Lucene search
K

2186 matches found

RedHat Linux
RedHat Linux
added 6 days ago7 views

kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. A local attacker with privileges on the host system could exploit a vulnerability in how KVM handles shadow page table entries SPTEs during memory-mapped I/O MMIO operations. By manipulating guest page table entrie...

8.1CVSS6AI score0.00184EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago111 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

3.7CVSS0.00407EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 6 days ago4 views

CVE-2026-60000

sshd in OpenSSH before 10.4 allows remote attackers to cause a denial of service resource consumption from excessive authentication attempts because MaxAuthTries was mishandled for GSSAPIAuthentication...

7.5CVSS6AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-56291

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 10.4 Description The sshd component allows remote attackers to cause a denial of service through resource consumption. This occurs due to the mishandling of the MaxAuthTries variable during GSSAPIAuthentication, which...

7.5CVSS6.1AI score0.00407EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/23 4:40 p.m.7 views

EUVD-2026-38523

GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idnatounicodeinternal. The affected code is not present in libidn2...

4CVSS5.9AI score0.0011EPSS
Exploits1References2
CVE
CVE
added 2026/06/23 4:40 p.m.14 views

CVE-2026-57053

CVE-2026-57053 affects GNU libidn before 1.44, with out-of-bounds reads of uninitialized memory in the ToUnicode APIs due to mishandling in idna_to_unicode_internal; the vulnerable code is not present in libidn2. The CVSSv3.1 base score is 4.0 (Medium), with LOCAL attack vector, HIGH complexity, ...

4CVSS5.9AI score0.0011EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.12 views

PT-2026-51573

Name of the Vulnerable Software and Affected Versions GNU libidn versions prior to 1.44 Description An issue exists in the ToUnicode APIs due to mishandling in the idna to unicode internal function, which can lead to out-of-bounds reads of uninitialized memory. Recommendations Update to version...

4CVSS5.8AI score0.0011EPSS
Exploits1References12
ATTACKERKB
ATTACKERKB
added 2026/06/22 7:37 a.m.8 views

CVE-2026-44911

Authorization handling for component configuration verification requests in Apache NiFi 1.15.0 through 2.9.0 allows clients with read access to submit proposed configuration properties. The proposed properties override current configuration, enabling users with read access to invoke predefined...

2.3CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
Qualys Blog
Qualys Blog
added 2026/06/15 4:0 p.m.14 views

What Changed in OWASP Top 10 2025 and Recommendations for Each Category

Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...

5.9AI score
Exploits0
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.17 views

Apple macOS 后置链接漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Sequoia 15.4 and earlier contained a backlink vulnerability, which was caused by improper handling of symbolic links. This vulnerability could allow applications to...

5.5CVSS5.3AI score0.0014EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 p.m.16 views

CVE-2026-21017

Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...

5.5CVSS5.4AI score0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.8 views

Libwebsockets 安全漏洞

Libwebsockets is a standardized network library open-sourced by the lws-team. Versions of Libwebsockets 4.5.8 and earlier contain security vulnerabilities. These vulnerabilities stem from the lwssshParseplaintext function in the SSH Protocol Handler component’s plugins/protocollwssshbase/sshd.c...

6.9CVSS5.3AI score0.00429EPSS
Exploits0References8
Hacker One
Hacker One
added 2026/05/30 7:56 a.m.20 views

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

5.8AI score
Exploits0
CVE
CVE
added 2026/05/26 5:24 p.m.48 views

CVE-2026-24194

CVE-2026-24194 affects the NVIDIA GPU Display Driver for Linux. It is a vulnerability in a kernel-mode layer handler that can allow improper permission handling. Exploitation could lead to denial of service, privilege escalation, information disclosure, data tampering, and code execution. The iss...

7.8CVSS5.9AI score0.00152EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/26 8:19 a.m.12 views

EUVD-2026-31804

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dylan Kuhn Geo Mashup allows Stored XSS. This issue affects Geo Mashup: from n/a through 1.13.18...

6.5CVSS5.8AI score0.00171EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2026/05/21 12:0 a.m.30 views

VulnCheck KEV: CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

10CVSS5.8AI score0.18914EPSS
In wildExploits1References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in TeXeVe-bin

In axohelp.c, before version 1.3 in axohelp, and in axodraw2 before version 2.1.1b, sprintf is handled incorrectly. This issue is present in distributions like TeXLive and other collections...

9.8CVSS7.3AI score0.01875EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in poppler-22, poppler

In Poppler 22.07.0, the PDFDoc::savePageAs function in PDFDoc.c allows attackers to cause a denial-of-service attack the application crashes with SIGABRT by manipulating a PDF file in which the xref data structure is improperly handled during the getCatalog process. Note that this vulnerability i...

6.5CVSS6.7AI score0.00921EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A issue was discovered in l2capsockrelease in net/bluetooth/l2capsock.c in the Linux kernel before version 6.4.10. There is a use-after-free issue, as the children of an sk are handled incorrectly...

7.8CVSS6.7AI score0.0056EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in python-psutil

psutil also known as python-psutil from version 5.6.5 onwards may have a double-free issue. This issue occurs due to improper handling of reference counts within a while loop or for loop, which converts system data into a Python object...

7.5CVSS6.9AI score0.03522EPSS
Exploits0References2
Rows per page
Query Builder