4129 matches found
Astra Linux - уязвимость в ansible
A flaw was discovered in the Ansible Engine when the fetch module is used. An attacker could intercept the module, inject a new path, and then select a new destination path on the controller node. All versions under 2.7.x, 2.8.x, and 2.9.x branches are believed to be vulnerable...
Astra Linux - уязвимость в firefox
The fetch API and navigation incorrectly shared the same cache. The cache key did not include the optional headers that fetch might contain. Under the correct circumstances, an attacker could have been able to corrupt the local browser cache by using a fetch response controlled by these additiona...
Linux Distros Unpatched Vulnerability : CVE-2026-43009
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src regist...
TFTP Fetch, Linux Execute Command
Fetch and execute an AARCH64 payload from a TFTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/tftp/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... ms...
HTTPS Fetch, Linux Execute Command
Fetch and execute an AARCH64 payload from an HTTPS server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/https/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options...
HTTP Fetch, Linux Execute Command
Fetch and execute an AARCH64 payload from an HTTP server. Execute an arbitrary command or just a /bin/sh shell Module Options msf use payload/cmd/linux/http/aarch64/exec msf payloadexec show actions ...actions... msf payloadexec set ACTION msf payloadexec show options ...show and set options... m...
CVE-2026-43009
A flaw was found in the Linux kernel's BPF Berkeley Packet Filter verifier. The verifier, responsible for ensuring the safety of BPF programs, incorrectly tracks the precision of atomic fetch operations. This error can lead to the verifier pruning execution paths that should not be considered...
CVE-2026-43009
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...
CVE-2026-43009
The CVE-2026-43009 family concerns the Linux kernel BPF verifier. Connected sources describe a bug where backtrack_insn did not correctly account for atomic fetch variants (BPF_ATOMIC with BPF_FETCH) during memory-precision tracking, causing the verifier to prune paths incorrectly. The fix extend...
CVE-2026-43009
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...
EUVD-2026-26608
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix incorrect pruning due to atomic fetch precision tracking When backtrackinsn encounters a BPFSTX instruction with BPFATOMIC and BPFFETCH, the src register or r0 for BPFCMPXCHG also acts as a destination, thus receiving th...
CVE-2026-42404 Apache Neethi: Unrestricted HTTP Redirect Following in Policy References
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
EUVD-2026-26491
Apache Neethi does not impose any restrictions on URIs when manually fetching remote policy references through the PolicyReference API. When an application explicitly calls the API to retrieve a policy from a remote URI, an outbound request is made for arbitrary protocols and internal IP...
WordPress Go Fetch Jobs (for WP Job Manager) plugin <= 1.8.4.8.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Go Fetch Jobs for WP Job Manager versions = 1.8.4.8.1...
PT-2026-36313
Name of the Vulnerable Software and Affected Versions Apache Neethi versions prior to 3.2.2 Description The PolicyReference API does not impose restrictions on URIs when manually fetching remote policy references. This allows an application that explicitly calls the API to make outbound requests...
PT-2026-36426
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Linux kernel eBPF verifier where the backtrack insn function fails to correctly handle atomic fetch operations. When encountering a BPF STX instruction with BPF...
CVE-2025-14688 IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...
CVE-2025-14688
CVE-2025-14688 affects IBM Db2 Server on Linux, UNIX, and Windows (V11.5.0–11.5.9; V12.1.0–12.1.3; includes Db2 Connect Server) where an authenticated user can trigger a denial of service due to improper neutralization of special elements in data query logic under specific configuration condition...
Exploit for CVE-2026-3844
CVE-2026-3844 — Breeze Cache RCE Unauthenticated Arbitrary...