Lucene search
K

9204 matches found

SUSE CVE
SUSE CVE
added 2026/05/07 2:20 a.m.15 views

SUSE CVE-2026-35579

CoreDNS is a DNS server written in Go. In versions prior to 1.14.3, the gRPC, QUIC, DoH, and DoH3 transport implementations incorrectly handle TSIG authentication. For gRPC and QUIC, the server checks whether the TSIG key name exists in the configuration but never calls dns.TsigVerify to validate...

9.8CVSS5.8AI score0.0051EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/07 2:16 a.m.7 views

SUSE CVE-2026-43262

In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2fiemap, we are calling iomapfiemap while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page...

5.5CVSS5.9AI score0.00114EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.9 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained security vulnerabilities. These vulnerabilities stemmed from users with the PERMEDITUSERS privilege being able t...

5.4CVSS5.8AI score0.00262EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/06 9:52 p.m.8 views

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the gRPC management server. An attacker can access sensitive BGP configuration and manipulate routing decisions by sending unauthorized gRPC requests from any pod within the cluster. This...

6.3CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/05/06 9:16 p.m.7 views

CVE-2026-40332

Masa CMS is affected by an Open Redirect vulnerability due to improper handling of scheme-relative URLs. The application incorrectly interprets paths beginning with double slashes // as internal paths, failing to validate the redirect target before processing. The application treats these values ...

5.3CVSS0.00328EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.8 views

CVE-2026-27960

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. In versions 6.6.0 through 6.9.12, there is a privilege escalation vulnerability that can be exploited by unauthenticated attackers to query the API as any existing user, including the default admi...

9.8CVSS5.7AI score0.0048EPSS
Exploits1References1
NVD
NVD
added 2026/05/06 8:16 p.m.29 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS0.00476EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/06 7:36 p.m.8 views

CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/05/06 7:36 p.m.14 views

CVE-2026-40171

In Jupyter Notebook versions 7.0.0 through 7.5.5, JupyterLab versions 4.5.6 and earlier, and the corresponding @jupyter-notebook/help-extension and @jupyterlab/help-extension packages before 7.5.6 and 4.5.7, a stored cross-site scripting issue in the help command linker can be chained with...

8.4CVSS6AI score0.00476EPSS
Exploits0
EUVD
EUVD
added 2026/05/06 12:30 p.m.21 views

EUVD-2026-27659

In the Linux kernel, the following vulnerability has been resolved: gfs2: fiemap page fault fix In gfs2fiemap, we are calling iomapfiemap while holding the inode glock. This can lead to recursive glock taking if the fiemap buffer is memory mapped to the same inode and accessing it triggers a page...

5.9AI score0.00114EPSS
Exploits0References8
CVE
CVE
added 2026/05/06 11:27 a.m.13 views

CVE-2026-43147

CVE-2026-43147 concerns a deadlock in the Linux kernel SR-IOV removal path. The issue arises when sriov_del_vfs() is invoked during pci_stop_and_remove_bus_device(), causing a recursive lock acquisition on pci_rescan_remove_lock and leading to system unresponsiveness. The public description confi...

5.5CVSS5.8AI score0.00095EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/05/06 10:16 a.m.14 views

CVE-2026-43087

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

5.5CVSS0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/05/06 7:40 a.m.21 views

CVE-2026-43087

The CVE-2026-43087 issue affects the Linux kernel’s pinctrl/mcp23s08 driver. Root cause: during probe, reg_defaults were removed from the regmap, causing the MCP_GPINTEN value to be read from the chip (possibly non-zero) and trigger a nested IRQ handler that may not exist, leading to a kernel cra...

5.5CVSS5.8AI score0.00107EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:40 a.m.9 views

CVE-2026-43087

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

5.8AI score0.00107EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/06 7:40 a.m.29 views

CVE-2026-43087 pinctrl: mcp23s08: Disable all pin interrupts during probe

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

0.00107EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/06 7:40 a.m.6 views

CVE-2026-43087

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

5.5CVSS5.7AI score0.00107EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-23631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica...

8.8CVSS5.8AI score0.01782EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.9 views

PT-2026-37397

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Disable all pin interrupts during probe A chip being probed may have the interrupt-on-change feature enabled on some of its pins, for example after a reboot. This can cause the chip to generate interrupts for...

5.8AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-37602

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the gfs2 fiemap function where iomap fiemap is called while the inode glock global lock is held. This can result in recursive glock acquisition if the fiemap buffer is...

7.8CVSS5.9AI score0.00378EPSS
Exploits0References120
Github Security Blog
Github Security Blog
added 2026/05/05 9:53 p.m.8 views

Prometheus vulnerable to stored XSS via crafted histogram bucket label values in the old web UI heatmap display

Impact In the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them into the HTML for use as axis tick mark labels. An attacker who can inject crafted metrics e.g. via a...

6.1CVSS6AI score0.00182EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder