Lucene search
K

1356 matches found

Nuclei
Nuclei
added yesterday33 views

ownCloud Guests - User Enumeration

ownCloud Guests before 0.12.5 contains an unauthenticated user enumeration vulnerability caused by insufficient validation of the token in showPasswordForm at /apps/guests/register/email/token, letting unauthenticated attackers enumerate valid guest users, exploit requires no authentication. id:...

5.3CVSS6.1AI score0.00908EPSS
Exploits1References3
Rockylinux
Rockylinux
added last week5 views

edk2 security, bug fix, and enhancement update

An update is available for edk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

7.5CVSS6.9AI score0.01744EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/07/08 2:11 p.m.4 views

Moderate: Red Hat Security Advisory: edk2 security, bug fix, and enhancement update

An update for edk2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

7.5CVSS6.7AI score0.01744EPSS
Exploits0References2
CVE
CVE
added 2026/07/01 1:32 p.m.24 views

CVE-2026-53345

The CVE describes a Linux kernel KVM issue where a page dirty operation could warn about a missing running vCPU even when the VM is dying. The behavior was tied to the VM’s refcount and the state of SEV-ES guests; if a guest memory page remained dirty while the VM is dying and userspace had no ac...

5.8AI score0.00156EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 5:17 a.m.9 views

CVE-2026-9539

An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...

6.5CVSS0.00106EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:37 a.m.3 views

CVE-2026-9539 libslirp TCP URG OOB Read Information Leak

An out-of-bounds heap read and integer underflow in the TCP urgent data handling sosendoob in freedesktop.org libslirp version before v4.9.2 on hypervisor host environments e.g., QEMU allows a privileged guest VM attacker root or CAPNETRAW to leak gigabytes of sensitive host-process heap memory v...

6.5CVSS6AI score0.00106EPSS
Exploits0References6
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-8823

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS0.00231EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:41 p.m.4 views

CVE-2026-8823

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS6AI score0.00231EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/22 1:41 p.m.35 views

CVE-2026-8823 User Manager can demote bot accounts to guest without bot-management permission

Mattermost versions 11.7.x = 11.7.0, 10.11.x = 10.11.17 fail to validate bot targets when demoting users to guests which allows a lower-privileged administrator to degrade arbitrary bot accounts via the standard demote-user API.. Mattermost Advisory ID: MMSA-2026-00669...

3.8CVSS0.00231EPSS
Exploits0References1
Xen Project
Xen Project
added 2026/06/09 12:0 p.m.15 views

x86: mismatched mapcache metadata

ISSUE DESCRIPTION Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache. IMPACT Privilege escalation, Denial of...

8.1CVSS5.5AI score0.00353EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/27 7:15 p.m.11 views

CVE-2026-46059

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine nSVM module. This vulnerability occurs when running nested virtual machines L2 guests with NRIPS Next Instruction Pointer Suppression disabled. After an L2 guest's initial run, the NextRIP value in vmcb02 may not be correctly...

5.5CVSS5.9AI score0.00121EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-45987

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 After VMRUN in guest mode, nestedsynccontrolfromvmcb02 syncs fields written by the CPU from...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

Closing an event channel in the Linux kernel can lead to a deadlock. This occurs when the closure operation is performed in parallel with an unrelated Xen console action, and the handling of a Xen console interrupt occurs in a unprivileged guest. The closure of an event channel is triggered, for...

4.9CVSS6.2AI score0.00888EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fixed the initialization of the ID register for non-protected pKVM guests In protected mode, the hypervisor maintains a separate instance of the kvm structure for each VM. For non-protected VMs, this structure is...

8.8CVSS5.4AI score0.00119EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Xen

Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...

7.1CVSS6.9AI score0.00284EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10, Linux

Guests running on Arm can cause Denial of Service DoS attacks on Dom0 through PV devices. When mapping memory pages of guests on Arm, Dom0 uses an rbtree to keep track of the foreign mappings. The update of this rbtree does not always occur completely with the relevant lock held; this results in ...

4.7CVSS6.7AI score0.00309EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Drivers: hv: vmbus: Disabled the option to deactivate sysctlrecordpanicmsg by default in isolated guests. hvpanicpage might contain information sensitive to guests; do not dump this information to Hyper-V by default in isolate...

5.5CVSS6.4AI score0.00264EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.17 views

Astra Linux – Vulnerability in Linux 5.10

The Linux kernel before version 5.18.13 lacked a clear mechanism for handling the block starting symbol .bss. This allowed Xen PV guest OS users to cause a denial of service or gain privileges...

7.8CVSS6.7AI score0.00863EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/19 12:49 p.m.8 views

CVE-2026-23558 grant table v2 race in status page mapping

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status pages via XENMEMaddtophysmap. Some of the status pages may then be freed while...

5.8AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 6:6 a.m.9 views

BIT-GITLAB-2025-13874 Authorization Bypass Through User-Controlled Key in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an authenticated user with Guest permissions to view issues in projects they were not authorized to access...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References4
Rows per page
Query Builder