Lucene search
K

9203 matches found

RedhatCVE
RedhatCVE
added 2026/04/23 7:12 p.m.5 views

CVE-2026-41176

A flaw was found in Rclone, a command-line program designed for synchronizing files with various cloud storage providers. An unauthenticated attacker can exploit an exposed Remote Control RC endpoint, options/set, to disable the authorization mechanism for other RC methods. This vulnerability...

9.8CVSS5.7AI score0.34734EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34594

Name of the Vulnerable Software and Affected Versions Luanti versions 5.0.0 through 5.15.1 Description A malicious mod can escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This issue affects server-side mods, async, mapgen, and...

10CVSS6.2AI score0.00374EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2026/04/22 8:47 p.m.7 views

kernel: iavf: Fix reset error handling

A deadlock condition exists in the linux kernel such that when calling iavfclose in iavfresettask error handling,doing so can lead to double call of napidisable thereby leading to a denial of service due to the deadlock...

5.5CVSS6.4AI score0.00118EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/22 7:57 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /api/lunchflow/link endpoint, which insufficiently validates user-supplied URLs and fails to restrict access to internal or sensitive network addresses. An attacker can cause the server to...

8.5CVSS5.9AI score0.00331EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/22 3:31 p.m.3 views

EUVD-2026-24875

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.6AI score0.00094EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 2:16 p.m.4 views

CVE-2026-31499

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.5CVSS0.00094EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:54 p.m.4 views

CVE-2026-31499

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix deadlock in l2capconndel l2capconndel calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the work functions l2capinfotimeout and l2capconnupdateidaddr both acqui...

5.5CVSS5.7AI score0.00094EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/22 1:54 p.m.22 views

CVE-2026-31499

CVE-2026-31499 affects the Linux kernel Bluetooth L2CAP code. The vulnerability stems from l2cap_conn_del() canceling delayed work (info_timer and id_addr_timer) while holding conn->lock, while the corresponding work functions (l2cap_info_timeout() and l2cap_conn_update_id_addr()) also acquire...

5.5CVSS5.6AI score0.00094EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/22 10:32 a.m.8 views

CVE-2026-5358

No description is available for this CVE. Mitigation To mitigate this issue, ensure that Network Information Service NIS is not in use on affected systems. NIS is an obsolete service and its use is deprecated in modern Red Hat Enterprise Linux environments. If NIS is not required, disable any...

5.2AI score0.0004EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 a.m.7 views

CVE-2026-32604

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions...

9.9CVSS6AI score0.00606EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/22 1:37 a.m.6 views

SUSE CVE-2026-39378

The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when HTMLExporter.embedimages=True, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook...

6.5CVSS5.9AI score0.00306EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013452)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013452 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsimodesense buffer length handling Several problems exist with scsimodesense...

5.5CVSS6.5AI score0.00196EPSS
Exploits0References3
Oracle linux
Oracle linux
added 2026/04/22 12:0 a.m.8 views

kernel security update

6.12.0-124.52.1 - Add new Oracle Linux Driver Signing key 1 certificate Orabug: 37985782 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list...

7.8CVSS6.3AI score0.00171EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.8 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013705)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013705 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/apic: Don't disable x2APIC if locked The APIC supports two modes, legacy APIC or xAPIC, and...

5.6AI score0.00203EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.3 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013478)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013478 advisory. In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on private memory access All normal kernel memory is TDX...

5.5CVSS5.8AI score0.0014EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.8 views

PT-2026-34404

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock can occur in the Bluetooth L2CAP component within the l2cap conn del function. This happens because l2cap conn del calls cancel delayed work sync for both info timer and id ad...

7.8CVSS5.8AI score0.00378EPSS
Exploits0References117
CVE
CVE
added 2026/04/21 7:8 p.m.8 views

CVE-2026-40869

CVE-2026-40869 — Decidim : Affected versions of the Decidim framework (starting from 0.19.0 up to, but not including, 0.30.5 and 0.31.1) allow any registered and authenticated user to accept or reject amendments. The vulnerability stems from insufficient permission checks in the amendment accepta...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/21 7:8 p.m.4 views

CVE-2026-40869 Decidim amendments can be accepted or rejected by anyone

Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature i...

7.5CVSS5.8AI score0.00223EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/21 2:53 p.m.9 views

EUVD-2026-23964

Spinnaker: RCE via expression parsing due to unrestricted context handling...

9.9CVSS5.7AI score0.00553EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/21 2:53 p.m.10 views

Spinnaker: RCE via expression parsing due to unrestricted context handling

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL Spring Expression Language to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT...

9.9CVSS5.4AI score0.00553EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder