Lucene search
K

103 matches found

Vulnrichment
Vulnrichment
added 2026/06/22 12:46 p.m.10 views

CVE-2026-54099 Windows-machine-config-operator: windows-machine-config-operator: wicd csr extra-organization allows privilege escalation to system:masters

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/22 12:46 p.m.7 views

EUVD-2026-38233

A flaw was found in the Windows Machine Config Operator WMCO for Red Hat OpenShift Container Platform. The WICD CSR auto-approver validates that a Certificate Signing Request contains the organization system:wicd-nodes but does not reject additional organization values such as system:masters. A...

8.8CVSS5.8AI score0.00073EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.23 views

EUVD-2026-27819

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

5.8AI score0.00129EPSS
Exploits0References7
NVD
NVD
added 2026/05/06 12:16 p.m.28 views

CVE-2026-43256

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

7.8CVSS0.00129EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.6 views

CVE-2026-43256

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

5.7AI score0.00129EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.42 views

CVE-2026-43256 media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update()

In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfeisrregupdate vfeisr iterates using MSMVFEIMAGEMASTERSNUM7 as the loop bound and passes the index to vfeisrregupdate. However, vfe-line array is defined with VFELINENUMMAX4:...

7.8CVSS0.00129EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.15 views

PowerDNS Authoritative 资源管理错误漏洞

PowerDNS Authoritative is a DNS server software developed by PowerDNS Corporation. PowerDNS Authoritative has a resource management vulnerability that can lead to a denial-of-service attack. This vulnerability occurs when the PowerDNS auxiliary servers forward DNS update requests to malicious...

7.5CVSS5.8AI score0.00393EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/05 5:8 a.m.3 views

CVE-2025-12188

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...

4.3CVSS5.3AI score0.00122EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 5:16 a.m.12 views

CVE-2025-12188

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...

4.3CVSS0.00122EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/04 4:27 a.m.2 views

CVE-2025-12188 Posts Navigation Links for Sections and Headings - Free by WP Masters <= 1.0.1 - Cross-Site Request Forgery to Settings Update

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...

4.3CVSS5.3AI score0.00122EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/04 12:0 a.m.7 views

WordPress plugin Posts Navigation Links for Sections and Headings Free by WP Masters 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

4.3CVSS5.7AI score0.00122EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2009-4550

Malware in sbrugna...

7.5CVSS6.4AI score0.01631EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-0762

Malware in sbrugna...

7.5CVSS6.4AI score0.01195EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-0230

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.01033EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/09/02 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-22941

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisheracl, if a user...

8.8CVSS6.8AI score0.01315EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 8:37 p.m.7 views

CVE-2009-4584

admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the adminlog cookie...

7.5CVSS7.5AI score0.01631EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2024/11/18 1:25 p.m.2 views

Security update for SUSE Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security fixes on Python 3.11 interpreter: CVE-2024-7592: Fixed quadratic complexity in parsing -quoted cookie values with backslashes bsc1229873, bsc1230059 CVE-2024-8088: Prevent malformed payload to cause infinite loops in zipfile.Path...

7.5CVSS7.8AI score0.02303EPSS
Exploits3References66
Veracode
Veracode
added 2023/09/11 6:1 a.m.25 views

Denial Of Service

Salt masters is vulnerable to Denial Of Service. The vulnerability is due to the master becoming unresponsive to return requests after receiving several bad packets on the request server, equal to the number of worker threads. This allows an attacker to disrupt the Salt master's normal operation...

5.3CVSS6.7AI score0.01033EPSS
Exploits0References3Affected Software1
Veracode
Veracode
added 2023/09/08 12:24 p.m.29 views

Information Disclosure

Salt masters is vulnerable to Information Disclosure. This vulnerability is due to the cache directory having same base name across different environments. This could lead to sensitive data from one environment being exposed to another environment...

7.8CVSS6.7AI score0.00286EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/09/05 12:30 p.m.23 views

GHSA-QVH6-3J7X-3HQ7 Salt can cause Git Providers to get wrong data

Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongfu...

4.2CVSS5.6AI score0.00286EPSS
Exploits0References5
Rows per page
Query Builder