Lucene search
+L

68 matches found

OSV
OSV
added 2026/07/10 2:44 p.m.4 views

CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5523 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc

Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc...

5.9AI score0.00029EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 12:16 p.m.2 views

SUSE-SU-2026:2488-1 Security update for python-lxml

This update for python-lxml fixes the following issue - CVE-2026-41066: information disclosure via untrusted XML input leading to local file read bsc1263254...

7.5CVSS5.9AI score0.00324EPSS
Exploits1References3
RubySec
RubySec
added 2026/06/19 12:0 a.m.6 views

Concurrent Ruby - `ReentrantReadWriteLock` read-count overflow grants a write lock without exclusivity

Summary Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is used as WRITELOCKHELD...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/08 3:17 p.m.141 views

CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

0.00171EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 8:16 a.m.7 views

DEBIAN-CVE-2026-10233

A security vulnerability has been detected in Assimp up to 6.0.4. Affected by this issue is the function HL1MDLLoader::readsequenceinfos of the file HL1MDLLoader.cpp of the component Half-Life 1 MDL Loader. The manipulation of the argument aiString leads to out-of-bounds read. The attack needs to...

4.8CVSS5.3AI score0.00113EPSS
Exploits0References1
NVD
NVD
added 2026/05/29 8:16 p.m.16 views

CVE-2026-4387

StrongDM Desktop Application before 23.74.0 Desktop Client before 53.77.0 on Microsoft Windows stores authentication state, including a JSON Web Token and asymmetric key material, in cleartext in a per-user state file located at C:\Users\.sdm\state.kv. The file is protected only by default...

2CVSS0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

2CVSS5.8AI score0.00132EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drbd: fixed the issue of null-pointer dereference during local read operations. In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: c reqmodreq, what, NULL, &m; The handler for...

5.5CVSS5.2AI score0.00122EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 1:51 a.m.48 views

CVE-2025-48520

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash...

6.9CVSS0.00099EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.12 views

Tunnelblick 安全漏洞

Tunnelblick is a graphical user interface tool for the OpenVPN client developed by Tunnelblick. There are security vulnerabilities in versions 3.3beta26 to 9.0beta01 of Tunnelblick. These vulnerabilities stem from a symbolic link follow-up vulnerability in tunnelblick-helper, which may allow any...

6.8CVSS5.8AI score0.00242EPSS
Exploits1References1
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:2 a.m.4 views

drbd: fix null-pointer dereference on local read error

...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
EUVD
EUVD
added 2026/03/25 12:30 p.m.3 views

EUVD-2026-15211

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.7AI score0.00122EPSS
Exploits0References6
NVD
NVD
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS0.00122EPSS
Exploits0References5
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References7
OSV
OSV
added 2026/03/25 11:16 a.m.7 views

UBUNTU-CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/25 10:26 a.m.22 views

CVE-2026-23285 drbd: fix null-pointer dereference on local read error

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

0.00122EPSS
Exploits0References5
CVE
CVE
added 2026/03/25 10:26 a.m.16 views

CVE-2026-23285

CVE-2026-23285 is a Linux kernel vulnerability fixed in the DRBD path: in drbd_request_endio(), READ_COMPLETED_WITH_ERROR can pass a NULL peer_device to __req_mod(), leading to a null pointer dereference inside drbd_set_out_of_sync(). The mitigation described in the advisory is to obtain the peer...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/03/25 10:26 a.m.10 views

CVE-2026-23285 drbd: fix null-pointer dereference on local read error

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/03/25 10:26 a.m.6 views

CVE-2026-23285

In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbdrequestendio, READCOMPLETEDWITHERROR is passed to reqmod with a NULL peerdevice: reqmodreq, what, NULL, &m; The READCOMPLETEDWITHERROR handler then unconditionally...

5.5CVSS5.2AI score0.00122EPSS
Exploits0
Rows per page
Query Builder