Lucene search
K

11292 matches found

BDU FSTEC
BDU FSTEC
added 9 hours ago8 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02593EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added yesterday3 views

PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions

A flaw was found in PHP. Some functions, including urldecode, incorrectly pass signed characters to character type ctype functions. On certain systems, this can lead to accessing memory with a negative offset. This vulnerability can be exploited by an attacker to trigger a denial of service DoS,...

7.5CVSS7AI score0.00337EPSS
Exploits0References5
Cvelist
Cvelist
added 2 days ago24 views

CVE-2026-56334 Capgo - Missing UPDATE RLS Policy for Build Status Persistence

Capgo before 12.128.2 lacks an UPDATE row-level security policy for the buildrequests table, preventing API-key and anonymous access from persisting builder status updates. Attackers can exploit this missing policy to cause build status and error details to remain unpersisted, leaving buildreques...

5.3CVSS0.00192EPSS
Exploits0References2
NCSC
NCSC
added 2 days ago6 views

Vulnerabilities found in Apple iOS and iPadOS

Apple has identified several vulnerabilities in iOS and iPadOS. These vulnerabilities include out-of-bounds access, use-after-free errors, memory handling issues, insufficient input validation, type confusion, double-free operations, stack overflows, race conditions, and path handling problems...

9.1CVSS6.1AI score0.00371EPSS
Exploits2References1
NVD
NVD
added 3 days ago9 views

CVE-2026-57958

Mixpost through 2.6.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in authenticated users' browsers by crafting malicious OAuth callback URLs with unsanitized error query parameters. Attackers can exploit the OAuth...

6.1CVSS0.00168EPSS
Exploits0References2
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-40095

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS5.7AI score0.00383EPSS
Exploits0References6
Cvelist
Cvelist
added 3 days ago30 views

CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

6.9CVSS0.00383EPSS
Exploits0References6
OSV
OSV
added 3 days ago6 views

PYSEC-2026-307 calibre-web is vulnerable to Business Logic Errors

calibre-web is vulnerable to Business Logic Errors...

9.8CVSS7.1AI score0.01375EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 3 days ago6 views

CVE-2026-53284

A flaw was found in the Linux kernel's Btrfs filesystem. A local user performing specific filesystem operations could trigger an error during the writing of dirty extent buffers. This improper handling of the dirty pages I/O tree can prevent unsubmitted records from being cleaned up, leading to...

7.5CVSS5.8AI score0.00432EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-9699 Mattermost Agents plugin logs unsanitized OpenAI API keys on authentication errors

Mattermost Plugins versions =11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries...

6.8CVSS0.00325EPSS
Exploits0References1
CVE
CVE
added 6 days ago9 views

CVE-2026-9699

Mattermost Plugins versions

6.8CVSS5.8AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-54235

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The temperature validation gates, which use comparison operators, incorrectly handle Not-a-Number NaN and positive Infinity values in Python's IEEE 754 float semantics. These invalid values can bypass...

6.9CVSS5.6AI score0.00261EPSS
Exploits1References6
OSV
OSV
added last week2 views

GHSA-45GG-VH54-H5M9 golang.org/x/crypto/ssh vulnerable to invoking bypass of certificate restrictions

When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...

6.3CVSS5.8AI score0.00221EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/06/25 6:2 p.m.6 views

CVE-2026-53082

A flaw was found in the 6pack hamradio driver within the Linux kernel. This vulnerability occurs because the system does not properly handle data with communication errors, causing it to process uninitialized information. An attacker with local access could potentially exploit this to gain...

5.8AI score0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/25 8:38 a.m.3 views

EUVD-2026-39272

In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: fix skackbacklog leak on failed handshake When vmcitransportrecvconnectingserver returns an error, vmcitransportrecvlisten calls vsockremovepending but never calls skacceptqremoved. This leaves skackbacklog incremente...

5.8AI score0.00184EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:38 a.m.8 views

CVE-2026-53174

CVE-2026-53174 affects the Linux kernel overlay filesystem (ovl). The bug in ovl_iterate_merged() stores PTR_ERR(cache) in err before validating the cache with IS_ERR(cache), so on success err may hold a truncated cache pointer and be returned as a bogus non-zero error. The repro path goes throug...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 7:50 p.m.9 views

CVE-2026-50129

CVE-2026-50129 affects Mastodon before versions 4.5.11, 4.4.18, and 4.3.24. The issue is a DoS caused by an uncaught exception in the math sanitizer’s MATH_TRANSFORMER due to missing exception handling; malformed nodes can crash the server or disrupt services depending on the action and interact...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.12, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: ACPI: APEI: Send SIGBUS to the current task if a synchronous memory error is not recovered. If a synchronous error is detected due to a user-space process triggering a 2-bit uncorrected error, the CPU will raise an exception,...

5.5CVSS6AI score0.00147EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 8:16 a.m.7 views

CVE-2026-52932

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

7.5CVSS0.00339EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52932

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

7.5CVSS5.6AI score0.00339EPSS
Exploits0References6
Rows per page
Query Builder