Lucene search
K

3880 matches found

NVD
NVD
added 2026/06/20 4:17 p.m.10 views

CVE-2026-56325

Capgo before 12.128.2 uses ILIKE pattern matching instead of exact matching for appid lookup in the preview subdomain resolver, allowing underscore characters in appid to act as SQL wildcards. Attackers can create apps with appids differing by one character at underscore positions to cause...

3.1CVSS0.00215EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/20 12:28 a.m.14 views

kernel: mptcp: fix slab-use-after-free in __inet_lookup_established

A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. Due to incorrect memory allocation for IPv6 subflow child sockets, a use-after-free vulnerability exists. A remote attacker could exploit this by triggering concurrent lookups in the kernel's hash table, potentially leadin...

9.8CVSS6.5AI score0.004EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51144

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description The preview subdomain resolver uses ILIKE pattern matching instead of exact matching for app id lookup. This allows underscore characters within the app id to function as SQL wildcards. An attacker...

3.1CVSS5.9AI score0.00215EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/19 9:42 p.m.9 views

SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 9:42 p.m.9 views

GHSA-4VRG-R928-H5VV SpiceDB: Checks involving relations with caveats can result in unconditional permission when conditional permission is expected

Impact Under concurrency, CheckPermission and CheckBulkPermissions can return PERMISSIONSHIPHASPERMISSION for a resource, permission, subject whose correct answer is PERMISSIONSHIPCONDITIONALPERMISSION. You are impacted if all of the following hold: 1. Your schema has a permission combining...

3.7CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/19 8:16 p.m.11 views

DEBIAN-CVE-2026-49342

YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as /../yard-cache-secret.html is joine...

5.3CVSS5.8AI score0.00273EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in ntfs-3g

A properly crafted NTFS image can lead to a out-of-bounds access vulnerability, caused by an unsanitized attribute length in ntfs inodelookupbyname, in NTFS-3G 2021.8.22...

7.8CVSS6.5AI score0.00418EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: cachefiles: Fixed the dentry leak in cachefilesopenfile. A dentry leak may occur when a lookup cookie and a cull operation are performed concurrently. P1 | P2 -----------------------------------------------------------...

5.5CVSS6.5AI score0.00234EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not trigger BUGON due to ENOMEM from btrfslookupextentinfo in walkdownproc. We have properly handled errors here. ENOMEM is not fatal; we return the error instead...

5.5CVSS6.3AI score0.00238EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qlt24xxhandleabts The commit 8f394da36a36 “scsi: qla2xxx: Drop TARGETSCFLOOKUPLUNFROMTAG” caused the qlt24xxhandleabts function to return early if tcmqla2xxxfindcmdbytag failed to find a command...

4.7CVSS6.1AI score0.00229EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed the requestsock leak in sk lookup helpers A customer reported a requestsocket leak in a Calico cloud environment. We found that a BPF program was performing a socket lookup, taking a reference count of the socket. It w...

5.5CVSS5.4AI score0.00265EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fixed the rxrpclocal leak in rxrpclookuppeer. It is necessary to call rxrpcPutlocal for the peer candidate before kfree, as it holds a reference to rxrpclocal. DH: v2: The peer freeing code has been abstracted into a...

5.5CVSS5.1AI score0.00235EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in aspell

In GNU Aspell 0.60.8, objstack has a heap-based buffer overflow in the acommon::ObjStack::duptop function called from acommon::StringMap::add and acommon::Config::lookuplist...

7.8CVSS7.3AI score0.00549EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCKRCUFREE The Bind lookup operation is executed under RCU; therefore, ensure that a socket does not disappear during the middle of a lookup operation...

5.5CVSS6.2AI score0.00156EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fixed the use-after-free issue related to the DRM bridge. A recent DRM implementation that claimed to simplify support for “transparent bridges” and handling probe deferments ironically exposed a...

5.5CVSS5.2AI score0.00236EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in binutils

A issue was discovered in the Binary File Descriptor BFD library also known as libbfd, as distributed in GNU Binutils 2.31. An invalid memory access exists in the bfdstabsectionfindnearestline function in syms.c. Attackers could exploit this vulnerability to cause a denial of service application...

5.5CVSS6.5AI score0.01326EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is a standards-based, open-source printing system for Linux and other Unix-like operating systems. Starting from version 2.0.0 and before version 2.4.6, CUPS logged data to the logging service after the connection was closed, when it should have logged the data just before that...

7.1CVSS7AI score0.01395EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

A flaw was discovered in the IPv6 module of the Linux kernel. The arg.result parameter was not used consistently in fib6rulelookup; sometimes rt6info was used, and other times fib6info. This issue was not accounted for in other parts of the code, where rt6info was expected to be used...

5.5CVSS6.7AI score0.00198EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in isc-dhcp

In ISC DHCP 4.4.0 - 4.4.3, and ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addOption, it increments the refcount field of the option. However, there is no corresponding call to optiondereference to decrement the refcount field. The function addOptio...

6.5CVSS6.7AI score0.00664EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: USB: fixed a memory leak caused by using debugfslookup. When calling debugfslookup, the result must be processed with dput, otherwise memory leaks will occur over time. To simplify things, simply call debugfslookupandremove, whic...

5.5CVSS5.2AI score0.00176EPSS
Exploits0References2
Rows per page
Query Builder