Lucene search
K

343 matches found

EUVD
EUVD
added 2026/06/10 3:34 p.m.9 views

EUVD-2026-36062

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString app/modules/roxywi/classmodels.py:16-30 is the centralised Pydantic validator used on dozens of fields including SSH credential name, username, description, etc. Its...

8.1CVSS5.5AI score0.00304EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:35 p.m.26 views

CVE-2026-48855

Summary: CVE-2026-48855 affects Erlang OTP ssh_sftpd. An authenticated SFTP client can create a symlink inside a chroot that points to the filesystem root; when reading the link via SSH_FXP_READLINK, ssh_sftpd exposes the absolute backend root path (and any symlink targets) instead of the chroote...

6.5CVSS5.5AI score0.00277EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2026/05/27 4:16 a.m.16 views

CVE-2026-2254

Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x, does not apply ACLs on certain API endpoints related to platform mail notfications...

6.3CVSS0.00154EPSS
Exploits0References1
OSV
OSV
added 2026/05/08 11:40 p.m.6 views

GHSA-8G87-J6Q8-G93X Mistune Math Plugin has an XSS Escape Bypass

Summary The mistune math plugin renders inline math $...$ and block math $$...$$ by concatenating the raw user-supplied content directly into the HTML output without any HTML escaping. This occurs even when the parser is explicitly created with escape=True, which is supposed to guarantee that all...

6.1CVSS5.9AI score0.00228EPSS
Exploits1References4
EUVD
EUVD
added 2026/04/20 12:30 a.m.4 views

EUVD-2026-23727

A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function tryprocesslocalfile/tryprocessurl of the file src/ragas/metrics/collections/multimodalfaithfulness/util.py of the component Collections Module. Performing a manipulation of the argument...

7.5CVSS5.4AI score0.00534EPSS
Exploits1References5
SUSE CVE
SUSE CVE
added 2026/01/16 12:27 a.m.8 views

SUSE CVE-2025-68803

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...

4.6CVSS6.4AI score0.00173EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001760 advisory. A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch...

4.7CVSS6.3AI score0.00198EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2026/01/13 4:16 p.m.8 views

CVE-2025-68803

In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL based on the mode bits and not the...

5.9AI score0.00173EPSS
Exploits0References28
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.2 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414321)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414321 advisory. A use-after-free flaw was found in the Linux kernels Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This...

7.8CVSS6.5AI score0.00221EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2024/08/28 12:34 p.m.9 views

kernel: wifi: cfg80211: Lock wiphy in cfg80211_get_station

A vulnerability was found in the Linux kernel in wifi driver in cfg80211getstation function, where the wiphy was not locked before calling rdevgetstation, which lead to a NULL pointer dereference when a station disconnects and reconnects during a work queue operation, resulting in a kernel panic...

5.5CVSS6.8AI score0.00283EPSS
Exploits0References5
NVD
NVD
added 2024/05/31 6:15 a.m.13 views

CVE-2024-23847

Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted...

7.8CVSS7AI score0.0017EPSS
Exploits0References4
OSV
OSV
added 2024/05/16 2:15 p.m.30 views

CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

7.5CVSS6.2AI score
Exploits0References4
OSV
OSV
added 2024/05/16 2:15 p.m.1 views

ALPINE-CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

7.5CVSS6.9AI score0.17444EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/04/11 2:30 a.m.3 views

SUSE CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

5.1CVSS6.9AI score0.17444EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2024/02/07 4:33 p.m.4 views

kernel: ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

7.8CVSS6.8AI score0.00221EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2023/11/07 9:3 a.m.3 views

kernel: ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

7.8CVSS6.6AI score0.00221EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/11/01 12:0 a.m.3 views

Eventlet Security Vulnerabilities

Eventlet is a concurrent networking library for Python. There is a security vulnerability in python-eventlet that stems from a regression introduced in the Red Hat build version that resulted in patches not being applied to all versions of all products...

7.5CVSS6.7AI score0.00802EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2023/05/09 10:1 a.m.4 views

kernel: use-after-free due to race condition in qdisc_graft()

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

4.7CVSS6.5AI score0.00198EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2023/03/30 7:0 a.m.3 views

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet then kernel could be affected.

...

5.5CVSS7.3AI score0.00349EPSS
Exploits0
OSV
OSV
added 2023/03/23 9:15 p.m.7 views

AZL-25740 CVE-2023-1249 affecting package kernel for versions less than 5.15.107.1-2

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 "coredump: Use the vma snapshot in fillfilesnote" not applied yet, then kernel could be affected...

5.5CVSS6.7AI score0.00349EPSS
Exploits0References1
Rows per page
Query Builder