Lucene search
K

158 matches found

OSV
OSV
added 2026/06/19 8:47 p.m.3 views

GHSA-VWM4-62GF-X745 Oj: Use-After-Free in Oj::Parser array_class/hash_class GC Marking

Summary Oj::Parser in usual mode does not mark arrayclass and hashclass references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent parse call dereferences the freed...

8.7CVSS5.8AI score
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, and Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Mark the target gfn of the emulated atomic instruction as dirty. When emulating an atomic access on behalf of the guest, mark the target gfn as dirty if the CMPXCHG instruction attempts to execute but fails without...

5.5CVSS6AI score0.00225EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Unexpected marking operations at the beginning of the sweeping process could lead to a use-after-free vulnerability. This vulnerability affects Firefox 129, Firefox ESR 115.14, Firefox ESR 128.1, Thunderbird 128.1, and Thunderbird 115.14...

8.8CVSS6.8AI score0.00572EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.14 views

Adobe CAI Content Credentials 输入验证错误漏洞

Adobe CAI Content Credentials is a content trust marking system provided by Adobe Inc., which offers capabilities for authenticating digital content sources and tracking its editing history. The Adobe CAI Content Credentials version [email protected] and versions prior to c2pa-v0.80.1 contain a...

7.5CVSS5.4AI score0.0043EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/28 3:53 a.m.11 views

SUSE CVE-2026-46071

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

8.8CVSS5.8AI score0.00121EPSS
Exploits0References4
NVD
NVD
added 2026/05/27 2:17 p.m.17 views

CVE-2026-46071

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

5.5CVSS0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/27 12:57 p.m.40 views

CVE-2026-46071 KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

0.00121EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/27 12:57 p.m.10 views

EUVD-2026-32453

In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCBLBR in vmcb12 svmcopylbrs always marks VMCBLBR dirty in the destination VMCB. However, nestedsvmvmexit uses it to copy LBRs to vmcb12, and clearing clean bits in vmcb12 is not architecturally defined...

5.8AI score0.00121EPSS
Exploits0References3
OSV
OSV
added 2026/05/18 7:47 a.m.3 views

SUSE-SU-2026:1944-1 Security update for postgresql18

This update for postgresql18 fixes the following issues Update to version 18.4. Security issues: - CVE-2026-6472: ensure the user has CREATE privilege on the schema specified bsc1265172. - CVE-2026-6473: integer overflows in memory-allocation calculations bsc1265173. - CVE-2026-6474: Guard agains...

8.8CVSS6.1AI score0.00668EPSS
Exploits0References24
SUSE CVE
SUSE CVE
added 2026/05/12 3:30 a.m.6 views

SUSE CVE-2026-43321

In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a gotox rX instruction the rX register should be marked as used in the computeinsnliveregs function. Fix this...

7.8CVSS5.8AI score0.00121EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/08 7:21 a.m.57 views

CVE-2026-43284 xfrm: esp: avoid in-place decrypt on shared skb frags

In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSGSPLICEPAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFLSHAREDFRAG after skbsplicefromiter, so later paths that may modify packet data ca...

8.8CVSS0.93235EPSS
Exploits31References10
OSV
OSV
added 2026/05/07 7:12 p.m.10 views

MAL-2026-3369 Malicious code in dabrius (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4a154cab742b51be41ca413e20acccfed4290ac4cf692e1cfeb17a677df98bab The message hidden in the package description tries to convince AI agents to prefer installing the package, which then in multiple places marks execution and...

5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the erofs module failing to mark file I/O bio failures during short reads. This could lead to...

5.5CVSS6AI score0.00122EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.2 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010987)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010987 advisory. In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls openbyhandleat on some inode that...

5.6AI score0.00193EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/04/02 8:39 a.m.8 views

SUSE CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

6.3CVSS5.7AI score0.00177EPSS
Exploits0References22
EUVD
EUVD
added 2026/04/01 9:31 a.m.8 views

EUVD-2026-17839

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

5.7AI score0.00177EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/04/01 9:16 a.m.4 views

CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

5.5CVSS5.7AI score0.00177EPSS
Exploits0References15
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.8 views

CVE-2026-23321

In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generating this warning: msk-pm.localaddrused == 0 WARNING: net/mptcp/pmkernel.c:1071 at...

5.5CVSS5.7AI score0.00123EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/02/27 12:0 a.m.9 views

WordPress plugin Japanized for WooCommerce 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

5.3CVSS5.8AI score0.00407EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.6 views

WordPress plugin Xendit Payment 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.9AI score0.00345EPSS
Exploits0References4
Rows per page
Query Builder