Lucene search
+L

180 matches found

NVD
NVD
added 4 days ago4 views

CVE-2026-55771

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals has inverted null/self branches which could lead to incorrect equality comparisons. The EntityIdentifier.equals meth...

8.8CVSS0.00345EPSS
Exploits0References1
OSV
OSV
added 4 days ago4 views

CVE-2026-55771 CedarJava has policy injection, type confusion, and incorrect equality comparison vulnerabilities

CedarJava is an open source Java implementation of the Cedar policy language, used for fine-grained authorization decisions. In versions prior to 4.9.0, the EntityIdentifier.equals has inverted null/self branches which could lead to incorrect equality comparisons. The EntityIdentifier.equals meth...

8.8CVSS6AI score0.00345EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-57856

Name of the Vulnerable Software and Affected Versions CedarJava versions prior to 4.9.0 Description The EntityIdentifier.equals function contains inverted logic for null and self-reference checks. This causes the method to return true for null comparisons and false for self-comparisons, leading t...

8.8CVSS6.1AI score0.00345EPSS
Exploits0References4
NVD
NVD
added 2026/07/07 12:16 a.m.9 views

CVE-2024-56141

Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager encryption routine CryptManager.kt initializes its AES cipher using an initialization vector IV that is set equal to the secret...

5CVSS0.00111EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:30 p.m.32 views

CVE-2026-53092

CVE-2026-53092 affects the Linux kernel’s BPF subsystem . The root cause is in register delta tracking when the same source and destination registers are used (e.g., rX += rX). In adjust_reg_min_max_vals(), the code mutates the destination in-place, and later, when evaluating the source register,...

7.8CVSS5.5AI score0.00125EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.39 views

CVE-2026-53092 bpf: Fix linked reg delta tracking when src_reg == dst_reg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when srcreg == dstreg Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals. The latter first modifies the dstreg in-place, and later ...

7.8CVSS0.00125EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:30 p.m.7 views

EUVD-2026-38960

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when srcreg == dstreg Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals. The latter first modifies the dstreg in-place, and later ...

5.5AI score0.00125EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:30 p.m.5 views

CVE-2026-53092 bpf: Fix linked reg delta tracking when src_reg == dst_reg

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix linked reg delta tracking when srcreg == dstreg Consider the case of rX += rX where srcreg and dstreg are pointers to the same bpfregstate in adjustregminmaxvals. The latter first modifies the dstreg in-place, and later ...

7.8CVSS5.5AI score0.00125EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-51972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF sock ops program when accessing ctx fields where the destination register dst reg is the same as the source register src reg. In the !fullsock or !locked tcp...

7.8CVSS5.7AI score0.00112EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/22 12:25 p.m.14 views

EUVD-2026-38228

The Azure Active Directory AAD authentication implementation contained multiple weaknesses in its OAuth 2.0 authorization flow that could allow attackers to bypass important security guarantees provided by the protocol. The application used the PHP session identifier sessionid as the OAuth state...

9.3CVSS5.9AI score0.00258EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:41 p.m.11 views

CVE-2026-46284

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

5.4AI score0.00121EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/08 3:41 p.m.24 views

CVE-2026-46284

CVE-2026-46284 affects the Linux kernel mm/hugetlb parameter parsing path. When hugepages, hugepagesz, or default_hugepagesz are supplied on the kernel command line without an '=' separator, early-boot parameter parsing passes NULL to hugetlb_add_param(), which dereferences NULL in strlen(), pote...

5.5CVSS5.4AI score0.00121EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:41 p.m.45 views

CVE-2026-46284 mm/hugetlb: fix early boot crash on parameters without '=' separator

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or defaulthugepagesz are specified on the kernel command line without the '=' separator, early parameter parsing passes NULL to...

0.00121EPSS
Exploits0References3
Mageia
Mageia
added 2026/06/07 5:10 a.m.15 views

Updated xdg-dbus-proxy packages fix security vulnerability

A policy parser vulnerability allows bypassing eavesdrop restrictions. The proxy checks for eavesdrop=true in policy rules but fails to handle eavesdrop ='true' with a space before the equals sign and similar cases...

6.8CVSS5.5AI score0.00175EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.19 views

CVE-2026-39823

CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a tag's attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the attribute, the escaper would fail to similarly escape it, leading to XSS...

6.1CVSS7.7AI score0.00328EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 12:39 p.m.3 views

html/template: golang: Go html/template: Cross-Site Scripting via improper URL escaping in meta tag content

A flaw was found in the html/template package of Go. A remote attacker could exploit this vulnerability by inserting ASCII whitespaces around the equals sign = within a URL's content attribute inside a tag. This improper escaping could lead to Cross-Site Scripting XSS, allowing the attacker to...

6.1CVSS6.1AI score0.00314EPSS
Exploits0References8
OSV
OSV
added 2026/05/29 12:1 a.m.13 views

OSV-2026-822 Heap-use-after-free in slice_segment_header::operator=

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=517027630 Crash type: Heap-use-after-free READ 4 Crash state: slicesegmentheader::operator= slicesegmentheader::read decodercontext::readsliceNAL...

5.8AI score
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/27 10:56 a.m.14 views

SUSE CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References4
NVD
NVD
added 2026/05/24 4:16 a.m.17 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS0.00455EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/05/24 4:16 a.m.19 views

CVE-2026-48829

In GNU SASL before 2.2.3, DIGEST-MD5 has a NULL pointer dereference affecting both clients and servers, via a known token with no accompanying = character. This occurs in lib/digest-md5/getsubopt.c...

7.5CVSS5.8AI score0.00455EPSS
Exploits0References5
Rows per page
Query Builder