Lucene search
K

1175 matches found

ATTACKERKB
ATTACKERKB
added 2026/07/06 9:20 p.m.5 views

CVE-2026-34599

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, there is an authenticated command injection vulnerability in the GetLogs Livewire component which allows users with team membership lowest privilege member role to execute...

8.8CVSS6.2AI score0.01385EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-53027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: fix missing run load for vcn0 in attrdatagetblocklocked When a compressed or sparse attribute has its clusters frame-aligned, vcn is rounded down to t...

5.5CVSS6.1AI score0.00155EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:29 p.m.5 views

EUVD-2026-38913

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

5.8AI score0.00521EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 4:29 p.m.12 views

CVE-2026-53045

CVE-2026-53045 concerns the Linux kernel memory subsystem, specifically the tegra124-emc component. The issue is that the check to determine whether DLL (Delay-Locked Loop) is enabled in the EMRS register was reversed: DLL is actually enabled when bit A0 is low. A fix to the check was applied in ...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53045 memory: tegra124-emc: Fix dll_change check

In the Linux kernel, the following vulnerability has been resolved: memory: tegra124-emc: Fix dllchange check The code checking whether the specified memory timing enables DLL in the EMRS register was reversed. DLL is enabled if bit A0 is low. Fix the check...

9.8CVSS5.8AI score0.00521EPSS
Exploits0References11
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux

A flaw was discovered in the way RTAS handled memory accesses in user space for kernel communication. In a guest system that is under lockdown usually due to Secure Boot, running on top of PowerVM or KVM hypervisors pseries platform, a root-like local user could exploit this flaw to further...

7.2CVSS6.7AI score0.00501EPSS
Exploits1References1
Veracode
Veracode
added 2026/06/17 11:35 a.m.11 views

Authentication Bypass

Spring Web Services is vulnerable to Authentication Bypass. The vulnerability is due to X509AuthenticationProvider issuing a fully authenticated X509AuthenticationToken based solely on certificate-to-user mapping, without enforcing standard account status checks such as disabled, locked, expired,...

5.4CVSS5.3AI score0.00148EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2026/06/09 7:0 a.m.5 views

Schneider Electric EasyLogic T150 and Saitel DP RTU

GENERAL SECURITY RECOMMENDATIONS We strongly recommend the following industry cybersecurity best practices. Locate control and safety system networks and remote devices behind firewalls and isolate them from the business network. Install physical controls so no unauthorized personnel can access...

8.7CVSS6.5AI score0.0024EPSS
Exploits0References11
CVE
CVE
added 2026/06/08 3:46 p.m.34 views

CVE-2026-46293

CVE-2026-46293 : In the Linux kernel, the mpfs-ccc clock driver suffers an out-of-bounds access during output registration UBSAN reports. The hws array is allocated for two PLLs and four output dividers, but IDs include two DLLs and their outputs, which the driver does not support. The documented...

7.1CVSS5.4AI score0.00126EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/05 8:33 p.m.8 views

GHSA-H4MP-G9C6-XWPH Shopper: Missing authorization on Product admin Livewire sub-form components

Impact Sub-form Livewire components used in the product editor Edit, Inventory, Seo, Shipping, Files had no authorization on their store method. Any authenticated panel user, regardless of role, could mutate any product's pricing, stock, SEO metadata, shipping dimensions, and attached media witho...

6.5CVSS5.6AI score0.00221EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.9 views

CVE-2025-12624

Active access tokens are not revoked or invalidated when a user account is locked within WSO2 Identity Server. This failure to enforce revocation allows previously issued, valid tokens to remain usable, enabling continued access to protected resources by locked user accounts. The security...

6CVSS5.5AI score0.00177EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.9 views

CVE-2026-6341

Mattermost Plugins versions =11.5 11.1.5 10.13.11 11.3.4.0 fail to have API-level checks on which groups the user can create issues or attach comments to which allows a user that is member of multiple groups to create issues to a locked group via direct API requests. Mattermost Advisory ID:...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.10 views

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.4AI score0.00343EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 4:16 p.m.9 views

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 3:25 p.m.7 views

CVE-2026-42321

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/03 3:25 p.m.12 views

EUVD-2026-34097

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.19 views

PT-2026-45959

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:8 a.m.9 views

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:37 a.m.14 views

CVE-2026-9798

A flaw was found in Keycloak, an open-source identity and access management solution. When a user account is temporarily locked due to repeated failed login attempts, an attacker with valid client credentials can exploit the Client-Initiated Backchannel Authentication CIBA flow to bypass this...

4.3CVSS5.7AI score0.00206EPSS
Exploits0References3
Snyk
Snyk
added 2026/05/28 3:53 a.m.11 views

Authentication Bypass by Primary Weakness

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness via the Client-Initiated Backchannel Authentication CIBA flow. An...

4.3CVSS5.9AI score0.00206EPSS
Exploits0References2
Rows per page
Query Builder