be triggered after or when the interrupt is disabled. This can lead to unexpected kernel panics...

5.3AI score0.002EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.7 views

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021601)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021601 advisory. In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvmedevdisable nvmedevdisable modifies the...

4.7CVSS6.8AI score0.00165EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 9:50 p.m.11 views

Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8 The package's advertised logging API debug/info/warn/error/critical unconditionally POSTs every log payload — message, level, category, and source — ...

5.3AI score
Exploits0References3
OSV
OSV
added 2026/05/19 9:50 p.m.9 views

MAL-2026-4767 Malicious code in silly-logger (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a57b518b6dcdb16913e105cd371fe81d367a85f81599d4468819bbe77ccb68b8 The package's advertised logging API debug/info/warn/error/critical unconditionally POSTs every log payload — message, level, category, and source — ...

5.3AI score
Exploits0References3
OSV
OSV
added 2026/05/19 12:31 p.m.3 views

GHSA-G868-J3QM-4J28 georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS5.7AI score0.00386EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.8 views

georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS5.7AI score0.00386EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/19 10:16 a.m.15 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:22 a.m.12 views

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:22 a.m.32 views

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/18 7:32 p.m.221 views

Exploit for Out-of-bounds Write in Linux Linux_Kernel

CVE-2026-43500 / CVE-2026-43284 / Dirty Frag mitigation rxrpc...

8.8CVSS7.3AI score0.96775EPSS
Exploits257
RedhatCVE
RedhatCVE
added 2026/05/18 2:52 p.m.14 views

CVE-2026-42183

A flaw was found in Argo Workflows. This flaw, a nil pointer dereference in the rbacAuthorization function, affects Single Sign-On SSO users. When SSODELEGATERBACTONAMESPACE is enabled, an authenticated SSO user whose claims match a namespace-level Role-Based Access Control RBAC rule but not an...

6.5CVSS5.8AI score0.00377EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/18 2:43 p.m.11 views

CVE-2026-6735

A flaw was found in PHP, specifically within the PHP-FPM status page. Due to improper sanitation of user data, a remote attacker can craft a malicious URL. When a user views the PHP-FPM status page with this crafted URL, it can lead to the execution of arbitrary JavaScript code Cross-Site Scripti...

8.8CVSS6AI score0.0021EPSS
Exploits1References4
Snyk
Snyk
added 2026/05/18 1:26 p.m.7 views

Insertion of Sensitive Information Into Sent Data

Overview n8n-mcp is an Integration between n8n workflow automation and Model Context Protocol MCP Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data in the telemetry sanitization process in event-validator.ts. An operator with access to the...

6.5CVSS5.7AI score0.00262EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 1:26 p.m.7 views

GHSA-F3RG-XQJJ-CJ9W n8n-MCP: Workflow telemetry sanitizer could retain partial values from URL-shaped node parameters

Summary In affected versions of n8n-mcp, the workflow telemetry sanitizer could retain partial fragments of URL-shaped node parameters before sending workflow data to the project's anonymous telemetry backend. Values placed in HTTP-Request-style node parameters — such as customer or tenant...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References6
Rows per page
Query Builder