Lucene search
K

1648 matches found

CVE
CVE
added 2026/06/09 5:22 p.m.20 views

CVE-2025-54509

CVE-2025-54509 describes improper access control for the IOMMU register interface, potentially allowing a privileged attacker using the AMD secure processor (ASP) to cause non-coherent accesses and induce loss of integrity. The vulnerability stems from access control weaknesses in the IOMMU regis...

4CVSS5.5AI score0.00127EPSS
Exploits0References1
Xen Project
Xen Project
added 2026/06/09 12:0 p.m.15 views

x86 HVM I/O port list traversal

ISSUE DESCRIPTION HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses...

7.9CVSS5.5AI score0.00095EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-47853

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-48241

Name of the Vulnerable Software and Affected Versions Xen affected versions not specified Description HVM guest I/O port accesses require either emulation or translation. These translations are managed by the device model through 'XEN DOMCTL ioport mapping'. The linked list used for these...

7.9CVSS5.8AI score0.00095EPSS
Exploits0References34
Amd
Amd
added 2026/06/09 12:0 a.m.15 views

ASP non-Coherent Memory Access

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-54509| Improper access control for register interface in the input-output memory management unit IOMMU could allow a privileged attacker to cause non-coherent accesses by the AMD Secure...

4CVSS5.4AI score0.00127EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:46 p.m.7 views

CVE-2026-46298

In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing -ioctl handler or -release handler, if an interrupt fires on the same cpu, then we can enter into a deadlock. This patch fixes both these handlers to take...

5.4AI score0.00074EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.19 views

PT-2026-47624

Name of the Vulnerable Software and Affected Versions Arc versions prior to 2026.06.1 Description An authenticated user can read arbitrary local files by bypassing the user-SQL validator and RBAC table-reference extraction. The validator in internal/api/query.go:ValidateSQLRequest used a regex...

7.1CVSS6AI score0.00029EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.15 views

PT-2026-47575

Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only read parquet and arc partition agg via regex denylist. The broader DuckDB I/O function family — read csv auto, read csv, read json, read json auto, read text, read blob, glob, parquet metadata, parquet schema,...

7.1CVSS5.6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-70795

STProcessMonitor 11.11.4.0, part of the Safetica Application suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

5.5CVSS5.5AI score0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6737

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpa...

2CVSS5.5AI score0.00092EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.11 views

CVE-2025-47406

Information Disclosure while processing IOCTL handler callbacks without verifying buffer size...

6.1CVSS5.7AI score0.00074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.14 views

CVE-2025-59610

Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer...

6.4CVSS5.4AI score0.00056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.9 views

CVE-2025-47405

Memory corruption when processing camera sensor input/output control codes with invalid output buffers...

7.8CVSS5.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:41 p.m.10 views

CVE-2025-47408

Memory corruption when another driver calls an IOCTL with invalid input/output buffer...

7.8CVSS5.5AI score0.00075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.11 views

CVE-2024-47272

Incorrect authorization vulnerability in IO Module functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors...

2.7CVSS5.5AI score0.00249EPSS
Exploits0References1
Fedora
Fedora
added 2026/06/05 4:27 a.m.20 views

[SECURITY] Fedora 44 Update: libre-4.8.1-1.fc44

Libre is a generic library for real-time communications with async I/O support. Features are a SIP stack RFC 3261, SDP, RTP and RTCP, SRTP and SRTCP Secure RTP, DNS client, STUN/TURN/ICE stack, BFCP, HTTP stack with client/server, Websockets, Jitter buffer, async I/O poll, epoll, select, kqueue,...

5.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.12 views

PT-2026-50570

Name of the Vulnerable Software and Affected Versions vantage6 versions prior to 5.0.0 Description Malicious algorithms can potentially access input and output files belonging to other algorithms. Recommendations Update to version 5.0.0. As a temporary workaround, verify and restrict the algorith...

6.9CVSS5.9AI score0.00285EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2026/06/04 2:31 a.m.17 views

SUSE CVE-2025-71314

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

5.8AI score0.00122EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/03 3:49 p.m.52 views

CVE-2025-71314 drm/panthor: Recover from panthor_gpu_flush_caches() failures

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthorgpuflushcaches failures We have seen a few cases where the whole memory subsystem is blocked and flush operations never complete. When that happens, we want to: - schedule a reset, so we can recov...

0.00122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/03 10:1 a.m.11 views

CVE-2026-25259

Memory corruption while processing multiple IOCTL command for escape operations...

7.8CVSS5.8AI score0.0007EPSS
Exploits0References1
Rows per page
Query Builder