Lucene search
+L

51 matches found

EUVD
EUVD
added 13 hours ago5 views

EUVD-2026-45082

grav-plugin-login before 3.8.11 contains a cross-site request forgery CSRF vulnerability in the login.regenerate2FASecret frontend task, which regenerates and persists a new TOTP secret for the authenticated session user without any anti-CSRF nonce or Origin/Referer check. Because Grav core...

5.4CVSS6.1AI score
Exploits0References2
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-12110

The Taskbuilder – Project Management & Task Management Tool With Kanban Board plugin for WordPress is vulnerable to generic SQL Injection via the 'tasksearch' parameter in all versions up to, and including, 5.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient...

6.5CVSS0.00328EPSS
Exploits0References11
Snyk
Snyk
added 2026/03/26 4:56 p.m.3 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the improper enforcement of access controls in the ReadAll and GetTaskAttachment processes. An attacker can gain unauthorized access to and delete file attachments across all...

9.3CVSS5.9AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/15 12:0 a.m.4 views

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003110)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003110 advisory. Race condition in the gettaskioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service...

9.3CVSS6.2AI score0.01541EPSS
Exploits0References8
EUVD
EUVD
added 2025/12/16 3:30 p.m.3 views

EUVD-2025-203663

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...

5.9AI score0.00162EPSS
Exploits0References6
NVD
NVD
added 2025/12/16 2:15 p.m.4 views

CVE-2025-68233

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...

0.00162EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2025/12/16 2:15 p.m.3 views

CVE-2025-68233

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...

5.9AI score0.00162EPSS
Exploits0References23
OSV
OSV
added 2025/12/16 2:15 p.m.6 views

UBUNTU-CVE-2025-68233

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...

5.7AI score0.00162EPSS
Exploits0References24
CVE
CVE
added 2025/12/16 2:4 p.m.15 views

CVE-2025-68233

CVE-2025-68233 affects the Linux kernel's drm/tegra path. The fix adds a put_pid() call corresponding to get_task_pid() because host1x_memory_context_alloc() does not take ownership of the PID, preventing a PID leak. The commercial advisories (Ubuntu/SUSE/OpenSUSE/NASL plug-ins) list this CVE amo...

6.1AI score0.00162EPSS
Exploits0References5
OSV
OSV
added 2025/12/16 2:4 p.m.5 views

CVE-2025-68233 drm/tegra: Add call to put_pid()

In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Add call to putpid Add a call to putpid corresponding to gettaskpid. host1xmemorycontextalloc does not take ownership of the PID so we need to free it here to avoid leaking. [email protected]: reword commit message...

6.3AI score0.00162EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-55999

Malicious code in bioql PyPI...

9.8CVSS9.1AI score0.01056EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25784

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00127EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25783

Malicious code in bioql PyPI...

4.8CVSS6.6AI score0.00127EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.4 views

CVE-2025-8597

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

4.8CVSS6.4AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/30 6:18 p.m.8 views

CVE-2025-8700

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

4.8CVSS6.4AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2025/08/26 1:15 p.m.6 views

CVE-2025-8597

MacVim's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context despite...

4.8CVSS0.00127EPSS
Exploits0References2
NVD
NVD
added 2025/08/26 1:15 p.m.5 views

CVE-2025-8700

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

4.8CVSS0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/26 12:23 p.m.10 views

CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

4.8CVSS0.00127EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/26 12:23 p.m.5 views

CVE-2025-8700 Privilege Escalation via get-task-allow entitlement in Invoice Ninja

Invoice Ninja's configuration on macOS, specifically the presence of entitlement "com.apple.security.get-task-allow", allows local attackers with unprivileged access e.g. via a malicious application to attach a debugger, read or modify the process memory, inject code in the application's context...

4.8CVSS6.7AI score0.00127EPSS
Exploits0References2
CVE
CVE
added 2025/08/26 12:23 p.m.13 views

CVE-2025-8700

Invoice Ninja on macOS is affected by a local privilege-escalation issue due to the presence of the entitlement com.apple.security.get-task-allow. This allows unprivileged local attackers (e.g., via a malicious app) to attach a debugger, read/modify process memory, and inject code within the app’...

4.8CVSS6.1AI score0.00127EPSS
Exploits0References2
Rows per page
Query Builder