Lucene search
K

9201 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.20 views

PT-2026-36111

Name of the Vulnerable Software and Affected Versions pygeoapi versions 0.23.0 through 0.23.2 Description A raw string path concatenation issue in the STAC FileSystemProvider plugin allows requests to STAC collection based collections to expose directories without authentication. This occurs when...

7.5CVSS5.8AI score0.0051EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-36110

Name of the Vulnerable Software and Affected Versions CKAN versions prior to 2.10.10 CKAN versions prior to 2.11.5 Description A SQL injection flaw exists in the datastore search sql function. This allows attackers to inject SQL commands to gain unauthorized access to private resources and...

8.3CVSS5.8AI score0.01815EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-36112

Name of the Vulnerable Software and Affected Versions pygeoapi versions 0.23.0 through 0.23.2 Description OGC API process execution requests can utilize the subscriber object to make requests to internal HTTP services. This allows for unauthorized interaction with internal network resources...

8.6CVSS5.9AI score0.00454EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.12 views

PT-2026-37115

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Resources.Azure versions prior to 1.15.0-beta.2 Description The AzureVmMetaDataRequestor function makes HTTP requests to the Azure VM instance metadata service and reads the response body into memory without a size limit. An...

5.9CVSS5.8AI score0.00323EPSS
Exploits0References10
OSV
OSV
added 2026/04/28 3:20 p.m.5 views

CLSA-2026-1777389615 Fix CVE(s): CVE-2024-45802

SECURITY UPDATE: multiple vulnerabilities in Edge Side Includes ESI processing - debian/rules: build with --disable-esi to remove the vulnerable ESI response processor matches the upstream Squid 6.10 default, where ESI support is disabled by default. - debian/control: drop libexpat1-dev and...

7.5CVSS5.8AI score0.45289EPSS
Exploits0References1
NVD
NVD
added 2026/04/27 6:16 p.m.5 views

CVE-2026-31691

In the Linux kernel, the following vulnerability has been resolved: igb: remove napisynchronize in igbdown When an AFXDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igbcleanrxirqzc repeatedly returns the full budget,...

5.5CVSS0.00112EPSS
Exploits0References3
CVE
CVE
added 2026/04/27 5:34 p.m.16 views

CVE-2026-31691

The CVE-2026-31691 vulnerability affects the Linux kernel igb driver. It describes a race where igb_down() calls napi_synchronize() before napi_disable(), causing a hang: napi_synchronize() waits on NAPI_STATE_SCHED that never clears, blocking TX and leaving the TX queue stalled. The fix removes ...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/27 5:34 p.m.6 views

EUVD-2026-25888

In the Linux kernel, the following vulnerability has been resolved: igb: remove napisynchronize in igbdown When an AFXDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igbcleanrxirqzc repeatedly returns the full budget,...

5.6AI score0.00112EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/27 10:34 a.m.7 views

kernel: iavf: Fix reset error handling

A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...

5.5CVSS5.3AI score0.00118EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.6 views

PT-2026-35497

In the Linux kernel, the following vulnerability has been resolved: igb: remove napi synchronize in igb down When an AF XDP zero-copy application terminates abruptly e.g., kill -9, the XSK buffer pool is destroyed but NAPI polling continues. igb clean rx irq zc repeatedly returns the full budget,...

5.6AI score0.00112EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/04/25 1:39 a.m.5 views

SUSE CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

5.5CVSS5.5AI score0.00123EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/04/24 4:45 p.m.7 views

CVE-2026-41066

lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Setting the resolveentities option explicitly to resolveentities='internal' ...

7.5CVSS5.4AI score0.00324EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/04/24 4:17 p.m.144 views

LiteLLM has SQL Injection in Proxy API key verification

Impact A database query used during proxy API key checks mixed the caller-supplied key value into the query text instead of passing it as a separate parameter. An unauthenticated attacker could send a specially crafted Authorization header to any LLM API route for example POST /chat/completions a...

9.8CVSS6AI score0.84518EPSS
Exploits7References5Affected Software1
NVD
NVD
added 2026/04/24 3:16 p.m.5 views

CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

5.5CVSS0.00123EPSS
Exploits0References7
OSV
OSV
added 2026/04/24 3:16 p.m.5 views

DEBIAN-CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

5.5CVSS5.3AI score0.00123EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 2:33 p.m.4 views

EUVD-2026-25444

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

5.3AI score0.00123EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:33 p.m.3 views

CVE-2026-31551

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix staticbranchdec underflow for aqldisable. syzbot reported staticbranchdec underflow in aqlenablewrite. 0 The problem is that aqlenablewrite does not serialise concurrent writes to the debugfs. aqlenablewrite...

5.2AI score0.00123EPSS
Exploits0References8Affected Software1
Cvelist
Cvelist
added 2026/04/24 12:16 a.m.27 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS0.00265EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/24 12:16 a.m.4 views

CVE-2026-31956 Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization

Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of th...

4.3CVSS5.4AI score0.00265EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a timeout in the polling of the bcm2835asbcontrol function. This issue may cause the V3D main ASB...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References2
Rows per page
Query Builder