Lucene search
K

8635 matches found

Chainguard
Chainguard
added 2026/06/23 8:17 a.m.7 views

GHSA-WFPW-MMFH-QQ69 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, kube-logging-operator, pact-broker-docker-fips, ruby3.4-rails, pact-broker-docker, logstash, ruby3.2-rails, ruby3.3-rails, logstash-fips...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/06/23 8:17 a.m.5 views

GHSA-9CV2-CFXC-V4V2 vulnerabilities

Vulnerabilities for packages: ruby4.0-rails, kube-logging-operator, pact-broker-docker-fips, ruby3.4-rails, pact-broker-docker, logstash, ruby3.2-rails, ruby3.3-rails, logstash-fips...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/23 2:29 a.m.7 views

SUSE CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

7.5CVSS6.1AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.9 views

PT-2026-51588

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Red Hat Satellite affected versions not specified Description A session management issue in the MCP Server allows unauthenticated attackers to hijack active administrative sessions. This occur...

7.8CVSS5.9AI score0.00153EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.13 views

PT-2026-51592

Name of the Vulnerable Software and Affected Versions foreman-mcp-server affected versions not specified Description Two distinct logging mechanisms in the software can expose sensitive session and authentication data. One mechanism logs session identifiers, which function as authentication...

6.2CVSS5.8AI score0.00152EPSS
Exploits0References8
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/22 9:53 p.m.12 views

Malicious code in zod-pino (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c536e5a7ee3d5542e1ac822b30ba4525e52b2ae0c964d0c2470468d91b9b41c8 The package is published under a name suggesting a Pino logger integration for Zod, but the tarball contents do not match that purpose and exhibit...

5.9AI score
Exploits0References6
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/22 9:4 p.m.7 views

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Container Storage Interface (CSI) are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher

Summary The following vulnerabilities, which can affect IBM Storage Scale Container Storage Interface CSI CVE-2026-9167 are now fixed in Storage Scale Container Native 5.2.3.8 / CSI 2.14.7 or higher and Storage Scale Container Native 6.0.1.0 / CSI 3.1.0 or higher. Vulnerability Details...

5.9AI score
Exploits0Affected Software1
NVD
NVD
added 2026/06/22 4:16 p.m.13 views

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS0.00406EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 1:55 p.m.4 views

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 1:55 p.m.7 views

EUVD-2026-38278

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.11 views

PT-2026-51332

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.93-1.1 Description A heap-based buffer overflow occurs when DNSSEC validation and query logging are simultaneously enabled. The issue arises when logging DS or DNSKEY replies that contain unsupported algorithm or...

5.9CVSS6.1AI score0.00406EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-12725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing...

5.9CVSS6.2AI score0.00406EPSS
Exploits0References4
OSV
OSV
added 2026/06/21 7:54 a.m.6 views

ROOT-APP-MAVEN-CVE-2021-45105 CVE-2021-45105 in io.root.org.apache.logging.log4j:log4j-core - Patched by Root

Root has patched CVE-2021-45105 in the io.root.org.apache.logging.log4j:log4j-core package for Root:Maven. Multiple fixed versions available...

5.9CVSS6.9AI score0.99999EPSS
Exploits20
NVD
NVD
added 2026/06/20 4:17 p.m.14 views

CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS0.00288EPSS
Exploits1References2
CVE
CVE
added 2026/06/20 3:24 p.m.21 views

CVE-2026-56304

CVE-2026-56304 affects picklescan versions before 1.0.1. The flaw is an unsafe pickle deserialization through the logging.FileHandler class, allowing unauthenticated attackers to craft malicious pickle payloads to create arbitrary zero-byte files. This can bypass RCE blocklists and lead to filesy...

6.9CVSS6AI score0.00288EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.6 views

CVE-2026-56304

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References3
EUVD
EUVD
added 2026/06/20 3:24 p.m.9 views

EUVD-2026-38123

picklescan before 1.0.1 contains an unsafe pickle deserialization vulnerability allowing unauthenticated attackers to create arbitrary zero-byte files via logging.FileHandler class instantiation. Attackers can exploit this by crafting malicious pickle payloads to bypass RCE blocklists and create...

6.9CVSS6AI score0.00288EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.13 views

SUSE SLES12 Security Update : kernel (SUSE-SU-2026:2450-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2450-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-10263:...

9.8CVSS6.8AI score0.00563EPSS
Exploits10References260
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Ansible

In Ansible, all Ansible Engine versions up to ansible-engine 2.8.5, ansible-engine 2.7.13, and ansible-engine 2.6.19 were logging at the DEBUG level. This led to the disclosure of credentials if a plugin used a library that logged credentials at the DEBUG level. This flaw does not affect Ansible...

7.8CVSS6.3AI score0.00509EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: libie: Do not unroll if fwlog is not supported. The libiefwlogdeinit function can be called during driver unloading, even when firmware logging was never properly initialized. This caused a call trace like this: 148.576156 Oops:...

5.5CVSS5.2AI score0.00121EPSS
Exploits0References1
Rows per page
Query Builder