Lucene search
K

229 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Fribidi

A segmentation fault flaw was discovered in the Fribidi package, affecting the fribidiremovebidimarks function in the lib/fribidi.c file. This flaw allows an attacker to submit a specially crafted file to Fribidi, resulting in a crash and causing a denial of service...

5.5CVSS6.7AI score0.00454EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:32 p.m.5 views

Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

5.4AI score0.00025EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/06/15 5:32 p.m.8 views

GHSA-V3WM-QF9P-C549 Symfony: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense

Description Symfony\Component\HtmlSanitizer\TextSanitizer\UrlSanitizer::parse rejects URLs containing raw Unicode explicit-direction BiDi formatting characters U+202A–U+202E, U+2066–U+2069 as a defense against visual-spoofing of the rendered href. The check covers only the raw UTF-8 forms of thos...

5.4AI score0.00025EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.10 views

PT-2026-49555

Name of the Vulnerable Software and Affected Versions markdown-it affected versions not specified Description A quadratic time complexity issue exists in the smartquotes rule when the typographer: true option is enabled. An attacker can provide markdown input containing a large number of...

5.3CVSS5.2AI score0.00306EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/06/01 4:3 p.m.17 views

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS5.5AI score0.00243EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/31 4:0 a.m.34 views

CVE-2026-10168 OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS0.00243EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/31 4:0 a.m.12 views

CVE-2026-10168

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS6.3AI score0.00243EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/31 4:0 a.m.9 views

CVE-2026-10168 OUSL-GROUP-BrinaryBrains School Student Management System Parents.php marks resource injection

A security vulnerability has been detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected is the function marks of the file application/controllers/Parents.php. The manipulation of the argument param1 leads to improper control...

6.5CVSS6.3AI score0.00243EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 6:20 p.m.9 views

GHSA-9G8X-92Q2-P28F NodeVM observability builtins leak host process and HTTP request data

Summary NodeVM exposes some process-wide observability builtins when they are allowed through require.builtin. The following builtins are not blocked by the dangerous builtin denylist: text diagnosticschannel asynchooks perfhooks These modules are process-wide, not sandbox-local. Sandboxed code c...

8.2CVSS5.8AI score0.00308EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/29 1:16 a.m.9 views

SUSE CVE-2026-46150

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/05/28 9:9 p.m.11 views

CVE-2026-46175

A flaw was found in the Linux kernel's f2fs filesystem. During Foreground Garbage Collection FGGC of node blocks, the system fails to properly clear internal metadata marks. This can lead to filesystem inconsistencies, where the fsck utility may misinterpret the state of migrated data. A local us...

7.1CVSS5.8AI score0.00124EPSS
Exploits0References4
NVD
NVD
added 2026/05/28 10:16 a.m.10 views

CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

7.1CVSS0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 10:16 a.m.11 views

CVE-2026-46150

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

7.1CVSS0.00142EPSS
Exploits0References8
OSV
OSV
added 2026/05/28 10:16 a.m.3 views

UBUNTU-CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

7.1CVSS5.7AI score0.00124EPSS
Exploits0References6
OSV
OSV
added 2026/05/28 10:16 a.m.4 views

UBUNTU-CVE-2026-46150

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

7.1CVSS5.7AI score0.00142EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.7 views

CVE-2026-46175

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

5.8AI score0.00124EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/05/28 9:36 a.m.8 views

EUVD-2026-32802

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix fsck inconsistency caused by FGGC of node block During FGGC node block migration, fsck may incorrectly treat the migrated node block as fsync-written data. The reproduction scenario: root@vm:/mnt/f2fs seq 1 2048 | xargs...

5.8AI score0.00124EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:36 a.m.9 views

CVE-2026-46150

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References9Affected Software1
EUVD
EUVD
added 2026/05/28 9:36 a.m.13 views

EUVD-2026-32777

In the Linux kernel, the following vulnerability has been resolved: fanotify: fix false positive on permission events fsnotifygetmarksafe may return false for a mark on an unrelated group, which results in bypassing the permission check. Fix by skipping over detached marks that are not in the...

5.8AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/05/28 9:36 a.m.36 views

CVE-2026-46150

The CVE-2026-46150 issue affects the Linux kernel fanotify subsystem. It arises because fsnotify_get_mark_safe() may return false for a mark in an unrelated group, bypassing the permission check. The fix patches the logic to skip detached marks that are not in the current group, mitigating the by...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder