Lucene search
K

1305 matches found

SUSE CVE
SUSE CVE
added 2026/05/08 2:22 a.m.9 views

SUSE CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

4.2CVSS5.7AI score0.00228EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.22 views

PT-2026-39270

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description Administrative role changes and user deletions do not invalidate the SESSION POOL in-memory dictionary. When a user connects via Socket.IO, their role is snapshotted into this pool. Because the...

8.1CVSS5.8AI score0.00284EPSS
Exploits1References6
OSV
OSV
added 2026/05/07 9:23 p.m.7 views

GHSA-PJ6Q-4VQ4-R8CG Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count

Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...

6.5CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/07 9:23 p.m.30 views

Ech0 allows PUT /api/echo/like/:id unauthenticated: anonymous callers to modify any echo's fav_count

Summary PUT /api/echo/like/:id at internal/router/echo.go:12 is registered on PublicRouterGroup with no authentication and no rate limit. Anonymous callers increment the favcount counter on any echo including private echoes by UUID, repeat the request without deduplication, and trigger a database...

5.8AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/05/07 3:16 p.m.21 views

CVE-2026-41519

Weblate is a web based localization tool. Prior to version 5.17.1, when a user changes their password, browser sessions are correctly invalidated via "cyclesessionkeys", but DRF API tokens "wlu" prefix stored in "authtokentoken" are not revoked. This issue has been patched in version 5.17.1...

5.4CVSS0.00228EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 2:57 a.m.10 views

GHSA-258C-965C-P3HC Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change

Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...

6.5CVSS5.9AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 2:57 a.m.9 views

Daptin's Session Management Vulnerability Leads to Insufficient Session Expiration After Password Change

Summary A session invalidation vulnerability exists in daptin's authentication system where JSON Web Tokens JWTs remain fully valid after a user changes their password. The JWT validation middleware CheckJWT only verifies token signature, expiry, issuer, and signing algorithm — it does not check...

5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/07 2:13 a.m.5 views

GHSA-4CX3-3C38-J9VV katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/07 2:13 a.m.14 views

katalyst-koi: Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References5Affected Software1
RubySec
RubySec
added 2026/05/07 12:0 a.m.10 views

Session cookies can be replayed after user logout

Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to access admin functionality after logout, until the cookie expired or session secrets were rotated. This affects applications using Koi admin...

7.4CVSS5.8AI score0.00197EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/06 12:30 p.m.10 views

EUVD-2026-27722

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace e.g., QEMU, DPDK can hard-lock the host when their link drops, either by surprise...

5.8AI score0.00122EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/06 12:30 p.m.8 views

EUVD-2026-27689

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

5.8AI score0.00123EPSS
Exploits0References9
NVD
NVD
added 2026/05/06 12:16 p.m.56 views

CVE-2026-43258

In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruption when memory compaction is enabled. Symptoms include SIGSEGV, glibc allocator failures e.g...

7.8CVSS0.00138EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 12:16 p.m.7 views

CVE-2026-43161

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace e.g., QEMU, DPDK can hard-lock the host when their link drops, either by surprise...

5.5CVSS0.00122EPSS
Exploits0References4
NVD
NVD
added 2026/05/06 12:16 p.m.7 views

CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

5.5CVSS0.00123EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.29 views

CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace e.g., QEMU, DPDK can hard-lock the host when their link drops, either by surprise...

0.00122EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.16 views

CVE-2026-43161

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode PCIe endpoints with ATS enabled and passed through to userspace e.g., QEMU, DPDK can hard-lock the host when their link drops, either by surprise...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.29 views

CVE-2026-43130 iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

0.00123EPSS
Exploits0References8
CVE
CVE
added 2026/05/06 11:27 a.m.15 views

CVE-2026-43130

The CVE-2026-43130 issue affects the Linux kernel iommu/vt-d path, where flushing the dev-IOTLB can occur during resource release in scalable PCIe mode. The root cause is a path that attempted ATS invalidation without adequately verifying whether the PCIe device is still accessible after a link-d...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:27 a.m.9 views

CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder