Lucene search
K

5473 matches found

OSV
OSV
added 2026/06/04 7:40 p.m.4 views

ROOT-APP-NPM-CVE-2020-15084 CVE-2020-15084 in @rootio/express-jwt - Patched by Root

Root has patched CVE-2020-15084 in the @rootio/express-jwt package for Root:npm. Multiple fixed versions available...

9.1CVSS5.4AI score0.01059EPSS
Exploits0
OSV
OSV
added 2026/06/04 7:40 p.m.3 views

ROOT-APP-NPM-CVE-2024-43796 CVE-2024-43796 in @rootio/express - Patched by Root

Root has patched CVE-2024-43796 in the @rootio/express package for Root:npm. Multiple fixed versions available...

5CVSS5.4AI score0.00458EPSS
Exploits0
OSV
OSV
added 2026/06/04 7:40 p.m.5 views

ROOT-APP-NPM-CVE-2024-29041 CVE-2024-29041 in @rootio/express - Patched by Root

Root has patched CVE-2024-29041 in the @rootio/express package for Root:npm. Multiple fixed versions available...

6.1CVSS7.6AI score0.00786EPSS
Exploits0
Snyk
Snyk
added 2026/06/03 9:0 p.m.11 views

Malicious Package

Overview express-denv is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-46141

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerpc/xive: fix kmemleak caused by incorrect chipdata lookup The kmemleak reports the following memory leak: Unreferenced object 0xc0000002a7fbc640 size 64:...

5.5CVSS6AI score0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/02 10:31 p.m.35 views

CVE-2026-10719 Open Seachest/Seachest NVMe show Format Descriptors Vulnerability

Out of bounds write in openSeaChest’s --showSupportedFormats in Seagate’s openSeaChest v25.05.3 on all supported platforms allows for writing 1 extra byte outside of allocated memory which sets a value to 1 via a maliciously crafted NVMe device with a bogus value in the namespace FLBAS byte...

1.8CVSS0.00102EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/28 9:11 p.m.11 views

CVE-2026-46141

A flaw was found in the Linux kernel's powerpc/xive interrupt controller. This vulnerability, identified as a kernel memory leak kmemleak, occurs when allocating Message Signaled Interrupts eXtended MSI-X vectors for NVMe devices. Due to an incorrect lookup of interrupt data, the xiveirqdata...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 12:30 p.m.9 views

EUVD-2026-32864

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

5.9AI score0.00127EPSS
Exploits0References4
CVE
CVE
added 2026/05/28 9:35 a.m.20 views

CVE-2026-46105

CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...

7.8CVSS5.9AI score0.00127EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/28 9:35 a.m.32 views

CVE-2026-46105 scsi: mpt3sas: Limit NVMe request size to 2 MiB

In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capability. However, because the driver allocates a fixed 4K buffer for the PRP list, accommodating at most 5...

7.8CVSS0.00127EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an improper limit on NVMe request sizes in the mpt3sas driver. This vulnerability may lead to...

7.8CVSS5.8AI score0.00127EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 3:33 p.m.14 views

EUVD-2026-32236

In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: Add validation for MTU changes Increasing the MTU beyond the HDS threshold causes the hardware to fragment packets across multiple buffers. If a single-buffer XDP program is attached, the driver will drop all multi-fr...

5.8AI score0.00126EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 12:18 p.m.21 views

CVE-2026-45952

The CVE-2026-45952 issue affects the Linux kernel fbnic driver. It concerns MTU changes when an XDP program is attached: increasing MTU beyond the hardware threshold can cause fragmentation across multiple buffers, and the driver will drop all multi-fragment frames for single-buffer XDP. This can...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References3Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 4:50 p.m.12 views

Malicious code in midpatch (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fe668e556f4b46fce125c318ebc3bea93185c78ec36c19f8991bbcb36172a62b The package advertises a logger middleware keywords fast/logger/stream/json, exports module.exports.pino = middleware, file.js wraps a ./pino module ...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/22 6:36 p.m.13 views

Malicious code in express-enrouten-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/05/22 6:36 p.m.9 views

MAL-2026-4556 Malicious code in express-enrouten-async (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f944bc544f9368e58a223e76e462ddec4ba325c728a233100182706ad8f0ae0e Package name mimics the legitimate express-enrouten route-discovery library, but the shipped index.js only hardcodes two demo routes rather than...

6.1AI score
Exploits0References2
NVD
NVD
added 2026/05/22 3:16 p.m.16 views

CVE-2026-8347

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 2:6 p.m.32 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/22 2:6 p.m.8 views

CVE-2026-8347 Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in Express association Reorder dialog

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

2.3CVSS5.8AI score0.00175EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 2:6 p.m.6 views

CVE-2026-8347

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

4.3CVSS5.8AI score0.00175EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder