Lucene search
K

349 matches found

Debian CVE
Debian CVE
added 4 days ago4 views

CVE-2026-58302

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0
CVE
CVE
added 4 days ago10 views

CVE-2026-58302

CVE-2026-58302 affects the LinuxCNC project, specifically the rtapi_app in linuxcnc-uspace prior to version 2.9.9. The binary is installed with SUID root and loads shared library modules via dlopen() using a user-supplied module name. The validation of the module name is insufficient, allowing pa...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-40241

rtapiapp in linuxcnc-uspace in LinuxCNC before 2.9.9 allows privilege escalation. It is installed SUID root and loads shared library modules via dlopen by using a user-supplied module name. Insufficient validation of the module name allows path traversal, enabling an unprivileged local user to lo...

8.4CVSS5.9AI score0.00152EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/22 11:15 a.m.4 views

atril: evince: xreader: PDF /GoToR action argv injection enables single-click RCE via --gtk-module dlopen

A flaw was found in Atril, Evince and Xreader. A malicious link inside a specially crafted PDF document can cause arbitrary code execution when clicked due to improper quoting of attacker-controlled PDF link-destination fields during remote go-to /GoToR actions. This issue allows an attacker to...

8.4CVSS6.6AI score0.00529EPSS
Exploits0References12
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: A misbehavior occurred when listversions raced with module loading. listversions will first estimate the required space using the dmtargetiteratelistversiongetneeded, &needed call, and then fill the space using the...

4.7CVSS6.3AI score0.00137EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in zsh

In Zsh before version 5.8, attackers who were able to execute commands could regain privileges lost due to the --no-PRIVILEGED option. Zsh failed to overwrite the saved user ID, so the original privileges could be restored by executing MODULEPATH=/dir/with/module zmodload with a module that calls...

7.8CVSS8.2AI score0.00495EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: powerpc64/ftrace: fixed the issue of module loading without patchable function entries. getstubssize assumes that there must always be at least one patchable function entry, which is not always the case modules that export dat...

5.5CVSS6.6AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: bpf: Fixed a UAF Use-After-Free issue caused by a race between btftrygetmodule and loadmodule. While working on code to populate the BTF IDs for modules, I noticed that by the time the initcall is invoked, the module’s BTF can...

7.8CVSS6.3AI score0.00258EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: Module: Fix eshstrndx.shsize=0 OOB access It is trivial to create a module that triggers OOB access with the following code: if info-secstringsstrhdr-shsize – 1 != '\0' Bug: Unable to handle page faults for the address:...

7.1CVSS6.1AI score0.00282EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/16 6:39 a.m.6 views

CVE-2026-47137

A flaw was found in vm2, an open-source virtual machine VM sandbox for Node.js. A remote attacker could bypass a security check designed to prevent the combination of nested environments and disabled module loading. This bypass occurs because a strict equality check for the require option can be...

10CVSS5.8AI score0.00382EPSS
Exploits0References8
Microsoft CVE
Microsoft CVE
added 2026/05/14 8:1 a.m.8 views

jq: stack overflow in module loading on mutual `include`

...

6.8CVSS5.8AI score0.00161EPSS
Exploits1
NVD
NVD
added 2026/05/13 6:16 p.m.12 views

CVE-2026-43998

vm2 is an open source vm/sandbox for Node.js. In 3.10.5, NodeVM's require.root path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed root directory in host context. Because path validation uses path.resolve which does not...

8.5CVSS0.00722EPSS
Exploits1References4
OSV
OSV
added 2026/05/11 6:16 p.m.4 views

UBUNTU-CVE-2026-44777

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/05/11 5:23 p.m.9 views

CVE-2026-44777 jq: stack overflow in module loading on mutual `include`

jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.10 views

jq 安全漏洞

jq is a lightweight and flexible command-line JSON processor developed by jqlang. Jq versions 1.8.2rc1 and earlier have security vulnerabilities. These vulnerabilities stem from the fact that the standard module loader does not perform cyclic checks when modules are included within each other,...

6.8CVSS5.8AI score0.00161EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2026/05/08 7:24 a.m.110 views

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag mitigation script This script: 1. Block...

7.8CVSS6AI score0.93235EPSS
Exploits31
Github Security Blog
Github Security Blog
added 2026/05/07 4:8 a.m.10 views

vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape

Summary NodeVM's builtin allowlist can be bypassed when the module builtin is allowed including via the '' wildcard. The module builtin exposes Node's Module.load, which loads any module by name directly in the host context, completely bypassing vm2's builtin restriction. This allows sandboxed co...

9.9CVSS6.6AI score0.00974EPSS
Exploits1References3Affected Software1
Amazon
Amazon
added 2026/05/05 12:0 a.m.17 views

Important: kernel-livepatch-6.18.20-20.229

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands: echo "install algifaead /bin/fals...

7.8CVSS6AI score0.96267EPSS
Exploits228
Amazon
Amazon
added 2026/05/05 12:0 a.m.16 views

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: crypto: algifaead - Revert to operating out-of-place To mitigate this issue, we recommend that customers disable loading of the algifaead module by running the following commands as an administrator user: echo...

7.8CVSS6.8AI score0.96267EPSS
Exploits228
Packet Storm News
Packet Storm News
added 2026/04/18 12:0 a.m.9 views

Enclawed: A Configurable, Sector-Neutral Hardening Framework for Single-User AI Assistant Gateways

We present enclawed, a hard-fork hardening framework built on top of the OpenClaw single-user personal artificial intelligence AI assistant gateway. enclawed targets deployments that need attestable peer trust, deny-by-default external connectivity, signed-module loading, and a tamper-evident aud...

6AI score
Exploits0
Rows per page
Query Builder