Lucene search
K

36134 matches found

Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.3 views

CVE-2026-53167

In the Linux kernel, the following vulnerability has been resolved: fuse: limit FUSENOTIFYRETRIEVE to uptodate folios FUSENOTIFYRETRIEVE must be limited to uptodate folios; !uptodate folios can contain uninitialized data. Since FUSENOTIFYRETRIEVE is intended to only return data that is already in...

5.5CVSS5.6AI score0.00176EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:6 p.m.6 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS5.9AI score0.00168EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/24 4:30 p.m.5 views

EUVD-2026-38955

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix leaking freebds While reclaiming the tx queue we fast forward the write pointer to drop any data in flight. These dropped frames are not added back to the pool of free bds. We also need to tell the netdev that ...

5.8AI score0.00376EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-51981

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the bcmgenet network driver where free bds buffer descriptors are leaked. During the reclamation of the tx queue, the write pointer is fast-forwarded to drop data in...

7.5CVSS5.9AI score0.00376EPSS
Exploits0References8
NVD
NVD
added 2026/06/23 6:18 p.m.10 views

CVE-2026-54324

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS0.00275EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/23 6:7 p.m.37 views

CVE-2026-54324 Daytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId join

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...

6.5CVSS0.00275EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 6:7 p.m.18 views

CVE-2026-54324

CVE-2026-54324 affects Daytona API service (NestJS) used in Daytona’s notification WebSocket gateway. The cross-tenant flaw allowed any authenticated user to join another organization’s realtime channel by binding a client-supplied organization ID to the corresponding room without verifying membe...

6.5CVSS6.3AI score0.00275EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 1:5 p.m.7 views

EUVD-2026-38240

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References1
CVE
CVE
added 2026/06/22 1:5 p.m.9 views

CVE-2026-12888

CVE-2026-12888 describes an HTML injection vulnerability in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens. The issue allows interface manipulation by an attacker who can insert limited HTML content, including links, into the webhook payload. Affects Canarytoke...

5.1CVSS5.9AI score0.00286EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:5 p.m.29 views

CVE-2026-12888 HTML injection in the Canarytoken Google Chat notification

An HTML injection vulnerability exists in the Google Chat webhook notification sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90...

5.1CVSS0.00286EPSS
Exploits0References1
Wolfi
Wolfi
added 2026/06/19 8:24 p.m.11 views

CVE-2026-41178 vulnerabilities

Vulnerabilities for packages: gatus, hydra, knative-eventing, tekton-pipelines, witness, crossplane-provider-sql, rancher-webhook, traefik, rancher-system-agent, crossplane-provider-family-aws, datadog-agent, calico, neuvector-sigstore-interface, k8sgpt, xeol, rancher-agent, containerd, gcsfuse,...

5.3CVSS5.9AI score0.00237EPSS
Exploits0
Wolfi
Wolfi
added 2026/06/19 8:24 p.m.16 views

GHSA-5WRP-CWCJ-Q835 vulnerabilities

Vulnerabilities for packages: gatus, hydra, knative-eventing, tekton-pipelines, witness, crossplane-provider-sql, rancher-webhook, traefik, rancher-system-agent, crossplane-provider-family-aws, datadog-agent, calico, neuvector-sigstore-interface, k8sgpt, xeol, rancher-agent, containerd, gcsfuse,...

5.9AI score
Exploits0
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: Wifi: ath12k – Prevent sending WMI commands to firmware during a firmware crash Currently, we encounter the following kernel call trace when a firmware crash occurs. This occurs because the host sends WMI commands to the...

5.5CVSS6.5AI score0.00137EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nexthop: Memory leaks in the nexthop notification chain listeners have been fixed. Syzkaller identified memory leaks that can be addressed by executing the following commands: ip nexthop add id 1 blackhole devlink dev reload...

7.1CVSS6AI score0.00211EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-net: The recursive rtnllock function occurs during the probe operation. This deadlock appears in a stack trace like this: virtnetprobe rtnllock virtioconfigChangedWork netdevNotifyPeers rtnllock This occurs when the VMM...

5.5CVSS5.8AI score0.00106EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Wifi: mac80211 – Reject VHT operation mode for unsupported channel widths Notifications related to VHT operation mode are not defined for channel widths below 20 MHz. Specifically, 5 MHz and 10 MHz are not valid under the VHT...

5.5CVSS5.2AI score0.00119EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211hwsim: fixed a typographical error in the frequency notification. The NAN notification refers to a frequency of 5745 MHz, which corresponds to channel 149, not 5475—which is not a valid channel at all. This could le...

5.7AI score0.00145EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Wifi: iwlwifi: mvm – Do not read beyond the mfuart notification. In the event that the firmware sends a notification claiming to have more data than it actually does, we will read beyond the allocated space for the notification. ...

5.5CVSS6.2AI score0.00265EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A website could have obscured the fullscreen notification by using a dropdown select input element. This could have caused user confusion and potentially led to spoofing attacks. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

4.3CVSS6.4AI score0.00937EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Thunderbird, Firefox

A website could have obscured the full-screen notification by using a URL that was processed by an external program, such as a mailto URL. This could have caused confusion among users and potentially led to spoofing attacks. This vulnerability affects Firefox 116, Firefox ESR 115.2, and Thunderbi...

6.5CVSS6.7AI score0.00657EPSS
Exploits0References2
Rows per page
Query Builder