Lucene search
K

367 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-25018

id: groups= computed from real GID instead of effective GID...

4.4CVSS5.9AI score0.00108EPSS
Exploits1References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-25019

id: pretty-print uses effective GID instead of effective UID for name lookup...

3.3CVSS5.9AI score0.00123EPSS
Exploits1References3
NVD
NVD
added 2026/06/29 9:16 p.m.8 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS0.00368EPSS
Exploits0References2
CVE
CVE
added 2026/06/29 8:42 p.m.50 views

CVE-2026-55276

Apache Tomcat vulnerability CVE-2026-55276 is a logging-only issue caused by an always-incorrect control flow in the effective web.xml, leading to special roles and empty authorization constraints not being shown. Affected products include Tomcat 8.5.0–8.5.100, 9.0.0.M1–9.0.118, 10.1.0-M1–10.1.55...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/06/29 8:42 p.m.5 views

CVE-2026-55276

Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat meant that special roles and empty authorisation constraints were not included when the effective web.xml was logged. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from...

9.1CVSS5.7AI score0.00368EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.5 views

PT-2026-53743

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Description An always-incorrect control flow...

9.1CVSS5.7AI score0.00368EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/06/28 1:9 a.m.9 views

SUSE CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.8AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2026/06/26 8:17 p.m.6 views

CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

0.00176EPSS
Exploits0References8
OSV
OSV
added 2026/06/26 8:17 p.m.2 views

UBUNTU-CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.8AI score0.00176EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/26 7:40 p.m.6 views

EUVD-2026-39892

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.8AI score0.00176EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.5 views

CVE-2026-53287

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

5.8AI score0.00176EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-52926

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the audit log capset function where the effective capability set is incorrectly recorded into the inheritable field. This occurs because the function reports cap pi...

5.8AI score0.00176EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the KASAN use-after-free Read issue in computeeffectiveprogs. Syzbot identified a use-after-free bug in computeeffectiveprogs. The reproducer creates a number of BPF links, causing a failure in the injected allocation...

7.8CVSS5.6AI score0.00188EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: bpf, cgroup: Fixed a kernel bug in purgeeffectiveprogs Syzkaller reported a triggered kernel bug as follows: ------------ Cut here ----------- Kernel bug at kernel/bpf/cgroup.c:925! Invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU...

7.1CVSS5.8AI score0.00228EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/11 1:26 p.m.7 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to improper cleanup of pooled direct-memory buffers in the RedisArrayAggregator function. An attacker can exhaust the JVM-wide direct-memory pool by repeatedly opening and closing...

8.7CVSS5.5AI score0.00489EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 5:3 a.m.11 views

EUVD-2026-36203

Spring Boot's Mail auto-configuration does not enable hostname verification. Applications that set the relevant JavaMail property, such as spring.mail.properties.mail.smtp.ssl.checkserveridentity=true, are not affected. Affected versions: Spring Boot 4.0.0 through 4.0.6; 3.5.0 through 3.5.14; 3.4...

5CVSS5.4AI score0.00123EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/10 11:10 p.m.6 views

Missing Release of Memory after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the wand option parser when invalid arguments are provided. An attacker can cause increased memory consumption by supplying specially crafted input. Remediation A fix was pushed into...

5.1CVSS5.4AI score0.0011EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/22 5:32 a.m.15 views

Missing Release of Resource after Effective Lifetime

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime through the handling of unsolicited global request responses, which can fill an internal buffer and block the connection's read loop...

9.1CVSS5.9AI score0.005EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed an invalid prog-stats access when updateeffectiveprogs fails. The issue occurs due to a fault-injected code sequence in updateeffectiveprogs. The problem can be described as follows: c cgroupbpfdetach...

5.9AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 12:24 a.m.9 views

MAL-2026-3454 Malicious code in @squawk/types (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e3774c2374f8e3ab7673400940dfc50d0826239ac34fd2e1170c7ab4c48de6a7 The package @squawk/types was found to contain malicious code. Source: ghsa-malware 14506d7385d737662e11382d460e176a16e727348a5b09cf27325bfbd4566f83...

5.8AI score
Exploits0References6
Rows per page
Query Builder