Lucene search
K

47722 matches found

Debian CVE
Debian CVE
added 2026/02/14 3:36 p.m.4 views

CVE-2026-23141

In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in rangeisholeinparent Before accessing the diskbytenr field of a file extent item we need to check if we are dealing with an inline extent. This is because for inline extents their data star...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/02/14 3:14 p.m.31 views

CVE-2026-23134 slab: fix kmalloc_nolock() context check for PREEMPT_RT

In the Linux kernel, the following vulnerability has been resolved: slab: fix kmallocnolock context check for PREEMPTRT On PREEMPTRT kernels, locallock becomes a sleeping lock. The current check in kmallocnolock only verifies we're not in NMI or hard IRQ context, but misses the case where...

0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/14 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the kmallocnolock function not properly checking the context within the PREEMPTRT kernel. This ma...

5.5CVSS6AI score0.00107EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/13 7:18 p.m.5 views

CVE-2026-26214

Galaxy FDS Android SDK XiaoMi/galaxy-fds-sdk-android version 3.0.8 and prior disable TLS hostname verification when HTTPS is enabled the default configuration. In GalaxyFDSClientImpl.createHttpClient, the SDK configures Apache HttpClient with SSLSocketFactory.ALLOWALLHOSTNAMEVERIFIER, which accep...

9.1CVSS5.5AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 7:17 p.m.5 views

CVE-2026-26187

lakeFS is an open-source tool that transforms object storage into a Git-like repositories. Prior to 1.77.0, the local block adapter pkg/block/local/adapter.go allows authenticated users to read and write files outside their designated storage boundaries. The verifyRelPath function used...

8.1CVSS0.0039EPSS
Exploits0References3
NVD
NVD
added 2026/02/13 7:17 p.m.6 views

CVE-2026-25964

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS0.0042EPSS
Exploits2References3
OSV
OSV
added 2026/02/13 6:10 p.m.4 views

CVE-2026-21878 BACnet Stack Improperly Limits Pathnames to a Restricted Directory

BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.5.0.rc3, a vulnerability has been discovered in BACnet Stack's file writing functionality where there is no validation of user-provided file paths, allowing attackers to write files to arbitrary...

7.5CVSS5.7AI score0.00356EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/13 1:22 p.m.8 views

CVE-2025-15573

The affected devices do not validate the server certificate when connecting to the SolaX Cloud MQTTS server hosted in the Alibaba Cloud mqtt001.solaxcloud.com, TCP 8883. This allows attackers in a man-in-the-middle position to act as the legitimate MQTT server and issue arbitrary commands to...

9.4CVSS5.8AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2026/02/13 4:15 a.m.9 views

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

8.8CVSS0.04974EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/13 3:39 a.m.160 views

CVE-2026-25108

FileZen contains an OS command injection vulnerability. When FileZen Antivirus Check Option is enabled, a logged-in user may send a specially crafted HTTP request to execute an arbitrary OS command...

8.8CVSS0.04974EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/13 1:30 a.m.5 views

CVE-2026-26021

set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...

9.8CVSS5.4AI score0.00461EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2026/02/13 12:24 a.m.6 views

SUSE CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

7.5CVSS6.6AI score0.00367EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/13 12:22 a.m.4 views

CVE-2025-9293 Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

7.7CVSS5.6AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/13 12:22 a.m.31 views

CVE-2025-9293 Insufficient Certificate Validation in Multiple Mobile Applications Allows Man in the Middle Interception

A vulnerability in the certificate validation logic may allow applications to accept untrusted or improperly validated server identities during TLS communication. An attacker in a privileged network position may be able to intercept or modify traffic if they can position themselves within the...

7.7CVSS0.00224EPSS
Exploits0References2
CVE
CVE
added 2026/02/13 12:22 a.m.17 views

CVE-2025-9293

The CVE-2025-9293 entry describes a vulnerability in TLS certificate validation across multiple mobile applications. Root cause: insufficient validation of server identities during TLS, enabling an attacker in a privileged network position to intercept or modify traffic. Impact includes confident...

8.1CVSS5.6AI score0.00224EPSS
Exploits0References2Affected Software14
CVE
CVE
added 2026/02/13 12:21 a.m.25 views

CVE-2025-9292

CVE-2025-9292 affects TP-Link Omada Cloud Controller. A permissive web security configuration may bypass cross-origin restrictions in certain conditions, enabling potential unauthorized disclosure of sensitive data. Exploitation requires an existing client-side injection vulnerability and access ...

7.5CVSS5.6AI score0.00342EPSS
Exploits0References2Affected Software14
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.5 views

Tandoor Recipes 代码问题漏洞

Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.5.1 had code vulnerabilities. These vulnerabilities stemmed from the Cookmate recipe import feature not verifying the target URL...

7.7CVSS5.9AI score0.00283EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/13 12:0 a.m.3 views

CVE-2025-69633

A SQL Injection vulnerability in the Advanced Popup Creator advancedpopupcreator module for PrestaShop 1.1.26 through 1.2.6 Fixed in version 1.2.7 allows remote unauthenticated attackers to execute arbitrary SQL queries via the fromController parameter in the popup controller. The parameter is...

6.4AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.7 views

PT-2026-8041

Name of the Vulnerable Software and Affected Versions Known versions prior to 1.6.3 Known version 1.6.2 Description A critical broken authentication issue exists in Known. The application reveals the password reset token within a hidden HTML input field on the password reset page. This allows an...

9.8CVSS8.3AI score0.00714EPSS
Exploits1References20
UbuntuCve
UbuntuCve
added 2026/02/13 12:0 a.m.5 views

CVE-2026-25990

Pillow is a Python imaging library. From 10.3.0 to before 12.1.1, an out-of-bounds write may be triggered when loading a specially crafted PSD image. This vulnerability is fixed in 12.1.1...

8.6CVSS6.7AI score0.00367EPSS
Exploits1References4
Rows per page
Query Builder