Lucene search
K

34418 matches found

Cvelist
Cvelist
added 2026/04/03 3:15 p.m.22 views

CVE-2026-23441 net/mlx5e: Prevent concurrent access to IPSec ASO context

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent concurrent access to IPSec ASO context The query or updating IPSec offload object is through Access ASO WQE. The driver uses a single mlx5eipsecaso struct for each PF, which contains a shared DMA-mapped context...

0.00089EPSS
Exploits0References5
CVE
CVE
added 2026/04/03 3:15 p.m.15 views

CVE-2026-23441

CVE-2026-23441 is a Linux kernel vulnerability in the net/mlx5e driver. The issue is a race condition where the ASO spinlock is released before the hardware finishes processing a WQE, causing a second operation to overwrite a shared DMA context. The fix introduces a private per-object IPSec ASO c...

4.7CVSS5.7AI score0.00089EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/04/03 1:27 p.m.3 views

JLSEC-2026-27

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest...

8.8CVSS6.8AI score0.4644EPSS
Exploits0References10
OSV
OSV
added 2026/04/03 1:27 p.m.4 views

JLSEC-2026-38

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...

8CVSS6.9AI score0.0152EPSS
Exploits0References6
OSV
OSV
added 2026/04/03 1:27 p.m.5 views

JLSEC-2026-37

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

8.8CVSS7.4AI score0.12403EPSS
Exploits0References12
Snyk
Snyk
added 2026/04/03 3:45 a.m.6 views

Prototype Pollution

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Prototype Pollution in the USEPROFILES function. An attacker can execute arbitrary JavaScript code in the context of the user’s browser by polluting Array.prototype with...

6.1CVSS6.5AI score
Exploits0References2
Snyk
Snyk
added 2026/04/03 3:28 a.m.1 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the cipher.KeyUnwrap function when decrypting a JSON Web Encryption JWE object with a key wrapping algorithm ending in 'KW', except for 'A128GCMKW', 'A192GCMKW', and 'A256GCMKW' and the encryptedkey field is empty...

8.7CVSS5.9AI score0.00651EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.9 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a limit on the number of BO entries; this could lead to resource exhaustion...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.8 views

PT-2026-30011

Name of the Vulnerable Software and Affected Versions Go JOSE versions prior to 4.1.4 and versions prior to 3.0.5 Description Go JOSE, an implementation of the Javascript Object Signing and Encryption standards in Go, is susceptible to a denial of service. When decrypting a JSON Web Encryption JW...

7.5CVSS6.3AI score0.00651EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.4 views

PT-2026-30162

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/amdgpu subsystem where the number of BO list entries is not limited. Userspace can provide an arbitrary number of BO list entries via the bo...

9.8CVSS5.9AI score0.00443EPSS
Exploits0References470
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-30136

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the net/mlx5e module where concurrent access to the IPSec ASO context could occur. This was due to a race condition where the ASO spinlock was releas...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References483
ATTACKERKB
ATTACKERKB
added 2026/04/02 7:19 p.m.3 views

CVE-2026-34847

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. The redirect query parameter is directly used to construct a URL and redirect the user without proper validation. This issue has been patched in...

4.7CVSS5.8AI score0.00401EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/04/02 3:31 p.m.4 views

GHSA-RX66-HJ7G-28H7 Keycloak: Replay of action tokens via improper handling of single-use entries

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS6AI score0.0025EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/02 3:31 p.m.4 views

EUVD-2026-18210

A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...

5.3CVSS5.9AI score0.0025EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/02 3:31 p.m.8 views

EUVD-2026-18204

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mark O’Donnell MSTW League Manager allows DOM-Based XSS.This issue affects MSTW League Manager: from n/a through 2.10...

6.5CVSS5.9AI score0.00133EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/02 1:48 p.m.16 views

CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module

OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, the Aggiornamenti Updates module in OpenSTAManager contains a database conflict resolution feature op=risolvi-conflitti-database that accepts a JSON array of SQL statements via PO...

8.8CVSS0.00668EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 12:44 p.m.404 views

CVE-2026-4282

CVE-2026-4282 describes a flaw in Keycloak where the SingleUseObjectProvider is not properly isolated by type and namespace. An unauthenticated attacker can forge authorization codes, potentially leading to creation of admin-capable access tokens and privilege escalation. The available documents ...

7.4CVSS5.8AI score0.00424EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/02 10:53 a.m.3 views

CVE-2026-34889

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Brainstorm Force Ultimate Addons for WPBakery Page Builder allows DOM-Based XSS.This issue affects Ultimate Addons for WPBakery Page Builder: from n/a before 3.21.4...

6.5CVSS5.9AI score0.00173EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/04/02 8:42 a.m.3 views

SUSE CVE-2026-5279

Object corruption in V8 in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.2AI score0.0034EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.4 views

CVE-2026-4947

Addressed a potential insecure direct object reference IDOR vulnerability in the signing invitation acceptance process. Under certain conditions, this issue could have allowed an attacker to access or modify unauthorized resources by manipulating user-supplied object identifiers, potentially...

7.1CVSS5.9AI score0.00174EPSS
Exploits0References1
Rows per page
Query Builder