Lucene search
+L

12152 matches found

OSV
OSV
added yesterday5 views

ROOT-APP-NPM-AIKIDO-2026-10724 AIKIDO-2026-10724 in @rootio/vm2 - Patched by Root

Root has patched AIKIDO-2026-10724 in the @rootio/vm2 package for Root:npm. Multiple fixed versions available...

6.1AI score
Exploits0
Cvelist
Cvelist
added 2 days ago34 views

CVE-2026-49353 9Router: Local-Only Access Gate Bypass in 9router via Host Header SpoofING

9Router is an AI router & token saver. In 0.4.45 and earlier, 9Router's src/dashboardGuard.js local-only access gate used Host and Origin headers in isLocalRequest to protect /api/mcp/, /api/tunnel/, and /api/cli-tools/, allowing header spoofing in reverse proxy or tunnel deployments to reach MCP...

7.5CVSS0.00357EPSS
Exploits0References4
CVE
CVE
added 2 days ago33 views

CVE-2026-49353

Summary (CVE-2026-49353): 9Router before 0.4.46 has a local‑only access gate in src/dashboardGuard.js that relies on Host and Origin headers to classify requests as local. In proxied/tunneled deployments (reverse proxy, Cloudflare Tunnel, Tailscale), these headers are attacker‑controlled, enablin...

7.5CVSS6.1AI score0.00357EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

6.3AI score0.00176EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 2 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

6.3AI score0.00176EPSS
Exploits5References6
RedHat Linux
RedHat Linux
added 3 days ago6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

7.1AI score0.00176EPSS
Exploits5References6
CVE
CVE
added 3 days ago12 views

CVE-2025-8412

The CVE-2025-8412 entry concerns the SUSE Virtual Machine Driver Pack. A BUFFER overflow can occur in the RtlQueryRegistryValues function when an attacker able to modify the registry interacts with the driver, affecting integrity. Affected scope is the Virtual Machine Driver Pack up to the build ...

2CVSS6.1AI score0.0009EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago5 views

EUVD-2025-210459

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score0.0009EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2025-8412

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in SUSE Virtual Machine Driver Pack allows an attacker with the ability to modify the registry to affect the integrity of the driver. We're not aware of a feasible way to exploit this currently. This issue affect...

2CVSS6.1AI score0.0009EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 3 days ago6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 3 days ago11 views

Malicious code in flick-test-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 67f05e70375ac31032fb4fc3abf302d1c1122bf01504f810aa74d9fe59066d36 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago7 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected role

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM x86 shadow paging mechanism. This vulnerability occurs when a host page directory entry PDE mapping is changed from within the guest, leading to an unexpected role mismatch in shadow paging. This mismatch can cause a...

6.3AI score0.00176EPSS
Exploits5References6
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in abuden223 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 16b3eb424174fa150faf06029c6808e9bb0e7e235b73c0b9fc8a6fe33e32fa8b The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago7 views

Malicious code in nottuff5 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e18070e680629849560dab1723a73f80d61312d0a9efe429b0c8f43b2177bbd The tarball ships auto-publish.sh, a script that republishes the same payload under 100 distinct npm names ishowfeet1-ishowfeet20, nottuff1-nottuff30...

6.2AI score
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago6 views

Malicious code in omglucidesotuff (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d144d98f0e90909ee371acfeeec0ad2ffe44450335ddf7f7a58f71a53dc7b107 The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...

6.1AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 4 days ago12 views

Malicious code in pure-folder-three (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e83bf74d7c84c48a1a478d7bb40bbd899c4fda613f1512b66184d3de478b480 [email protected] executes attacker-controlled shell commands on install and on import. The postinstall entry src/build.js decodes an obfuscate...

6.3AI score
Exploits0References2
OSV
OSV
added 6 days ago6 views

RLSA-2026:36956 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: net/sched: ets: Always remove class from active list before deleting in etsqdiscchange CVE-2025-71066 kernel: sctp: revalidate list cursor after sctpsendmsgtoasoc in SCTPSENDALL...

7.8CVSS6.6AI score0.00176EPSS
Exploits5References5
NVD
NVD
added last week10 views

CVE-2026-45196

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a GPU register access which can lead to privilege escalation...

7.8CVSS0.00106EPSS
Exploits0References1
NVD
NVD
added last week5 views

CVE-2026-45203

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

7.8CVSS0.00092EPSS
Exploits0References1
EUVD
EUVD
added last week7 views

EUVD-2026-43043

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory write outside the permitted range of memory for the host kernel. A TOCTOU bug existed where a malicious driver could modify values in memory after firmware validation but befo...

6.1AI score0.00092EPSS
Exploits0References1
Rows per page
Query Builder