Lucene search
K

194 matches found

NVD
NVD
added 3 hours ago5 views

CVE-2026-58653

PraisonAI before 0.1.7 fails to validate that projectid in issue create and update request bodies belongs to the URL workspace. An attacker can create issues referencing projects from other workspaces, causing cross-tenant data pollution in project statistics aggregation without workspace...

5.3CVSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-53187

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to...

7.1CVSS5.8AI score0.00129EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 6 days ago6 views

SUSE CVE-2026-53187

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...

7.1CVSS5.8AI score0.00129EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added last week5 views

CVE-2026-53031

A flaw was found in the Linux kernel. The arenaallocpages function within the Berkeley Packet Filter BPF subsystem does not properly validate the nodeid parameter. A local attacker could exploit this vulnerability by supplying an invalid nodeid, which is then used without bounds checking during...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.5 views

CVE-2026-53187

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...

7.1CVSS0.00129EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53187

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...

7.1CVSS5.7AI score0.00129EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 8:39 a.m.3 views

EUVD-2026-39278

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...

5.7AI score0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:39 a.m.25 views

CVE-2026-53187 RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpuid against nrcpuids in DMAH alloc The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu without first verifying that the value is within the valid...

7.1CVSS0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.3 views

EUVD-2026-38899

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

5.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.25 views

CVE-2026-53031 bpf: Validate node_id in arena_alloc_pages()

In the Linux kernel, the following vulnerability has been resolved: bpf: Validate nodeid in arenaallocpages arenaallocpages accepts a plain int nodeid and forwards it through the entire allocation chain without any bounds checking. Validate nodeid before passing it down the allocation chain in...

7.8CVSS0.00128EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.3 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: hns3 – added validation of the VLAN ID before using it. Currently, the VLAN ID can be used without validation when receiving a VLAN configuration mailbox from VF. The length of vlansdelfailbmap is BITSTOLONGSVLANNVID. This m...

7.1CVSS6.4AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-51925

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF Berkeley Packet Filter subsystem where the arena alloc pages function accepts an integer node id and forwards it through the allocation chain without performin...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/11 1:25 p.m.11 views

free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence

Summary The free5GC UDR accepts arbitrary non-3GPP ueId values in the EE subscription creation and query flows because the regular expression used for validation ends with the catch-all alternative |.+. This causes the validation logic to accept any non-empty string rather than restricting input ...

5.9AI score0.00084EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/10 3:16 p.m.13 views

CVE-2026-53471

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS0.00286EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/10 1:55 p.m.11 views

EUVD-2026-36031

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

9.6CVSS5.5AI score0.00286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.13 views

PT-2026-47019

Name of the Vulnerable Software and Affected Versions Termix versions prior to 2.3.2 Description Termix is a web-based server management platform providing SSH terminal, tunneling, and file editing capabilities. The File Manager functionality contains a Broken Access Control issue resulting from...

9CVSS5.8AI score0.00387EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/06/01 2:19 p.m.16 views

praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspaceid/issues/issueid/comments and GET .../comments gate access on requireworkspacememberworkspaceid only, then call CommentService.createissueid=issueid, ... and CommentService.listforissueissueid without...

5.9AI score0.00032EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/27 2:17 p.m.11 views

CVE-2026-46020

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememused,freebp Patch series "mm/damon/core: validate damosquotagoal-nid". nodememcgused,freebp DAMOS quota goals receive the node id. The node id is used for simeminfonode and...

7.1CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/05/27 2:17 p.m.13 views

CVE-2026-45878

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watchid bounds checking in debug address watch v2 The address watch clear code receives watchid as an unsigned value u32, but some helper functions were using a signed int and checked bits by shifting with watchid...

7.8CVSS0.00177EPSS
Exploits0References5
OSV
OSV
added 2026/05/27 2:17 p.m.6 views

UBUNTU-CVE-2026-46067

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damosquotagoal-nid for nodememcgused,freebp Users can set damosquotagoal-nid with arbitrary value for nodememcgused,freebp. But DAMON core is using those for NODE-DATA without a validation of the value. Th...

7.1CVSS5.9AI score0.00117EPSS
Exploits0References5
Rows per page
Query Builder