Lucene search
K

3110 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago3 views

CVE-2026-25714

Gitea versions up to and including 1.26.1 do not apply public-only token filtering consistently to the user organization API, leaving an incomplete fix for CVE-2025-68941...

4.3CVSS5.9AI score0.00271EPSS
Exploits0References5
CVE
CVE
added 2 days ago20 views

CVE-2026-14544

CVE-2026-14544 concerns HPLIP (HP Linux Imaging and Printing Software) with an integer overflow in the hpcups processing path when handling specially crafted print data. This is described as an incomplete fix for CVE-2026-8631. The vulnerability may allow a remote attacker to escalate privileges ...

9.8CVSS6.2AI score0.00511EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-14544

A flaw was found in HPLIP HP Linux Imaging and Printing Software. This vulnerability, an incomplete fix for CVE-2026-8631, may allow a remote attacker to escalate privileges or achieve arbitrary code execution. This can occur through an integer overflow in the hpcups processing path when handling...

9.8CVSS6.2AI score0.00511EPSS
Exploits0References3
NVD
NVD
added 4 days ago6 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

9.8CVSS0.0113EPSS
Exploits0References3
CVE
CVE
added 4 days ago12 views

CVE-2026-12480

CVE-2026-12480 affects Keras up to 3.13.2. The root cause is an incomplete fix for CVE-2026-1669 in H5IOStore._verify_dataset() and file_editor.py, where the code fails to check the dataset.is_virtual property of HDF5 datasets. This allows an attacker to craft a malicious .keras model archive or ...

5.5CVSS6.2AI score0.00127EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-51947

An issue in Pivotal CRM 6.6.4.08 and systems using patch-ghi-15381-cwe-502-20251225.zip fixed in Pivotal CRM 6.6.5.10 and PatchCWE50220260316.zip allows a remote attacker to execute arbitrary code via the Pivotal.Engine.Client.Services.Conversion.dll component. NOTE: this issue exists because of ...

0.0113EPSS
Exploits0References3
OSV
OSV
added 6 days ago5 views

PYSEC-2026-304 Server-Side Request Forgery in calibreweb

calibreweb prior to version 0.6.17 is vulnerable to server-side request forgery SSRF. This is due to an incomplete fix for CVE-2022-0339. The blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

9.8CVSS6.7AI score0.01284EPSS
Exploits1References6
OSV
OSV
added 2026/06/25 8:17 p.m.3 views

DEBIAN-CVE-2026-7531

Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 released in 5.9.1: a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory...

9.8CVSS5.8AI score0.00346EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 6:43 p.m.7 views

GO-2026-5337 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) in github.com/kyverno/kyverno

Kyverno: Cross-Namespace Read Bypasses RBAC Isolation CVE-2026-22039 Incomplete Fix in github.com/kyverno/kyverno...

7.7CVSS5.8AI score0.00266EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/06/25 3:51 p.m.5 views

CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId...

5.3CVSS5.8AI score0.00353EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/06/22 9:27 p.m.5 views

Glances: XML-RPC Multi-Origin CORS Configuration Silently Falls Back to Wildcard (Incomplete Fix for CVE-2026-33533)

Summary The Glances XML-RPC server glances -s introduced a configurable CORS origin list in version 4.5.3 as a mitigation for CVE 2026-33533. However, the implementation silently falls back to Access-Control-Allow-Origin: whenever corsorigins contains more than one entry. An operator who configur...

7.4CVSS5.9AI score0.00409EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/21 10:16 a.m.13 views

CVE-2026-12799

A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function uiviewusers of the file litellm/proxy/managementendpoints/internaluserendpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. I...

5.3CVSS0.00288EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-56412

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libexpat before 2.8.2 does not consider XMLTOKDATACHARS in doCdataSection and thus lacks handler call depth tracking for various calls from within handlers in...

5.9CVSS6AI score0.00105EPSS
Exploits0References4
NVD
NVD
added 2026/06/19 5:16 p.m.63 views

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 4:23 p.m.30 views

CVE-2026-3195 Qemu-kvm: virtio-snd: heap buffer overflow in virtio_snd_pcm_in_cb (incomplete fix for cve-2024-7730)

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS0.00126EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 4:23 p.m.18 views

CVE-2026-3195

CVE-2026-3195 : In QEMU’s virtio-snd, the heap buffer overflow occurs in the input callback (virtio_snd_pcm_in_cb) due to an incomplete bounds/iov check. The Attackerkb entry reiterates that the function does not verify whether the iov can fit the data buffer, enabling a heap out-of-bounds write....

7.4CVSS5.8AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:23 p.m.6 views

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.4CVSS5.8AI score0.00126EPSS
Exploits0References3Affected Software6
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.20 views

Astra Linux – Vulnerability in Tomcat9

The fix for CVE-2020-9484 was incomplete. When using Apache Tomcat 10.0.0-M1 to 10.0.0, 9.0.0.M1 to 9.0.41, 8.5.0 to 8.5.61, or 7.0.0 to 7.0.107, the Tomcat instance was still vulnerable to CVE-2020-9494, even when using a configuration edge case that was highly unlikely to be used. It should be...

7CVSS6.7AI score0.56636EPSS
Exploits15References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.12 views

Astra Linux – Vulnerability in python-git

GitPython before version 3.1.32 does not prevent the use of insecure non-multi options in clone and clonefrom commands. NOTE: This issue exists due to an incomplete fix for CVE-2022-24439...

9.8CVSS8.2AI score0.00984EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 6:4 p.m.4 views

MGASA-2026-0222 Updated gstreamer1.0-plugins-bad, gstreamer1.0-plugins-base, gstreamer1.0-plugins-good & gstreamer1.0-plugins-ugly packages fix security vulnerabilities

CVE-2026-2921, GStreamer RIFF Palette Integer Overflow Remote Code Execution Vulnerability CVE-2026-2923.GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability CVE-2026-3082, GStreamer JPEG Parser Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2026-308...

8.8CVSS7.5AI score0.00867EPSS
Exploits0References4
Rows per page
Query Builder