Lucene search
K

2856 matches found

OSV
OSV
added 2026/07/01 7:57 p.m.3 views

GHSA-XGJW-PM74-86Q4 sigstore-js has Insufficient Verification of Data Authenticity

sigstore-js derives a transparency-log timestamp from tlogEntries.integratedTime and uses it to validate certificate validity windows and satisfy timestampThreshold. For bundle v0.2, a tlog entry can be inclusionProof-only no signed inclusionPromise/set, and the inclusion proof path does not...

6.5CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/01 5:1 p.m.7 views

CVE-2026-53339

A flaw was found in the Linux kernel's i2c-qcom-cci driver. This vulnerability occurs when the device unbinding or driver removal process is initiated on systems where only one I2C master is initialized, despite the Qualcomm CCI controller providing two. This can lead to a NULL pointer dereferenc...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 1:32 p.m.7 views

EUVD-2026-40974

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2cimxruntimesuspend, the clock is disabled before switching the pinctrl state to sleep. If pinctrlpmselectsleepstate fails, the runtime suspend is aborted but...

5.8AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 1:32 p.m.9 views

EUVD-2026-40973

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...

5.8AI score0.00164EPSS
Exploits0References8
NVD
NVD
added 2026/06/30 8:17 p.m.6 views

CVE-2026-11595

IBM WebSphere Application Server 9.0, and 8.5 could allow a remote attacker to obtain sensitive information from the administrative console's integrated help system...

7.5CVSS0.00474EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/30 7:47 p.m.7 views

EUVD-2026-40397

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/30 7:47 p.m.7 views

CVE-2026-11708

IBM WebSphere Application Server 9.0, and 8.5 is affected by a cross-site scripting vulnerability in the administrative console's integrated help system...

9.3CVSS5.6AI score0.00217EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53962

Name of the Vulnerable Software and Affected Versions IBM WebSphere Application Server version 9.0 IBM WebSphere Application Server version 8.5 Description A cross-site scripting issue exists within the integrated help system of the administrative console. Cross-site scripting is a flaw that allo...

9.3CVSS5.8AI score0.00217EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/29 12:0 p.m.6 views

Security Bulletin: Vulnerability in Dojo affects IBM Integrated Analytics System[CVE-2021-23450]

Summary The Dojo package is used by IBM Integrated Analytics System. IBM Integrated Analytics System has addresed the applicable CVE CVE-2021-23450. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: All versions of package dojo are vulnerable to Prototype Pollution via the setObject functio...

9.8CVSS6.7AI score0.30367EPSS
Exploits1Affected Software1
EUVD
EUVD
added 2026/06/26 7:40 p.m.7 views

EUVD-2026-39884

In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktraillvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2cgetadapter and tries to read the EDID before falling back to allocating and registering its own adapter. The error handling doe...

5.8AI score0.00122EPSS
Exploits0References6
CVE
CVE
added 2026/06/26 7:40 p.m.15 views

CVE-2026-53279

CVE-2026-53279 affects the Linux kernel driver path drm/gma500/oaktrail_lvds. The issue occurs during LVDS initialization where the code looks up an I2C adapter (via i2c_get_adapter) and may read EDID, then either uses the adapter or falls back to allocating/registering its own adapter. On late i...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 3:1 p.m.8 views

CVE-2026-52948

A flaw was found in the Linux kernel's I2C Inter-Integrated Circuit subsystem. A malicious local user can exploit an integer overflow vulnerability in the I2CTIMEOUT ioctl. By providing a large timeout value, the multiplication by 10 causes an overflow, leading to a truncated value. This results ...

5.5CVSS5.8AI score0.00185EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.7 views

SUSE CVE-2026-53136

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp VBIOS HDMI retimer register count to array size Why & How The VBIOS integrated info tables v111 and v21 contain HdmiRegNum and Hdmi6GRegNum fields that are used as loop bounds when copying retimer I2C...

5.8AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 9:31 a.m.3 views

EUVD-2026-39342

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Clamp HDMI HDCP2 rxidlist read to buffer size Why & How During HDCP 2.x repeater authentication over HDMI, the driver reads the sink's RxStatus register and extracts a 10-bit message size field max value 1023. Th...

6AI score0.00143EPSS
Exploits0References9
CVE
CVE
added 2026/06/24 4:26 p.m.12 views

CVE-2026-52948

CVE-2026-52948 affects the Linux kernel I2C subsystem (dev I2C_TIMEOUT ioctl). The vulnerability arises when a user-supplied timeout (in 10 ms units) passes the INT_MAX check but, after multiplication by 10, overflows a 32-bit value. The resulting truncated unsigned value is assigned to a signed ...

5.8AI score0.00185EPSS
Exploits0References8
Microsoft Secure
Microsoft Secure
added 2026/06/15 4:0 p.m.11 views

Microsoft Defender email security benchmarking: Key insights from one year of data

Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway SEG and integrated cloud email security ICES vendors using real-world threat telemetry. A year ago, we set out to change how email security effectiveness is measured. With our...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.11 views

CVE-2026-25786

Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...

9.3CVSS7.8AI score0.0037EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 4:16 p.m.14 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00373EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

VERTEX 路径遍历漏洞

VERTEX is an integrated management tool developed by the individual developer of lswl.in, designed for binge-watching and stream watching. VERTEX has a path traversal vulnerability; this vulnerability arises from path traversal attacks, which may allow attackers to access unauthorized files...

8.6CVSS8.3AI score0.00414EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 9:41 a.m.11 views

EUVD-2026-32757

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.8AI score0.00105EPSS
Exploits0References2
Rows per page
Query Builder