Lucene search
K

135 matches found

Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51452

Name of the Vulnerable Software and Affected Versions Budibase versions 3.37.2 through 3.38.x Description Budibase contains an issue where the GET /api/chat-links/:instance/:token/handoff endpoint is public and lacks authentication and Cross-Site Request Forgery CSRF protection. This allows an...

7.3CVSS5.8AI score0.00192EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: iommu: Clearing iommu-dma operations during cleanup. If iommudeviceregister encounters an error, it may result in tearing down already-configured groups and default domains. However, this still leaves devices connected to...

5.5CVSS6.2AI score0.00217EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 9:22 a.m.6 views

kernel: geneve: Fix use-after-free in geneve_find_dev().

A use-after-free vulnerability exists in the Linux kernel. When devnet is dismantled, the geneveexitbatchrtnl function calls unregisternetdevicequeue for each device in the network namespace. Later, when the device is freed, it is still linked to the backend UDP socket in the network namespace...

7.8CVSS7.3AI score0.00227EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 10:7 a.m.10 views

CVE-2026-49757 OAuth2/OIDC account takeover in AshAuthentication via email-based user matching

Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email address an upsert on the email field, or a user-defined sign-in...

9.2CVSS5.3AI score0.00563EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.7 views

CVE-2026-6741

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.4AI score0.00293EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/29 12:0 a.m.18 views

SUSE SLED15 / SLES15 Security Update : go1.25-openssl (SUSE-SU-2026:2079-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2079-1 advisory. This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when...

7.5CVSS6AI score0.00813EPSS
Exploits0References36
OSV
OSV
added 2026/05/27 11:53 a.m.16 views

SUSE-SU-2026:2092-1 Security update for go1.26-openssl

This update for go1.26-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
OSV
OSV
added 2026/05/26 2:54 p.m.15 views

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
GithubExploit
GithubExploit
added 2026/05/26 6:4 a.m.80 views

Exploit for CVE-2026-5229

CVE-2026-5229 CVE-2026-5229: Form Notify Auth Bypass via LINE...

9.8CVSS5.8AI score0.0073EPSS
Exploits1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handles PLTs. Sometimes it is necessary to use a PLT entry to call a ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, both of which have almost identical logic. However, this iss...

5.5CVSS6AI score0.00246EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.9 views

Keycloak 安全漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak. Keycloak has a security vulnerability that stems from cross-session verification proofs, which rely solely on local user IDs and IdP aliases without binding actual verified upstream identities. This...

6.4CVSS5.8AI score0.00312EPSS
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 10:1 p.m.10 views

Malicious code in aurapro-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector cace553d74971e3660a0a7095662488f531348ba3e756696da5ff0ef9645ab22 The PyPI package aurapro-ui installs its code under the Python import namespace openwebui/ and registers two console scripts in entrypoints.txt —...

5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/18 1:21 p.m.11 views

SUSE CVE-2026-44309

Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. Prior to 0.16.0, gitsign verify and gitsign verify-tag re-encode commit/tag objects through go-git's EncodeWithoutSignature before checking the signature, instead of verifying against the raw git...

5.3CVSS5.8AI score0.00119EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.22 views

HackerSignal: A Large-Scale Multi-Source Dataset Linking Hacker Community Discourse to the CVE Vulnerability Lifecycle

We introduce HackerSignal, a benchmark for temporal out-of-distribution cyber threat intelligence CTI and cross-source CVE linkage. HackerSignal aggregates 7.45 million exact-deduplicated documents from 64 public forum/source identifiers spanning eight source layers and a 36-year window 1990-2026...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/04 12:0 a.m.6 views

Public Voting Records: A Record, or an Attack Surface?

This is a whitepaper discussing a formal methodology for auditing voter-file disclosure regimes against linkage attacks...

5.8AI score
Exploits0
EUVD
EUVD
added 2026/04/27 7:36 p.m.5 views

EUVD-2026-25910

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authorization check in the execute method of the connect-customer-to-wp-user ability, which only requires...

8.8CVSS5.2AI score0.00293EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013796)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013796 advisory. In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidde...

5.7AI score0.00202EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013757)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013757 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...

5.7AI score0.00197EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011068)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011068 advisory. In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: fix module PLTs with mcount Li Huafei reports that mcount-based ftrace with module...

5.7AI score0.00197EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to improper SQL operator precedence in the hasAccessToLabel function. An attacker can access label metadata, including titles, descriptions, colors, and creator information from projects they do not have acce...

5.3CVSS5.8AI score0.00272EPSS
Exploits1References2
Rows per page
Query Builder