Lucene search
K

1879 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Avoid using prinfo with a spin lock in cblistinitgeneric. prinfo is called with the rtp-cbsgbllock spin lock locked. Since prinfo calls printk, which may sleep, this will result in a bug like the following: 0.206455...

5.5CVSS5.8AI score0.00134EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Firmware: stratix10-svc – fixed an error in saving controller data. The incorrect use of platformsetdrvdata and devsetdrvdata has also been corrected. Both these functions refer to the same data, and they override each other...

5.8AI score0.00176EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/19 10:14 p.m.14 views

rsync: rsync server leaks arbitrary client files

A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...

6.8CVSS7.1AI score0.01761EPSS
Exploits1References5
Debian
Debian
added 2026/05/19 8:43 p.m.77 views

[SECURITY] [DSA 6281-1] gnutls28 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6281-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 19, 2026 https://www.debian.org/security/faq -...

9.8CVSS6AI score0.01335EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/05/19 12:51 a.m.10 views

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.9AI score0.00304EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/18 8:12 p.m.7 views

GHSA-FJQ3-FFVR-VM46 OpenTelemetry eBPF Instrumentation: Java TLS ioctl kprobe allows kernel memory disclosure

Summary The Java TLS ioctl probe reads user-controlled ioctl pointers with bpfproberead instead of bpfprobereaduser. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. Details The vulnerable path is in...

3.8CVSS5.8AI score0.00174EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/17 6:51 p.m.52 views

CVE-2026-8721 Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char , which routes through Perl's default typemap to SvPVnolen. The Perl length is discarded. The C code or OpenSSL internally calls strlen on the buffer...

0.00447EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-8367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for ...

4.8CVSS5.5AI score0.0011EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/13 6:30 p.m.6 views

EUVD-2026-30042

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References2
OSV
OSV
added 2026/05/13 4:17 p.m.7 views

UBUNTU-CVE-2026-8367

aria2c accepts a server certificate with incorrect Extended Key Usage EKU. If the attackers compromise a certificate with the associated private key issued for a different purpose, they may be able to reuse it for TLS server authentication...

4.8CVSS5.8AI score0.0011EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.8 views

F5 BIG-IP和F5 BIG-IQ 安全漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 5:46 p.m.9 views

CVE-2026-29204

Insufficient ownership check in clientarea.php allows an authenticated client area user to submit requests using another user’s addonId without any ownership validation leading to unauthorized access to the victim's account...

9.1CVSS5.8AI score0.00319EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40289

The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat correctly when building the contents of the SCRAM client-final-message. A malicious backend that sends a SCRAM server-final-message with a long nonce can trigger a stack overflow...

8.1CVSS6AI score0.00372EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/11 9:10 p.m.7 views

CVE-2026-43889

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/08 3:16 p.m.9 views

CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

7.8CVSS0.00143EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.7 views

CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

7.8CVSS5.9AI score0.00143EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.6 views

CVE-2025-67486

Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. Versions 22.0.2 and earlier contains an authenticated remote code execution vulnerability in the user extrafields functionality. User-controlled input from the "computed value" field is pass...

8.6CVSS6.7AI score0.00881EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.6 views

CVE-2026-43380

In the Linux kernel, the following vulnerability has been resolved: hwmon: pmbus/q54sj108a2 fix stack overflow in debugfs read The q54sj108a2debugfsread function suffers from a stack buffer overflow due to incorrect arguments passed to bin2hex. The function currently passes 'data' as the...

6AI score0.00143EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2026/05/08 1:16 p.m.19 views

CVE-2025-66171

The CloudStack Backup plugin has an improper access logic in versions 4.21.0.0 and 4.22.0.0. Anyone with authenticated user-account access in CloudStack 4.21.0.0+ environments, where this plugin is enabled and have access to specific APIs can create new VMs using backups of any other user of the...

6.5CVSS0.0053EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/07 10:32 p.m.13 views

utcp-http vulnerable to SSRF via attacker-controlled OpenAPI servers[0].url in HTTP communication protocol

Summary The utcp-http plugin is vulnerable to a blind Server-Side Request Forgery SSRF caused by a trust-boundary inconsistency between manual discovery and tool invocation. registermanual validates the discovery URL against an HTTPS / loopback allowlist, but calltool and calltoolstreaming reuse...

4.7CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder