Lucene search
K

9214 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disabled the unnecessary interrupt to prevent kernel panic. There is a hardware bug where the interrupt STMBUFHALF may be triggered after or when the interrupt is disabled. This can lead to unexpected kernel pani...

5.7AI score0.002EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: L2CAP: Fixed a deadlock in l2capconndel. The l2capconndel function calls canceldelayedworksync for both infotimer and idaddrtimer while holding conn-lock. However, the functions l2capinfotimeout and...

5.5CVSS5.8AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/06/18 5:16 p.m.10 views

CVE-2025-53114

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS0.00384EPSS
Exploits0References6
CVE
CVE
added 2026/06/18 4:25 p.m.24 views

CVE-2025-53114

Affected software: CometD server implementations. A vulnerability arises when clients consistently set ext.ack to 1 during /meta/connect while the acknowledgement extension is enabled, causing the unacknowledged message queue to grow without bound and potentially trigger OutOfMemoryError. Affecte...

7.5CVSS5.2AI score0.00384EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/18 4:25 p.m.18 views

CVE-2025-53114 CometD has acknowledgement extension out of memory

CometD is a scalable comet implementation for web messaging. In versions 5.0.0 through 5.0.22, 6.0.0 through 6.0.18, 7.0.0 through 7.0.18, and 8.0.0 through 8.0.8, bad clients that always send a fixed batch value when the server is using the acknowledgement extension may cause the unacknowledged...

7.5CVSS0.00384EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/18 2:43 p.m.8 views

CVE-2026-34355

A vulnerability has been identified in the Apache HTTP Server. If the server is configured to connect to a malicious or compromised backend server, an attacker could exploit this flaw to bypass security controls or run unauthorized code on the system. Mitigation Disable the modproxyhtml module if...

7.5CVSS5.3AI score0.00805EPSS
Exploits0References4
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS0.00246EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/18 2:13 p.m.7 views

CVE-2026-50141

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.4AI score0.00246EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/06/18 2:13 p.m.10 views

EUVD-2026-37897

Woodpecker is a CI/CD engine. Starting in version 3.0.0 and prior to version 3.14.1, a vulnerability in Woodpecker CI's gRPC layer allowed any authenticated agent to impersonate any other agent on the same server by injecting a forged agentid value into outgoing gRPC metadata. The server correctl...

7.1CVSS5.4AI score0.00246EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/17 6:35 p.m.9 views

EUVD-2026-37554

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.0008EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:18 p.m.4 views

DEBIAN-CVE-2026-6733

Impact: Undici's HTTP/1.1 client is vulnerable to response queue poisoning on reused keep-alive sockets. An attacker-controlled upstream server can inject an unsolicited HTTP/1.1 response onto an idle socket after a request completes. When the client dispatches the next request on that socket, it...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 1:19 p.m.8 views

CVE-2026-0019

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.0008EPSS
Exploits0References1
OSV
OSV
added 2026/06/17 8:36 a.m.4 views

SUSE-SU-2026:22145-1 Security update for openvswitch

This update for openvswitch fixes the following issues - CVE-2026-5265: heap over-read in ICMP error response generation bsc1262498. - CVE-2026-5367: heap over-read in OVN DHCPv6 client ID processing bsc1262499. - CVE-2026-34956: Invalid memory access in conntrack FTP alg bsc1261273. Changes for...

8.6CVSS6.1AI score0.00868EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/17 5:53 a.m.26 views

CVE-2026-0019

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.0008EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:53 a.m.13 views

CVE-2026-0019

CVE-2026-0019 affects SettingsLib and enables a logic-error path that could disable system components, enabling local privilege escalation without extra privileges or user interaction. The issue is classified as Elevation of Privilege (High) in Android 17 release notes; patches are included in An...

7.8CVSS5.6AI score0.0008EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50512

Name of the Vulnerable Software and Affected Versions undici versions prior to 6.26.0 undici versions prior to 7.28.0 undici versions prior to 8.5.0 Description The HTTP/1.1 client is subject to response queue poisoning when keep-alive sockets are reused. An attacker-controlled upstream server ca...

3.7CVSS5.3AI score0.00228EPSS
Exploits0References81
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.15 views

RHEL 8 : kernel (RHSA-2026:26563)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26563 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: geneve: Fix use-after-free in...

9.8CVSS7AI score0.00469EPSS
Exploits4References38
Github Security Blog
Github Security Blog
added 2026/06/16 11:34 p.m.10 views

n8n: SecurityScorecard Node Leaks API Token to User-Controlled Host

Impact An authenticated user with permission to create or modify workflows and access to a SecurityScorecard credential with limited allowed domains could configure the SecurityScorecard node's report download operation to target an attacker-controlled URL. The node attached the SecurityScorecard...

7.7CVSS5.3AI score0.00353EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 10:39 p.m.8 views

n8n: Stored XSS in Chat Trigger Node

Impact An authenticated user with workflow edit access could inject arbitrary JavaScript into the Chat Trigger's generated page by setting a malicious webhookId. When a logged-in user visited the chat URL, the injected code executed in the n8n origin with that user's session privileges. Patches T...

7CVSS5.6AI score0.0021EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 10:38 p.m.9 views

n8n: Microsoft SQL Node Prototype Pollution

Impact An authenticated user with permission to create or modify workflows could achieve global prototype pollution via the Microsoft SQL node by supplying a crafted value as the table parameter. This pollutes Object.prototype process-wide for the lifetime of the n8n server process, causing...

8.5CVSS5.6AI score0.00294EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder