Lucene search
K

141 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A bug in the calculation of popup notification delays could have allowed an attacker to trick a user into granting permissions. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

8.8CVSS6.9AI score0.00837EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0046

In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00076EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2026/05/28 3:43 p.m.19 views

krb5 security and bug fix update

An update is available for krb5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...

8.8CVSS5.8AI score0.02107EPSS
Exploits0
OSV
OSV
added 2026/05/28 3:43 p.m.11 views

RLSA-2023:6699 Moderate: krb5 security and bug fix update

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...

8.8CVSS6.8AI score0.02107EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/24 2:30 p.m.4 views

CVE-2026-31535

In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...

5.4AI score0.00088EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.9 views

PT-2026-34891

In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect socket.recv io.credits.available The logic off managing recv credits by counting posted recv io and granted credits is racy. That's because the peer might already consumed a credit, but between...

5.4AI score0.00426EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/13 9:11 a.m.1 views

CVE-2026-35337

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

6.4AI score0.01011EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/31 5:41 p.m.3 views

EUVD-2026-17569

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher...

6.3CVSS5.7AI score0.00171EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 10:52 a.m.32 views

CVE-2025-67856 Moodle: moodle: privilege escalation via incomplete role checks in badge awarding

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

5.4CVSS0.00272EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.4 views

PT-2026-5964

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle related to authorization logic. Incomplete role checks during the badge awarding process can allow badges to be granted without proper verification. This could enable...

9.8CVSS5.4AI score0.00272EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.5 views

MiracleLinux 9 : krb5-1.21.1-1.el9 (AXSA:2023-6633:07)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6633:07 advisory. krb5: Denial of service through freeing uninitialized pointer CVE-2023-36054 krb5: double-free in KDC TGS processing CVE-2023-39975 Tenable has...

8.8CVSS7.1AI score0.02107EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: idm:DL1 (TSSA-2024:0307)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0307 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.8CVSS7.6AI score0.02053EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/10/23 12:0 a.m.5 views

PT-2025-43482

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Android Framework component where insufficient input validation can be exploited to trick a user into accepting a permission through a tapjacking or overlay attack. This...

7.8CVSS6.3AI score0.00071EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-26963

Malware in sbrugna...

6.5CVSS6.3AI score0.02025EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2010-3674

Malware in sbrugna...

4.3CVSS6AI score0.02515EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-0046

Malware in sbrugna...

3.7CVSS6.1AI score0.00686EPSS
Exploits2References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2010-3676

Malware in sbrugna...

6.4CVSS6AI score0.03626EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-44551

Malicious code in bioql PyPI...

6.1CVSS7.9AI score0.00539EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/09/27 12:0 a.m.4 views

PT-2025-39701

Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.74 through 2025.82 Description Authenticated, unprivileged users can assign the is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not...

8.1CVSS6.5AI score0.00306EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2025/08/09 12:23 a.m.7 views

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

7.1CVSS6.2AI score0.00196EPSS
Exploits1References1
Rows per page
Query Builder