Lucene search
K

719 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.7 views

PYSEC-2026-258 Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

9.1CVSS7.5AI score0.00849EPSS
Exploits1References6
OSV
OSV
added 2026/06/29 9:45 a.m.3 views

SUSE-SU-2026:2675-1 Security update for tomcat

This update for tomcat fixes the following issues Update to Tomcat 9.0.118: - CVE-2026-41284: Unbounded read in WebDAV LOCK and PROPFIND handling bsc1265162. - CVE-2026-41293: HTTP/2 request headers not validated bsc1265163. - CVE-2026-42498: WebSocket authentication header exposure bsc1265165. -...

9.8CVSS5.9AI score0.01339EPSS
Exploits2References15
ATTACKERKB
ATTACKERKB
added 2026/06/26 7:41 p.m.8 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.8AI score0.0009EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 6:9 p.m.8 views

CVE-2026-53084

A flaw was found in the Linux kernel's Berkeley Packet Filter BPF subsystem. This vulnerability involves a lock ordering problem that occurs when BPF programs acquire certain locks that depend on the mmaplock. This issue could potentially lead to system instability or unexpected behavior due to...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 9:16 a.m.6 views

CVE-2026-53198

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of a deferred filelock on double SMB2CANCEL A deferred byte-range lock an SMB2LOCK that blocks registers an async work on conn-asyncrequests via setupasyncwork, with cancelfn = smb2removeblockedlock and...

8.8CVSS0.00466EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51956

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In passthrough mode, the invalidate mapping operation within the dm cache policy smq is called simultaneously by multiple workers without proper lock protection. This lack of...

7.8CVSS5.8AI score0.00125EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/18 1:47 p.m.9 views

EUVD-2026-37890

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/18 1:47 p.m.9 views

EUVD-2026-37889

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these...

6.5CVSS5.3AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2026/06/08 5:16 p.m.8 views

UBUNTU-CVE-2026-46311

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drmexec to take both locks i.e vm root bo and wptrobj bo to access the mapping data properly. This fixes the security issue of unmap the wptrobj while a queue creation is in...

7.8CVSS5.3AI score0.00112EPSS
Exploits0References5
Amazon
Amazon
added 2026/06/08 12:0 a.m.10 views

Important: nvidia-persistenced

Issue Overview: NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

8.8CVSS6AI score0.00206EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.17 views

PT-2026-47370

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified openSUSE Tumbleweed versions prior to kernel-devel-7.0.12-1.1 Description A race condition exists in the pseries/papr-hvpipe component. A deadlock can occur if an interrupt fires on the same CPU whi...

9.8CVSS5.4AI score0.00457EPSS
Exploits0References73
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.10 views

CVE-2025-67604

A use of potentially dangerous function vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer 6.4 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4....

5.3CVSS5.5AI score0.00424EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 3:49 p.m.48 views

CVE-2026-46262

CVE-2026-46262 concerns the Linux kernel ASoC fsl_xcvr module. The issue stems from a deadlock: a read lock is acquired while a write lock is already held in the same thread within fsl_xcvr_mode_put(), which is invoked by the upper ALSA core via snd_ctl_elem_write(). This caused a hung task. The ...

5.5CVSS5.8AI score0.00091EPSS
Exploits0References7Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 3:25 p.m.8 views

CVE-2026-42321 GLPI has stored XSS in asset locks

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 3:25 p.m.20 views

CVE-2026-42321

CVE-2026-42321 affects GLPI before 10.0.25 and 11.0.7, where a technician can store a stored XSS payload in the asset locked tab. The vulnerability is mitigated by upgrading to GLPI 10.0.25 or 11.0.7, which contain the patch. The connected sources confirm the affected versions and the fix version...

8.4CVSS5.8AI score0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 3:25 p.m.44 views

CVE-2026-42321 GLPI has stored XSS in asset locks

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

8.4CVSS0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 4:53 p.m.9 views

CVE-2026-45283

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before 32.0.2, and 33.0.0 to before 33.0.1, the fileslock app did not properly validate the ownership of files when processing DAV lock and unlock requests. An authenticated user could lock or...

6.3CVSS5.7AI score0.00211EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.11 views

SUSE CVE-2026-46154

In the Linux kernel, the following vulnerability has been resolved: schedext: Read scxroot under scxcgroupopsrwsem in cgroup setters scxgroupsetweight,idle,bandwidth cache scxroot before acquiring scxcgroupopsrwsem, so the pointer can be stale by the time the op runs. If the loaded scheduler is...

5.5CVSS5.8AI score0.0012EPSS
Exploits0References3
OSV
OSV
added 2026/05/28 10:16 a.m.7 views

UBUNTU-CVE-2026-46168

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.36 views

CVE-2026-46168 mptcp: fix scheduling with atomic in timestamp sockopt

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using locksockfast atomic context around socksettimestamp and socksettimestamping is unsafe, as both helpers can sleep. Replace locksockfast with sleepable locksock/releaseso...

0.00128EPSS
Exploits0References7
Rows per page
Query Builder