Lucene search
K

802 matches found

CNNVD
CNNVD
added 2026/05/20 12:0 a.m.13 views

NLnet Labs Unbound 安全漏洞

NLnet Labs Unbound is a high-performance DNS resolver open-sourced by NLnet Labs. Versions of NLnet Labs Unbound 1.25.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by mixed records in the authoritative section, leading to cache poisoning. Attackers could...

10CVSS5.8AI score0.00249EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/17 12:0 a.m.218 views

AI Agents May Always Fall for Prompt Injections

Prompt injection is the most critical vulnerability in deployed AI agents. Despite recent progress, we show that the prevailing defense paradigm data-instruction separation both fails to detect attacks that operate through contextual manipulation and degrades contextually appropriate behavior. We...

5.8AI score
Exploits0
NVD
NVD
added 2026/05/13 1:1 p.m.11 views

CVE-2026-5545

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

6.5CVSS0.00414EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/05/13 3:33 a.m.8 views

SUSE CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References3
CVE
CVE
added 2026/05/11 9:10 p.m.13 views

CVE-2026-43889

Outline is vulnerable prior to 1.7.0 due to the shares.create API accepting both collectionId and documentId and, when published=false, skipping the share-permission check. A subsequent shares.update permits publication using an OR policy (can share collection OR can share document), allowing an ...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/11 9:10 p.m.9 views

CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS5.9AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 9:10 p.m.36 views

CVE-2026-43889 Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share

Outline is a service that allows for collaborative documentation. Prior to 1.7.0, the shares.create API accepts both collectionId and documentId simultaneously and, when published=false, only verifies read access for each—skipping the "share" permission check. A subsequent shares.update authorize...

6.5CVSS0.00211EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.10 views

EUVD-2026-28748

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

5.9AI score0.00131EPSS
Exploits0References3
NVD
NVD
added 2026/05/08 3:16 p.m.15 views

CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

7.1CVSS0.00131EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/08 3:16 p.m.11 views

CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References4
OSV
OSV
added 2026/05/08 3:16 p.m.5 views

UBUNTU-CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

7.1CVSS5.9AI score0.00131EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/08 2:22 p.m.6 views

CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

7.1CVSS5.9AI score0.00131EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:22 p.m.5 views

CVE-2026-43442

In the Linux kernel, the following vulnerability has been resolved: iouring: fix physical SQE bounds check for SQEMIXED 128-byte ops When IORINGSETUPSQEMIXED is used without IORINGSETUPNOSQARRAY, the boundary check for 128-byte SQE operations in ioinitreq validated the logical SQ head position...

5.9AI score0.00131EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.8 views

Microsoft Azure Entra ID 信息泄露漏洞

Microsoft Azure Entra ID is a cloud-based identity and access management service provided by Microsoft Corporation in the United States. There is an information leakage vulnerability in Microsoft Azure Entra ID, which stems from a mixed identity synchronization flaw...

9.3CVSS6AI score0.0091EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/05 3:23 p.m.5 views

CVE-2026-43067

In the Linux kernel, the following vulnerability has been resolved: ext4: handle wraparound when searching for blocks for indirect mapped blocks Commit 4865c768b563 "ext4: always allocate blocks only from groups inode can use" restricts what blocks will be allocated for indirect block based files...

9.8CVSS5.8AI score0.00403EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2026/05/01 9:31 a.m.6 views

WordPress Mixed Media Gallery Blocks plugin <= 3.2.4.4 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin SimpLy Gallery versions = 3.2.4.4...

6.1CVSS5.8AI score0.00276EPSS
Exploits0References1Affected Software1
Snyk
Snyk
added 2026/04/30 6:20 p.m.7 views

Incorrect Authorization

Overview @clerk/nextjs is a Clerk SDK for NextJS Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single auth.protect or has call...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/30 6:20 p.m.3 views

Incorrect Authorization

Overview @clerk/shared is an Internal package utils used by the Clerk SDKs Affected versions of this package are vulnerable to Incorrect Authorization through the createProtect and createCheckAuthorization functions. An attacker can gain access to protected pages or handlers by supplying a single...

7.6CVSS5.8AI score0.00246EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/29 12:0 a.m.5 views

Insufficiently Protected Credentials

Overview Affected versions of this package are vulnerable to Insufficiently Protected Credentials via improper handling of proxy authentication during redirects when distinct proxies are configured for different URL schemes. An attacker can obtain sensitive proxy credentials by intercepting traff...

8.2CVSS5.8AI score0.00639EPSS
Exploits1References2
OSV
OSV
added 2026/04/25 5:49 a.m.10 views

OESA-2026-2043 openssl security update

Security Fixes: Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of...

9.8CVSS6.8AI score0.01059EPSS
Exploits0References7
Rows per page
Query Builder