Lucene search
K

2360 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in krb5

In MIT Kerberos 5 also known as krb5, before version 1.21.3, an attacker could modify the plaintext Extra Count field of a confidential GSS krb5 wrap token. This modification caused the unwrapped token to appear truncated, affecting the application...

7.5CVSS7AI score0.00748EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix race between freeswapandcache and swapoff There was previously a theoretical scenario where swapoff could execute and tear down the swapinfostruct while a call to freeswapandcache was running in another thread. This...

5.5CVSS6.3AI score0.00177EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.11 views

Astra Linux – Vulnerability in Python-Django

A issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. Methods like QuerySet.annotate, QuerySet.alias, QuerySet.aggregate, and QuerySet.extra are vulnerable to SQL injection when column aliases are used, especially when a properly crafted dictionary is passed...

9.8CVSS7.3AI score0.00583EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.15 views

PT-2026-42172

Name of the Vulnerable Software and Affected Versions twig/intl-extra affected versions not specified Description IntlExtension memoises every IntlDateFormatter and NumberFormatter it creates in instance-level arrays. These arrays are keyed on a hash including locale, pattern, and attrs, which ar...

6.9CVSS5.8AI score0.00056EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/15 8:0 p.m.11 views

CVE-2026-44550 Open WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6AI score0.00287EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 8:0 p.m.27 views

CVE-2026-44550

Open WebUI prior to 0.9.0 vulnerable to mass assignment via Pydantic extra='allow' in FolderForm. The server constructs a FolderModel by merging attacker-controlled extra fields (from form_data.model_dump(exclude_unset=True)) over a server-populated user_id, and because user_id is a real field, a...

5CVSS6AI score0.00287EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/15 8:0 p.m.6 views

CVE-2026-44550

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6AI score0.00287EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/15 8:0 p.m.52 views

CVE-2026-44550 Open WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS0.00287EPSS
Exploits1References1
OSV
OSV
added 2026/05/15 8:0 p.m.2 views

CVE-2026-44550 Open WebUI: Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, FolderForm uses modelconfig = ConfigDictextra='allow', which permits arbitrary fields to pass through Pydantic validation and be included in modeldumpexcludeunset=True. In...

5CVSS6.1AI score0.00287EPSS
Exploits1References3
Amazon
Amazon
added 2026/05/15 12:0 a.m.17 views

Important: kernel6.12

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers CVE-2026-43503 In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through pskbcopy...

8.8CVSS5.4AI score0.03663EPSS
Exploits18
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.19 views

PT-2026-41191

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description An authenticated attacker can perform a mass assignment attack via the 'POST /api/v1/evaluations/feedback' endpoint. This is possible because the FeedbackForm uses a configuration that allows extr...

5.4CVSS5.9AI score0.00307EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.11 views

CVE-2026-28996

A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to access sensitive user data...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 3:24 p.m.15 views

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS5.8AI score0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/13 3:24 p.m.80 views

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.00209EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/13 3:37 a.m.12 views

SUSE CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 8:34 p.m.11 views

CLSA-2026-1778618041 freeipmi: Fix of CVE-2026-33554

CVE-2026-33554: fix buffer overflows in ipmi-oem response handling for dell get-last-post-code, supermicro extra-firmware-info, and wistron read-proprietary-string subcommands...

7.5CVSS5.9AI score0.00403EPSS
Exploits0References1
OSV
OSV
added 2026/05/12 8:19 p.m.10 views

CLSA-2026-1778617167 freeipmi: Fix of CVE-2026-33554

CVE-2026-33554: fix buffer overflows in ipmi-oem response handling for dell get-last-post-code, supermicro extra-firmware-info, and wistron read-proprietary-string subcommands...

7.5CVSS5.9AI score0.00403EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 8:8 p.m.34 views

CVE-2026-28976

The CVE-2026-28976 entry describes an information leakage vulnerability in macOS that is mitigated by additional validation and fixed in macOS Tahoe 26.5. The CVSS v3.1 baseline score is 7.5 (HIGH), with network attack vector, no user interaction, and no privilege requirement, but with high confi...

7.5CVSS5.8AI score0.00302EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/11 8:8 p.m.8 views

CVE-2026-28976

An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges...

5.8AI score0.00302EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 8:8 p.m.7 views

CVE-2026-28920

An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Visiting a maliciously crafted website may leak...

5.8AI score0.00323EPSS
Exploits0References8
Rows per page
Query Builder