Lucene search
+L

27201 matches found

RedHat Linux
RedHat Linux
added 2026/06/22 9:27 a.m.5 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

7.5CVSS6AI score0.0027EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 6:15 a.m.11 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 3:49 a.m.8 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

7.5CVSS5.8AI score0.0027EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/21 1:26 p.m.5 views

CVE-2026-56299

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...

6.9CVSS5.9AI score0.00391EPSS
Exploits0References3
CVE
CVE
added 2026/06/21 1:26 p.m.20 views

CVE-2026-56299

CVE-2026-56299 (Capgo) affects Capgo prior to 12.128.2. An authentication bypass in the /build/upload/:jobId/* endpoint allows unauthenticated remote attackers to trigger repeated 500 errors by sending OPTIONS requests, bypassing authentication middleware and invoking tusProxy logic with invalid ...

6.9CVSS5.9AI score0.00391EPSS
Exploits0References2
OSV
OSV
added 2026/06/21 1:26 p.m.3 views

CVE-2026-56299 Capgo - Denial of Service via Unauthenticated OPTIONS Request to /build/upload Endpoint

Capgo before 12.128.2 contains an authentication bypass vulnerability in the /build/upload/:jobId/ endpoint that allows unauthenticated attackers to trigger consistent 500 errors. Remote attackers can send OPTIONS requests to bypass authentication middleware and invoke tusProxy logic with invalid...

6.9CVSS6AI score0.00391EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 7:26 p.m.22 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS0.00127EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 7:26 p.m.18 views

CVE-2026-48980

The PAM module pam_usb is affected by a local-access vulnerability in earlier releases (pre-0.9.2) where getenv() in a PAM context returns attacker-controlled values for XRDP_SESSION, DISPLAY, and TMUX when the environment is manipulated by a local user. These values influence local-vs-remote ses...

6.3CVSS5.3AI score0.00127EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 7:26 p.m.3 views

CVE-2026-48980 pam_usb: getenv() used in PAM context allows environment variable injection into local-check logic

pamusb provides hardware authentication for Linux using removable media. In versions prior to 0.9.2, getenv environment variables XRDPSESSION, DISPLAY and TMUX allow environment variable injection into local-check logic. These environment variables influence whether a current session is local or...

6.3CVSS5.9AI score0.00127EPSS
Exploits0References4
OSV
OSV
added 2026/06/18 2:32 p.m.3 views

SUSE-SU-2026:22160-1 Security update for unbound

This update for unbound fixes the following issues - CVE-2026-32792: Packet of death with DNSCrypt bsc1265583. - CVE-2026-33278: Possible remote code execution during DNSSEC validation bsc1265587. - CVE-2026-40622: "Ghost domain name" variant bsc1265581. - CVE-2026-41292: Parsing a long list of...

10CVSS6.5AI score0.01272EPSS
Exploits0References23
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37554

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.6AI score0.0008EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2025-210213

In multiple functions of btmsec.cc, there is a possible way for an attacker to intercept SMS messages due to a logic error in the code. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:19 p.m.13 views

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00155EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:54 a.m.12 views

CVE-2026-46903

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Business Logic Infrastructure Security. Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

8.8CVSS0.00402EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 7:24 a.m.27 views

CVE-2026-0063

CVE-2026-0063 affects the Android framework component PhoneInterfaceManager.java, where a logic error in setAllowedCarriers could disable carrier restrictions, enabling local privilege escalation with no additional privileges and no user interaction required. The issue is cataloged as an Elevatio...

10CVSS5.6AI score0.00155EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/17 7:9 a.m.28 views

CVE-2026-0071

Summary: CVE-2026-0071 affects SettingsLib where a logic error may skip a permission check, enabling local escalation of privilege with no additional privileges or user interaction required. The vulnerability is described across NVD, ENISA EUVD, CVE records, and PT/security bulletins, all citing ...

10CVSS5.6AI score0.00155EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/17 5:53 a.m.37 views

CVE-2026-0019

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.0008EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 5:53 a.m.17 views

CVE-2026-0019

CVE-2026-0019 affects SettingsLib and enables a logic-error path that could disable system components, enabling local privilege escalation without extra privileges or user interaction. The issue is classified as Elevation of Privilege (High) in Android 17 release notes; patches are included in An...

7.8CVSS5.6AI score0.0008EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/17 5:53 a.m.19 views

CVE-2025-48571

CVE-2025-48571 affects the btm_sec.cc code path and enables possible interception of SMS messages due to a logic error, leading to remote information disclosure with no extra privileges, requiring user interaction. The connected ENISA and NVD/NVD-derived entries corroborate this CVE as of Android...

4.3CVSS5.7AI score0.00191EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.30 views

PT-2026-50229

Name of the Vulnerable Software and Affected Versions Android versions prior to June 2026 Description A logic error in the setAllowedCarriers function within PhoneInterfaceManager.java allows for the disabling of carrier restrictions. This flaw can lead to local escalation of privilege without...

10CVSS5.4AI score0.00155EPSS
Exploits0References4
Rows per page
Query Builder