Lucene search
K

1068 matches found

CVE
CVE
added 2026/06/23 12:0 a.m.5 views

CVE-2025-61021

The CVE-2025-61021 entry concerns openlink virtuoso-opensource v7.2.11, specifically the sqlo_natural_join_cond component. The issue enables Denial of Service via crafted SQL statements. Public details across connected documents confirm the affected product/version and the root cause (sqlo_natura...

7.5CVSS5.9AI score0.0035EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 2:35 a.m.6 views

EUVD-2026-38207

A vulnerability has been identified in centraldogma-server versions prior to 0.84.0, where enabling ZooKeeper replication without setting replication.secret causes the server to silently fall back to a hard-coded, publicly known secret. This default credential authenticates the embedded ZooKeeper...

9.4CVSS6.1AI score0.00145EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in firejail

A privilege context switching issue was discovered in the join.c file of Firejail 0.9.68. By creating a fake Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment where the Linux user namespace remains the initial user...

7.8CVSS6.5AI score0.00382EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: mac80211: A potential double-free operation occurred during mesh join. While commit 6a01afcf8468 “mac80211: Mesh: Deleting ie data when leaving the mesh” fixed a memory leak that occurred during mesh leave/teardown, it introduced...

7.8CVSS6AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: Marvell: Prestera: Fixed an issue where double-free operations occurred on the error path. Fixed error path handling in presterabridgeportjoin, which could cause the Prestera driver to crash see below. Trace: - Internal...

7.8CVSS5.4AI score0.00215EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fixed the issue with locking the mcast list. The release of priv-lock while iterating over priv-multicastlist in ipoibmcastjointask creates a situation where ipoibmcastdevFlush may remove the items while the iteration i...

5.5CVSS6AI score0.00309EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rvdso: In the vdsojointimens function, a NULL pointer was encountered when handling the vfork operation. The testing results are as follows in the kernel log: 6.838454 Unable to handle kernel access to user memory without uaccess...

5.6AI score0.00198EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/cma: Allow UD qptype to join multicast only Regarding multicast: - The SIDR is the only mode that makes sense; - In addition to PSUDP, other port spaces like PSIB are also allowed, as they are UD-compatible. In this case,...

5.5CVSS6.4AI score0.00135EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux

The mwifiexcmd80211adhocstart function in the drivers/net/wireless/marvell/mwifiex/join.c file within the Linux kernel, as of version 5.10.4, may allow remote attackers to execute arbitrary code by using a long SSID value, also known as CID-5c455c5ab332...

8.8CVSS7.1AI score0.02209EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: drivers: staging: rtl8723bs: Fixed locking issues in rtwjointimeouthandler. The commit number 041879b12ddb states: “drivers: staging: rtl8192bs: Fixed deadlock in rtwjoinbsseventprehandle. In addition, rtwjointimeouthandler wa...

5.5CVSS5.8AI score0.0011EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: mptcp: Fixed a deadlock issue in mptcppushpending. mptcppushPending may call mptcpFlushJoinList with a subflow socket lock held. If this call encounters mptcpSockOptSyncAll, then mptcpSockOptSync might attempt to lock the subflow...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/19 6:31 a.m.5 views

Canonical MicroCeph: path traversal issue in the remote-import AP

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:57 a.m.6 views

CVE-2026-10720

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/19 4:57 a.m.9 views

EUVD-2026-37990

Canonical MicroCeph versions from the squid and tentacle track are vulnerable to a path traversal issue in the remote-import API. Holders of a trusted cluster mTLS certificate such as enrolled cluster members or join token can manipulate files in an imported remote cluster within the...

5CVSS5.9AI score0.00208EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50835

Name of the Vulnerable Software and Affected Versions Canonical MicroCeph versions from the squid and tentacle track Description A path traversal issue exists in the remote-import API. Users possessing a join token or a trusted cluster mTLS certificate, such as enrolled cluster members, can...

5CVSS5.9AI score0.00208EPSS
Exploits0References13
EUVD
EUVD
added 2026/06/17 7:8 p.m.8 views

EUVD-2026-37785

Evil-WinRM through 3.9, fixed in commit 6ecd570, contains a path traversal vulnerability in the downloaddir function that allows a rogue or compromised remote Windows server to write files outside the intended download directory by returning filenames with traversal sequences from Get-ChildItem...

7.4CVSS5.4AI score0.00304EPSS
Exploits0References3
OSV
OSV
added 2026/06/17 6:7 p.m.4 views

GHSA-QWXF-2M7M-2M3X Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Summary A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. Impact The notification gateway's JWT handshake joined a...

6.5CVSS5.4AI score0.00275EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/17 6:7 p.m.10 views

Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Summary A cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification channel and passively receive that organization's events. Impact The notification gateway's JWT handshake joined a...

6.5CVSS5.3AI score0.00275EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50593

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.11 Description An authorization bypass exists in the ydoc:document:join Socket.IO handler. The handler only performs ownership checks when the document id variable starts with the prefix note: colon. However, t...

5.3CVSS5.9AI score0.00268EPSS
Exploits1References7
NVD
NVD
added 2026/06/16 4:17 a.m.17 views

CVE-2026-6964

The Video Conferencing with Zoom plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.6.7. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to obtain...

5.3CVSS0.00323EPSS
Exploits0References8
Rows per page
Query Builder