Lucene search
K

19534 matches found

RedhatCVE
RedhatCVE
added 2026/05/08 11:1 a.m.9 views

CVE-2026-6915

A flaw was found in MongoDB. An authenticated user could exploit an authorization flaw in the user management command. This allows them to make limited changes to authentication-related data associated with another user account. Such modifications could affect how authentication is performed for...

6.3CVSS5.6AI score0.00167EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/08 8:42 a.m.33 views

CVE-2026-43284

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

8.8CVSS6.1AI score0.93235EPSS
Exploits31References4
GithubExploit
GithubExploit
added 2026/05/08 7:24 a.m.107 views

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag mitigation script This script: 1. Block...

7.8CVSS6AI score0.93235EPSS
Exploits31
SUSE CVE
SUSE CVE
added 2026/05/08 2:19 a.m.10 views

SUSE CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/05/07 9:5 p.m.15 views

Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy

Summary In version 5.3.0 of the Symfony bundle, Webauthn\Bundle\Policy\ClientOverridePolicy defaulted to allowing all client overrides, including userVerification. A client could send "userVerification": "discouraged" in the assertion or attestation options request to override a server-configured...

5.9AI score
Exploits0References2Affected Software1
GithubExploit
GithubExploit
added 2026/05/07 8:32 p.m.93 views

Exploit for CVE-2026-38360

CVE-2026-38360: Path Traversal in dash-uploader !CVEhttps...

6AI score0.05982EPSS
Exploits5
OSV
OSV
added 2026/05/07 8:42 a.m.7 views

BIT-KEYDB-2026-23631 redis-server Lua use-after-free may allow remote code execution

Redis is an in-memory data structure store. In all versions of redis-server with Lua scripting, an authenticated attacker can exploit the master-replica synchronization mechanism to trigger a use-after-free on replicas where replica-read-only is disabled or can be disabled, which may lead to remo...

8.8CVSS6.1AI score0.01782EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 7:1 a.m.4 views

SUSE-SU-2026:1741-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues Updated to Mozilla Thunderbird 140.10.1: MFSA 2026-34 bsc1262230: - CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. - CVE-2026-6747: Use-after-free in the WebRTC component. - CVE-2026-6748: Uninitialized memory in the...

9.8CVSS6AI score0.04938EPSS
Exploits1References32
RedHat Linux
RedHat Linux
added 2026/05/07 4:51 a.m.18 views

python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API

A flaw was found in the Python webbrowser.open API. If a specially crafted URL containing "%action" is processed, an attacker could bypass a previous mitigation for CVE-2026-4519. This bypass allows for command injection into the underlying shell, potentially leading to arbitrary code execution...

7.1CVSS6.7AI score0.00308EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/06 9:59 p.m.8 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the GET /api/v1/stable/dags/tasks endpoint via improper tenant checks in the listTasksByDAGIds function. An attacker can access sensitive task metadata belonging to other tenants by...

6.5CVSS5.8AI score0.00181EPSS
Exploits0References2
OSV
OSV
added 2026/05/06 6:24 p.m.4 views

GHSA-C4RQ-3M3G-8WGX Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

7.5CVSS5.8AI score
Exploits0References2
Cisco
Cisco
added 2026/05/06 4:0 p.m.15 views

Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vulnerability

A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco 350 Series Managed Switches SG350 and Cisco 350X Series Stackable Managed Switches SG350X firmware could allow an authenticated, remote attacker to cause a denial of service DoS condition on an affected device. This...

7.7CVSS5.9AI score0.00389EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/06 12:30 p.m.8 views

EUVD-2026-27822

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.8AI score0.00128EPSS
Exploits0References9
NVD
NVD
added 2026/05/06 12:16 p.m.11 views

CVE-2026-43277

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghesnew prevents allocating too large records, by checking if they're bigger than GHESESTATUSMAXSIZE currently, 64KB. Yet, the allocation is done with the...

5.5CVSS0.00114EPSS
Exploits0References8
NVD
NVD
added 2026/05/06 12:16 p.m.13 views

CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.5CVSS0.00128EPSS
Exploits0References8
CVE
CVE
added 2026/05/06 11:29 a.m.20 views

CVE-2026-43280

CVE-2026-43280 is a Linux kernel vulnerability in the drm/xe module where a malicious user can supply a malformed pat_index via the madvise IOCTL, triggering an out-of-bounds read from xe->pat.table due to missing bounds checking in xe_pat_index_get_coh_mode() (validated only by a call in madv...

7.1CVSS5.8AI score0.00118EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/06 11:29 a.m.38 views

CVE-2026-43280 drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on patindex to prevent OOB kernel read in madvise When user provides a bogus patindex value through the madvise IOCTL, the xepatindexgetcohmode function performs an array access without validating bounds...

7.1CVSS0.00118EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/06 11:28 a.m.29 views

CVE-2026-43261 arm64: Add support for TSV110 Spectre-BHB mitigation

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

0.00128EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.10 views

CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/06 11:28 a.m.17 views

CVE-2026-43261

The CVE-2026-43261 entry concerns the Linux kernel ARM64 arm64: TSV110 Spectre-BHB mitigation. The root cause is Spectre-BHB leakage via branch-prediction side channels on TSV110; mitigation consists of adding the TSV110 MIDR to the software mitigation list in the kernel. Affected component: Linu...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder