Lucene search
+L

4059 matches found

astralinux
astralinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fixed the NULL pointer issue in bufferfuncs. If SDMA block is not enabled, bufferfuncs will not be initialized. Fixing this issue ensures that the NULL pointer issue is addressed when bufferfuncs is not initialized...

5.5CVSS5.7AI score0.00127EPSS
Exploits0References2
nvd
nvd
added 2026/06/24 2:17 p.m.10 views

CVE-2026-57289

Jenkins Bitbucket Push and Pull Request Plugin 3.3.8 and earlier unconditionally disables SSL/TLS certificate and hostname validation for connections sending Bearer token authenticated requests to the configured Bitbucket Server endpoint, allowing attackers able to intercept network traffic to...

4.8CVSS0.00108EPSS
Exploits0References1
nvd
nvd
added 2026/06/24 8:16 a.m.10 views

CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.5CVSS0.00122EPSS
Exploits0References8
osv
osv
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References11
osv
osv
added 2026/06/24 7:14 a.m.2 views

CVE-2026-52913 batman-adv: v: stop OGMv2 on disabled interface

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References11
attackerkb
attackerkb
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.7AI score0.00122EPSS
Exploits0References9Affected Software1
cve
cve
added 2026/06/24 7:14 a.m.12 views

CVE-2026-52913

CVE-2026-52913 is addressed in OSV entries as a flaw in the rootio-linux package. Root has patched CVE-2026-52913 in Root:Ubuntu-22.04, with multiple fixed versions available. Additional OSV records indicate patched status for Root:Ubuntu-24.04 and Root:Debian-11/12, also noting multiple fixed ve...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References8Affected Software1
debiancve
debiancve
added 2026/06/24 7:14 a.m.9 views

CVE-2026-52913

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may still dispatch OGMs via batadvvogmqueueonif for interfaces that have sinc...

5.5CVSS5.7AI score0.00122EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.20 views

PT-2026-51799

Name of the Vulnerable Software and Affected Versions Jenkins Bitbucket Push and Pull Request Plugin versions prior to 3.3.9 Description The plugin unconditionally disables SSL/TLS certificate and hostname validation when sending Bearer token authenticated requests to the configured Bitbucket...

4.8CVSS5.8AI score0.00108EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.11 views

PT-2026-51964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the SCTP implementation where Bottom Half BH processing is not disabled before calling the udp tunnel xmit skb and udp tunnel6 xmit skb functions. These functions are...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.6 views

PT-2026-51998

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the mt76 WiFi driver during device destruction. All MT76 rx queues possess an associated page pool, including those not linked to a NAPI, such as WED RRO queues...

6.1AI score0.00166EPSS
Exploits0References13
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-51706

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference occurs in the batman-adv module. When a batadv hard iface is disabled, its mesh iface pointer is set to NULL. The function batadv v ogm send meshif may still...

6AI score0.00122EPSS
Exploits0References18
nessus
nessus
added 2026/06/24 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-52913

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - batman-adv: v: stop OGMv2 on disabled interface When a batadvhardiface is disabled, its meshiface pointer is set to NULL. However, batadvvogmsendmeshif may stil...

5.5CVSS6AI score0.00122EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.15 views

PT-2026-51979

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free flaw exists in the Berkeley Packet Filter BPF subsystem. The task vma iterator reads task-mm locklessly and acquires mmap read trylock without calling mmget. If a task...

7.8CVSS5.7AI score0.00113EPSS
Exploits0References9
cvelist
cvelist
added 2026/06/23 6:6 p.m.44 views

CVE-2026-54323 Daytona: Git credential leak via git clone with TLS verification disabled

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS0.00117EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/23 6:6 p.m.5 views

CVE-2026-54323

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, the daemon's git clone implementation disabled TLS certificate verification. When a clone request carried Git credentials, the daemon sent the HTTP Basic Authorization...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/23 6:6 p.m.21 views

CVE-2026-54323

CVE-2026-54323 describes a vulnerability in Daytona prior to 0.185.0 where the daemon’s git clone path disabled TLS certificate verification. When a clone carried Git credentials, the daemon sent the HTTP Basic Authorization header to the remote over an unvalidated TLS connection on both the go-g...

5.9CVSS6.4AI score0.00117EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2026/06/23 4:14 p.m.16 views

CVE-2026-56117

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS5.8AI score0.00093EPSS
Exploits0References2
euvd
euvd
added 2026/06/23 4:14 p.m.8 views

EUVD-2026-38498

dhcpcd through 10.3.2, fixed in commit 78ea09e, contains a heap use-after-free vulnerability in the control socket handling within src/control.c that allows local unprivileged attackers to trigger memory corruption when privilege separation is disabled. Attackers can connect to the control socket...

5.7CVSS5.9AI score0.00093EPSS
Exploits0References2
github
github
added 2026/06/22 11:19 p.m.12 views

@actual-app/sync-server: Disabled OpenID users keep access through existing session tokens

Summary In OpenID multi-user mode, disabling a user only blocks future OpenID login for that identity. Existing Actual session tokens for the disabled user remain valid, so the user can continue calling authenticated server endpoints after an administrator has disabled the account. Details The...

8.3CVSS5.9AI score0.00441EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder