Lucene search
K

18345 matches found

RedHat Linux
RedHat Linux
added yesterday6 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-43184

The Grav Admin2 plugin getgrav/grav-plugin-admin2 before 2.0.4 embeds a global JavaScript variable window.GRAVCONFIG in the Admin2 SPA bootstrap page at /grav/admin and its subroutes. This object is returned in every unauthenticated response and discloses the server URL, API prefix, admin base...

8.7CVSS6.1AI score0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-15291

The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...

7.5CVSS5.9AI score0.0047EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 5 days ago8 views

Photon OS 4.0: Linux PHSA-2026-4.0-1054

An update of the linux package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1054. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

9.8CVSS6.6AI score0.00742EPSS
Exploits11References111
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-42550

The Hydra Booking – Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.2.1 via the /wp-json/hydra-booking/v1/booking/details/id REST endpoint. This is due to the getBookingDetails callback only...

4.3CVSS5.9AI score0.00435EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 6 days ago4 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS6.5AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago5 views

kernel: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN

A flaw was found in the Linux kernel's KVM Kernel-based Virtual Machine x86 shadow paging mechanism. This use-after-free vulnerability arises from incorrect handling of Guest Frame Numbers GFNs when guest page tables are modified. A local attacker with control over a guest virtual machine could...

8.8CVSS5.9AI score0.00126EPSS
Exploits0References5
Cvelist
Cvelist
added last week31 views

CVE-2026-48492 Snipe-IT's selectlist visibility is too permissive

Snipe-IT is an IT asset/license management system. Prior to version 8.6.1, the GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web...

7.1CVSS0.00385EPSS
Exploits0References2
CVE
CVE
added last week14 views

CVE-2026-14454

Imager for Perl prior to 1.033 mishandles unsigned EXIF IFD entry counts by treating them as signed, potentially causing an attempt to allocate a block near the address space and terminating a worker process. This can be triggered by crafting an image with crafted EXIF data. The published fix is ...

9.8CVSS6AI score0.00394EPSS
Exploits0References3Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2026/07/08 12:0 a.m.3 views

Security update for podman (important)

openSUSE security update: security update for podman ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:21244-1 Rating: important References: bsc1262856 bsc1266125 Cross-References: CVE-2025-22869 CVE-2025-47913 CVE-2025-47914 CVE-2025-52881...

9CVSS6.9AI score0.01008EPSS
Exploits2References2
CERT
CERT
added 2026/07/06 12:0 a.m.5 views

HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability

Overview HP Printers in the Deskjet 2800 Series running firmware version =TBP1CN2612AR contain a missing authorization vulnerability tracked as CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi credentials, management...

7.5CVSS6.2AI score0.00271EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/07/01 6:54 p.m.6 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References5
OSV
OSV
added 2026/07/01 5:50 p.m.2 views

CVE-2026-50195 containerd: CRI checkpoint import allows local image tag poisoning

containerd is an open-source container runtime. Versions prior to 2.3.2, 2.2.5 and 2.1.9 contain a vulnerability in the CRI checkpoint import process where it fails to validate the image references specified within a checkpoint image's configuration. An attacker with permissions to create pods ca...

5.6CVSS6.3AI score0.00354EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/07/01 12:59 p.m.25 views

AI-Generated Browser Ransomware Abuses Chromium API on Windows, Linux, macOS, Android

Cybersecurity researchers have flagged a new malware artifact generated using DeepSeek that constructed a novel attack path combining "unrealistic browser-malware concepts with a real browser capability" to turn it into a working ransomware technique that runs entirely inside the browser on both...

8.8CVSS7.2AI score0.99735EPSS
Exploits9
NVD
NVD
added 2026/07/01 5:16 a.m.9 views

CVE-2026-12113

The Appointment Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.02 via the cpabcappointmentsfilterlist. This makes it possible for authenticated attackers, with contributor-level access and above, to extract customer...

4.3CVSS0.00228EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/06/29 10:17 a.m.9 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 2:54 a.m.4 views

gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability

A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security DTLS packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This...

7.5CVSS5.8AI score0.01335EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.9 views

Fedora 43 : mariadb10.11 (2026-efc64a64ec)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-efc64a64ec advisory. MariaDB 10.11.18 Upstream Release notes: https://mariadb.com/docs/release-notes/community-server/10.11/10.11.18 Upstream Changelog:...

10CVSS6AI score0.00998EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.8 views

SUSE CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.8AI score0.00128EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/23 10:11 p.m.12 views

Snipe-IT's selectlist visibility is too permissive

Impact The GET /api/v1/object/selectlist API endpoint is missing an authorization check. Any user who can log into Snipe-IT - regardless of permissions - can retrieve a paginated list of all user accounts using only their web session cookie. No API token or elevated permissions are required. This...

7.1CVSS5.9AI score0.00385EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder