Lucene search
K

19534 matches found

Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.5 views

CVE-2026-43261

In the Linux kernel, the following vulnerability has been resolved: arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited to leak information through branch prediction side channels. This...

5.5CVSS5.7AI score0.00128EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/06 11:28 a.m.4 views

CVE-2026-43237

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpugemvaioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amdgpugemvaioctl function, key updates include: - Moved the logic for managing the last update fence...

5.7AI score0.00124EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2026/05/06 7:18 a.m.73 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Checker & Mitigator A simple, safe vulnerabili...

7.8CVSS6.2AI score0.96775EPSS
Exploits228
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.14 views

PT-2026-37601

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The TSV110 processor is susceptible to the Spectre-BHB Branch History Buffer attack. This issue allows for the leakage of information via branch prediction side channels, which are...

7.8CVSS5.9AI score0.00415EPSS
Exploits4References414
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-43261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: Add support for TSV110 Spectre-BHB mitigation The TSV110 processor is vulnerable to the Spectre-BHB Branch History Buffer attack, which can be exploited ...

5.5CVSS6.5AI score0.00128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/05 6:10 p.m.10 views

JupyterHub has cross-origin form POSTs bypass XSRF (CWE-352)

Summary JupyterHub's XSRF protection updated in 4.1.0 inappropriately treated requests with Sec-Fetch-Mode: no-cors as same-origin requests, which they are not, bypassing XSRF checks. The JSON API is not affected, only HTTP form endpoints, such as /hub/spawn and /hub/accept-share, meaning attacke...

5.4CVSS5.8AI score0.00159EPSS
Exploits1References4Affected Software1
RustSec
RustSec
added 2026/05/05 12:0 p.m.10 views

Signature Verification on AVX2 Platforms Mishandles Edge Case

The AVX2 implementation of ML-DSA verification incorrectly implemented the usehint function, mishandling an edge case that should lead to signature rejection. Impact An attacker could make the ML-DSA verifier accept a crafted invalid signature under a maliciously generated verification key, if th...

5.8AI score
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/05 3:12 a.m.19 views

CVE-2026-39852

A flaw was found in io.quarkus:quarkus-vertx-http. A remote attacker can exploit an authorization bypass vulnerability by including semicolons, also known as matrix parameters, in HTTP requests. This allows bypassing path-based HTTP security policies, enabling unauthorized access to protected...

8.8CVSS5.8AI score0.00432EPSS
Exploits0References4
Amazon
Amazon
added 2026/05/05 12:0 a.m.14 views

Important: kernel-livepatch-6.12.74-98.124

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

7.8CVSS6AI score0.96775EPSS
Exploits228
Packet Storm News
Packet Storm News
added 2026/05/05 12:0 a.m.4 views

Internet of Things Security: A Survey on Common Attacks

The exponential growth of the Internet of Things IoT has integrated connected devices into various sectors like smart cities, digital health, and Industry 4.0, generating vast amounts of real-time data to support intelligent decision-making. However, this widespread adoption is fundamentally...

5.8AI score
Exploits0
OSV
OSV
added 2026/05/04 9:24 p.m.6 views

GHSA-RPFR-X88X-XWCW Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

9CVSS5.7AI score0.0032EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 9:24 p.m.15 views

Pelican Web UI Affected by a Privilege Escalation Attack

Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface WebUI for various versions between v7.21 and v7.24. Upon further investigation, the Pelican team discovered this attack allows any...

9CVSS5.7AI score0.0032EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/04 5:16 p.m.13 views

CVE-2026-42027

Arbitrary Class Instantiation via Model Manifest in Apache OpenNLP ExtensionLoader Versions Affected: before 1.9.5, before 2.5.9, before 3.0.0-M3 Description: The ExtensionLoader.instantiateExtensionClass, String method loads a class by its fully-qualified name via Class.forName and invokes its...

9.8CVSS0.00692EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/04 4:55 p.m.4 views

firefox: thunderbird: Mitigation bypass in the File Handling component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the File Handling component...

6.5CVSS5.7AI score0.00191EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/04 4:55 p.m.4 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/04 1:40 p.m.5 views

CVE-2026-6266

A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider IDP identity to an existing AAP user account based on email matching without verifying email ownership. This allows a remote attacker to potentially hijack a...

8.3CVSS5.7AI score0.00397EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/04 10:13 a.m.6 views

CVE-2026-6526

A flaw was found in Wireshark, a network protocol analyzer. By processing a specially crafted Real-Time Streaming Protocol RTSP packet, a remote attacker could cause the Wireshark application to crash, leading to a denial of service. This vulnerability affects the RTSP protocol dissector...

6.5CVSS5.8AI score0.00124EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/04 9:49 a.m.11 views

CVE-2026-6537

A flaw was found in Wireshark. A remote attacker could exploit a vulnerability in the ZigBee protocol dissector by crafting a malicious packet. This could lead to a crash of the Wireshark application, resulting in a denial of service DoS for the user. Mitigation To mitigate this issue, users can...

6.5CVSS5.8AI score0.0018EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/04 9:18 a.m.7 views

CVE-2026-6524

A flaw was found in Wireshark, a widely used network protocol analyzer. A remote attacker could exploit a vulnerability within the MySQL protocol dissector, the part of the software that interprets MySQL network communications. This could lead to a denial of service, causing the Wireshark...

6.5CVSS5.8AI score0.00124EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/05/04 6:29 a.m.8 views

CVE-2026-40974

A flaw was found in Spring Boot's Cassandra auto-configuration. This vulnerability allows an adjacent attacker to bypass hostname verification during SSL Secure Sockets Layer connection establishment to Cassandra. This could enable a man-in-the-middle attack, potentially leading to unauthorized...

9.8CVSS5.7AI score0.00182EPSS
Exploits0References4
Rows per page
Query Builder