Lucene search
K

2114 matches found

Cvelist
Cvelist
added 2026/05/08 1:31 p.m.34 views

CVE-2026-43335 interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes()

In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: sm8450: Fix NULL pointer dereference in icclinknodes The change to dynamic IDs for SM8450 platform interconnects left two links unconverted, fix it to avoid the NULL pointer dereference in runtime, when a...

0.00107EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/08 12:31 a.m.10 views

OpenStack Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.13 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from manually defining optee nodes in zynqmp.dtsi, thereby disrupting the logic of OP-TEE’s automatic...

5.5CVSS5.8AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/08 12:0 a.m.13 views

PT-2026-38846

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References7
NVD
NVD
added 2026/05/07 10:16 p.m.56 views

CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS0.00206EPSS
Exploits0References3
OSV
OSV
added 2026/05/07 10:16 p.m.5 views

DEBIAN-CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 10:16 p.m.43 views

UBUNTU-CVE-2026-40213

OpenStack Cyborg before 16.0.1 uses rule:allow checkstr='@' as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complet...

7.4CVSS5.9AI score0.00206EPSS
Exploits0References6
Snyk
Snyk
added 2026/05/07 12:9 a.m.10 views

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation due to ineffective hostname verification in the TLS certificate validation. An attacker can bypass expected hostname checks by presenting a certificate signed by the trusted certificate authority but with...

2.2CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/06 2:45 p.m.10 views

BIT-JAVA-MIN-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes

A flaw was found in the libxslt library. The same memory field, psvi, is used for both stylesheet and input data, which can lead to type confusion during XML transformations. This vulnerability allows an attacker to crash the application or corrupt memory. In some cases, it may lead to denial of...

7.5CVSS6.7AI score0.012EPSS
Exploits0References14
OSV
OSV
added 2026/05/06 2:45 p.m.7 views

BIT-JAVA-MIN-2025-10911 Libxslt: use-after-free with key data stored cross-rvt

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6AI score0.00161EPSS
Exploits0References17
SUSE CVE
SUSE CVE
added 2026/05/06 1:40 a.m.8 views

SUSE CVE-2026-43041

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: replace qrtrtxflow radixtree with xarray to fix memory leak radixtreecreate allocates and links intermediate nodes into the tree one by one. If a subsequent allocation fails, the already-linked nodes remain in the tree...

5.8AI score0.00114EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.12 views

PT-2026-38032

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/05 6:21 p.m.9 views

Server-side Request Forgery (SSRF)

Overview firefighter-incident is an Incident Management tool made for Slack using Django Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the CreateJiraBotView class. An attacker can access internal resources and exfiltrate sensitive data by submitting...

9.9CVSS5.9AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 2026/05/05 12:16 p.m.23 views

CVE-2026-42434

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:24 a.m.8 views

EUVD-2026-27251

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:24 a.m.19 views

CVE-2026-42434

OpenClaw 2026.4.5 prior to 2026.4.10 has a sandbox-escape vulnerability. Sandboxed agents can override exec routing by specifying host=node, allowing attackers to bypass sandbox boundaries and route execution to remote nodes instead of the intended sandbox paths. Affected software: OpenClaw; vuln...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:24 a.m.5 views

CVE-2026-42434 OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths...

8.8CVSS6AI score0.00347EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.8 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.32, 2.17.4, and 2.18.1 contained security vulnerabilities. These vulnerabilities were due to a prototype pollution issue in the xml2js library used for parsing XML request bodies. This...

9.4CVSS6.7AI score0.00851EPSS
Exploits1References1
Snyk
Snyk
added 2026/04/29 9:25 p.m.6 views

Prototype Pollution

Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Prototype Pollution via the xml node. An attacker can execute arbitrary code by exploiting prototype pollution when creating or modifying workflows. Note: This is only exploitable if the attacker is...

9.9CVSS6.4AI score0.00478EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/29 9:25 p.m.9 views

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-42232 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-42232 Source advisory: OSV:GHSA-HQR4-H3XV-9M3R...

9.4CVSS6AI score0.00478EPSS
Exploits0
Rows per page
Query Builder