Lucene search
K

1127 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44522

Note Mark is an open-source note-taking application. From 0.13.0 to before 0.19.4, the Note Mark application allows authenticated users to upload assets to notes via POST /api/notes/noteID/assets, where the asset filename is provided through the X-Name HTTP request header. This value is stored...

8.6CVSS5.7AI score0.00495EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/05 4:20 p.m.14 views

NocoDB: OAuth Authorization Code Race Condition

Summary Two concurrent token-exchange requests using the same OAuth authorization code could each mint a distinct valid accesstoken, refreshtoken pair, breaking the single-use guarantee that PKCE relies on. Details The token-exchange flow read isused and called markAsUsed as an unconditional upda...

6.3CVSS5.6AI score0.00197EPSS
Exploits0References3Affected Software1
vulnersOsv
vulnersOsv
added 2026/06/03 9:13 p.m.6 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +12 more potentially affected by CVE-2026-44018 via docling (>=2.51.0 <=2.90.0)

docling PYPI version =2.51.0, =0.1.0, =0.19.2, =1.40.0, =0.6.2, =0.0.1, =0.3.0, =1.0.0, =1.6.2, =1.6.2, =0.2.4, =0.0.1, =0.0.2 Source cves: CVE-2026-44018 Source advisory: OSV:GHSA-R3XG-RG9J-67FV...

7.1CVSS5.7AI score0.00113EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/03 9:9 p.m.6 views

auto-survey (>=0.1.0 <=0.2.5), gptparse (=0.3.0) +5 more potentially affected by CVE-2026-44016 via docling (>=2.87.0 <=2.90.0)

docling PYPI version =2.87.0, =0.1.0, =0.40.0, =0.6.2, =0.0.1, =0.0.1, =0.0.2 Source cves: CVE-2026-44016 Source advisory: SNYK:PYTHON-DOCLING-17151857...

8.2CVSS5.7AI score0.00384EPSS
Exploits0
NVD
NVD
added 2026/06/03 1:16 a.m.13 views

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS0.00375EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 12:15 a.m.6 views

CVE-2026-9516

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

5.9AI score0.00375EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/03 12:15 a.m.9 views

CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

5.9AI score0.00375EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 12:15 a.m.10 views

EUVD-2026-34061

Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decodejson advances the input scalar's string pointer past the mark with SvPVset and restores it only on the normal return...

7.5CVSS5.9AI score0.00375EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/29 1:15 a.m.10 views

SUSE CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

5.5CVSS5.8AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/28 6:37 p.m.12 views

CVE-2026-46150

A flaw was found in the Linux kernel's fanotify subsystem. This vulnerability allows for a bypass of permission checks because the fsnotifygetmarksafe function may incorrectly return false for marks on unrelated groups. This could enable an attacker to perform unauthorized actions by circumventin...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.33 views

CVE-2026-46175 f2fs: fix fsck inconsistency caused by FGGC of node block

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

7.1CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 9:36 a.m.38 views

CVE-2026-46175

Summary of CVE-2026-46175 (f2fs FGGC issue) : In the Linux kernel’s f2fs filesystem, Foreground Garbage Collection (FGGC) of node blocks could leave the fsync and dentry marks uncleared, causing fsck to misinterpret migrated data as fsync-written. The root cause is that the marks were not cleared...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:8 a.m.7 views

inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails

...

5.5CVSS5.4AI score0.00123EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/05/27 8:11 p.m.10 views

CVE-2026-46040

A flaw was found in the Linux kernel's inotify subsystem. When the fsnotifyaddinodemarklocked function fails during the creation of a new watch, the system does not properly decrement the watch count. This oversight can lead to a watch count leak, where repeated failures exhaust the maximum user...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 6:30 p.m.44 views

CVE-2026-42197 RELATE Vulnerable to Stored XSS via Unprivileged User Profile

RELATE is a web-based courseware package. Versions prior to commit 555f0efb1c5bd7531c07cd73724d7e566a81f620 have a stored cross-site scripting vulnerability that allows any enrolled student to execute arbitrary JavaScript in an administrator's browser session, potentially leading to full admin...

8.7CVSS0.0031EPSS
Exploits0References3
OSV
OSV
added 2026/05/27 2:17 p.m.5 views

UBUNTU-CVE-2026-46040

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:56 p.m.7 views

CVE-2026-46040

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

5.7AI score0.00123EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/05/27 12:56 p.m.11 views

EUVD-2026-32421

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

5.8AI score0.00123EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/27 12:56 p.m.10 views

CVE-2026-46040

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.40 views

CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails

In the Linux kernel, the following vulnerability has been resolved: inotify: fix watch count leak when fsnotifyaddinodemarklocked fails When fsnotifyaddinodemarklocked fails in inotifynewwatch, the error path calls inotifyremovefromidr but does not call decinotifywatches to undo the preceding...

0.00123EPSS
Exploits0References8
Rows per page
Query Builder