Lucene search
K

9201 matches found

CloudLinux
CloudLinux
added 2026/05/02 12:55 a.m.10 views

glusterfs: Fix of 2 CVEs

CVE-2018-10923: posix: disable open/read/write on special files - CVE-2018-14651: server: don't allow '/' in basename...

8.8CVSS7AI score0.03225EPSS
Exploits0
EUVD
EUVD
added 2026/05/01 2:14 p.m.10 views

EUVD-2026-26547

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

5.8AI score0.00121EPSS
Exploits0References3
CVE
CVE
added 2026/05/01 2:14 p.m.14 views

CVE-2026-31734

CVE-2026-31734 (Linux kernel sched_ext) has been fixed. The issue was a false negative where is_bpf_migration_disabled() could be incorrect on systems without CONFIG_PREEMPT_RCU, causing migration_disabled == 1 to be treated as truly migration-disabled even for the current task. The BPF prolog no...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/01 2:14 p.m.5 views

CVE-2026-31734

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix isbpfmigrationdisabled false negative on non-PREEMPTRCU Since commit 8e4f0b1ebcf2 "bpf: use rcureadlockdontmigrate for trampoline.c", the BPF prolog bpfprogenter calls migratedisable only when CONFIGPREEMPTRCU is...

5.8AI score0.00121EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/01 12:0 a.m.8 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from false negatives in the migration disable check under the PREEMPTRCU configuration. This could lea...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/30 5:34 p.m.8 views

CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

9.1CVSS5.7AI score0.00367EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/04/30 5:34 p.m.5 views

GHSA-CG4X-64P3-X59H CKAN has Unauthenticated Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to bypass authorization in order to gain access to private resources and PostgreSQL system information Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

8.8CVSS5.8AI score0.00367EPSS
Exploits0References7
Snyk
Snyk
added 2026/04/30 5:34 p.m.10 views

Incorrect Authorization

Overview ckan is a world’s leading Open Source data portal platform. It powers dozens of Open Data portals around the world, including data.gov, open.canada.ca and europeandataportal.eu but also regional, research and community organizations. It makes easy to publish, share and find data online a...

9.1CVSS5.8AI score0.00367EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/30 5:25 p.m.13 views

Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS

Impact A stored Cross-Site Scripting XSS vulnerability in Jupyter Notebook allows attackers to steal authentication tokens from users who open malicious notebook files and interact with elements that the attacker can make look indistinguishable from legitimate controls single click interaction. T...

8.4CVSS5.7AI score0.00476EPSS
Exploits0References4Affected Software4
OSV
OSV
added 2026/04/30 3:55 p.m.6 views

USN-8226-1 kmod update

It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...

7.8CVSS6.1AI score0.96775EPSS
Exploits228References3
NVD
NVD
added 2026/04/30 3:16 p.m.4 views

CVE-2026-7500

When Keycloak is started with --features-disabled=account,account-api, the Account REST API is only partially disabled. Five endpoints under the versioned path /account/v1alpha1 remain fully functional — including both read and write operations — because they lack the checkAccountApiEnabled gate...

5.4CVSS0.00232EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/30 1:37 p.m.5 views

CVE-2026-5545

A flaw was found in libcurl. An application using libcurl that performs an authenticated HTTPS request after a Negotiate-authenticated one to the same host may incorrectly reuse the previous connection. This authentication bypass vulnerability allows the second request to be sent over a connectio...

6.5CVSS5.4AI score0.00414EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2026/04/30 11:16 a.m.77 views

Exploit for CVE-2026-31431

Copy Fail - CVE-2026-31431 Detector and Mitigator !Bashhtt...

7.8CVSS5.8AI score0.96775EPSS
Exploits228
GithubExploit
GithubExploit
added 2026/04/30 9:56 a.m.124 views

Exploit for CVE-2026-31431

Wazuh SCA policy: Copy Fail CVE-2026-31431 This policy file...

7.8CVSS5.7AI score0.96775EPSS
Exploits228
HackRead
HackRead
added 2026/04/30 7:25 a.m.9 views

9-Year-Old Linux Kernel Vulnerability “Copy Fail” Enables Full Root Access

Linux Kernel Vulnerability “Copy Fail” lets attackers gain root access via memory flaw. Patch now or disable algifaead to stay secure...

5.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.8 views

Amazon Linux 2023 : ngtcp2, ngtcp2-crypto-gnutls, ngtcp2-crypto-gnutls-devel (ALAS2023-2026-1633)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1633 advisory. ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2qlogparameterssettransportparams serializes peer transport parameters into a fixed 1024-byte stack buffer...

7.5CVSS6.1AI score0.00776EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/04/29 11:11 p.m.12 views

CKAN has Unauthenticated SQL Injection and Authorization Bypass in `datastore_search_sql`

Impact A vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information. Patches The issue has been patched in CKAN 2.10.10 and CKAN 2.11.5 Workarounds Disable the DataStore SQL search...

9.8CVSS5.7AI score0.01815EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/29 10:18 p.m.13 views

pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider

Impact A raw string path concatenation vulnerability in pygeoapi's STAC FileSystemProvider plugin can allow for requests to STAC collection based collections to expose directories without authentication. The issue manifests when pygeoapi is deployed without a proxy or web front end that would...

7.5CVSS5.3AI score0.0051EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/04/29 10:18 p.m.6 views

Directory Traversal

Overview pygeoapi is a pygeoapi provides an API to geospatial data Affected versions of this package are vulnerable to Directory Traversal via the STAC FileSystemProvider process. An attacker can access sensitive directories and files by sending crafted requests containing directory traversal...

8.7CVSS6.3AI score0.0051EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 9:23 p.m.6 views

GHSA-537J-GQPC-P7FQ n8n Vulnerable to XSS via MCP OAuth client

Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted clientname. If a victim user authorized the OAuth consent dialog and a second user subsequently revoked that access, a toast notification would render the injected script. Clicking the link would execute...

8.8CVSS6AI score0.00332EPSS
Exploits0References3
Rows per page
Query Builder