Lucene search
+L

162 matches found

Snyk
Snyk
added 2026/07/03 6:16 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the open-editor and invalidate endpoints. An attacker can open...

5.3CVSS6AI score0.00116EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 5:16 p.m.9 views

CVE-2026-14620

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS0.00116EPSS
Exploits0References2
OSV
OSV
added 2026/07/03 5:0 p.m.4 views

CVE-2026-14620 webpack-dev-server vulnerable to cross-site request forgery via internal developer endpoints

webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any websi...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 5:0 p.m.38 views

CVE-2026-14620

webpack-dev-server prior to 5.2.6 exposes two internal endpoints (/webpack-dev-server/open-editor and /webpack-dev-server/invalidate) that perform state-changing actions on any GET request without origin verification. This enables cross-origin interactions when a user visits any website while the...

4.7CVSS6.1AI score0.00116EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/01 1:32 p.m.15 views

EUVD-2026-40988

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...

9.1CVSS6.2AI score0.0053EPSS
Exploits0References9
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:12 a.m.8 views

dm cache policy smq: check allocation under invalidate lock

...

7.8CVSS5.8AI score0.00129EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/26 7:18 p.m.9 views

CVE-2026-52951

A flaw was found in the Linux kernel's drm/xe/dma-buf subsystem. This vulnerability involves race conditions when handling the invalidatemappings hook, particularly during buffer object initialization and attachment. An attacker, by triggering specific sequences of operations, could exploit these...

7.8CVSS5.9AI score0.00138EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 6:34 p.m.9 views

CVE-2026-53064

A flaw was found in the Linux kernel's device-mapper dm-cache component. When dm-cache operates in passthrough mode, a race condition can occur during concurrent write operations to the same cached block. This can lead to a null-pointer dereference in the invalidatecomplete function, potentially...

5.5CVSS5.7AI score0.00176EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/26 4:31 p.m.10 views

CVE-2026-53063

A flaw was found in the Linux kernel's device-mapper dm cache component. Incomplete logic within the invalidateremove function, which handles write operations after cache invalidation, can lead to a system hang. This occurs because the function sets up remapping for write operations but fails to...

5.5CVSS5.7AI score0.0018EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/25 6:17 p.m.11 views

CVE-2026-53062

A flaw was found in the Linux kernel's device-mapper dm cache policy, specifically within the smq module. In passthrough mode, the invalidatemapping operation lacks proper locking, allowing for concurrent access. This can lead to data races, resulting in data corruption or use-after-free issues,...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53265

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References11
CVE
CVE
added 2026/06/25 8:39 a.m.30 views

CVE-2026-53265

The CVE-2026-53265 entry describes a Linux kernel race in the dm-cache policy SMQ path. A check-then-act race occurs in smq_invalidate_mapping where an e->allocated check was left outside the mq->lock after the destructive section was serialized; two concurrent invalidators can observe allo...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.11 views

EUVD-2026-39216

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

5.8AI score0.00129EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53265

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

7.8CVSS5.7AI score0.00129EPSS
Exploits0
OSV
OSV
added 2026/06/25 8:39 a.m.3 views

CVE-2026-53265 dm cache policy smq: check allocation under invalidate lock

In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: check allocation under invalidate lock commit 2d1f7b65f5de "dm cache policy smq: fix missing locks in invalidating cache blocks" added mq-lock around the destructive part of smqinvalidatemapping, but left the...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52360

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A check-then-act race condition exists in the dm cache policy smq. The smq invalidate mapping function performs a check on the e-allocated variable outside of the mq-lock critical sectio...

7.8CVSS6.2AI score0.00129EPSS
Exploits0References22
EUVD
EUVD
added 2026/06/24 6:32 p.m.8 views

EUVD-2026-38819

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidatemappings hook: 1 We do xeboalloc followed by the attach, before the actual full bo init step in xedmabufinitobj...

6AI score0.00138EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 5:17 p.m.5 views

CVE-2026-53063

In the Linux kernel, the following vulnerability has been resolved: dm cache: fix write hang in passthrough mode The invalidateremove function has incomplete logic for handling write hit bios after cache invalidation. It sets up the remapping for the overwritebio but then drops it immediately...

0.0018EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:30 p.m.16 views

CVE-2026-53122

CVE-2026-53122: In the Linux kernel, the btrfs filesystem can deadlock when flushoncommit is used. A transaction commit and a reflink copying an inline extent to an offset beyond the destination i_size create a cycle: a clone to an EOF offset leads to delalloc flush, which flushes and invalidates...

5.8AI score0.00179EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53064

Summary: CVE-2026-53064 affects the Linux kernel dm-cache when operating in passthrough mode. A race between cache invalidation and concurrent writes can leave mg->cell as NULL, causing a NULL pointer dereference in the unlock path during invalidate_complete(), triggering a KASAN null-ptr-dere...

5.7AI score0.00176EPSS
Exploits0References8
Rows per page
Query Builder