Lucene search
+L

15121 matches found

cve
cve
added 2026/06/24 4:30 p.m.8 views

CVE-2026-53078

The CVE-2026-53078 issue is a Linux kernel BPF sock_ops vulnerability. When a BPF sock_ops program accesses ctx fields with the same destination and source registers (dst_reg == src_reg), SOCK_OPS_GET_SK() and SOCK_OPS_GET_FIELD() failed to zero the destination register in the !fullsock/!locked_t...

7.8CVSS5.7AI score0.00112EPSS
Exploits0References2
euvd
euvd
added 2026/06/24 4:30 p.m.7 views

EUVD-2026-38946

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix same-register dst/src OOB read and pointer leak in sockops When a BPF sockops program accesses ctx fields with dstreg == srcreg, the SOCKOPSGETSK and SOCKOPSGETFIELD macros fail to zero the destination register in the...

5.7AI score0.00112EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/24 4:29 p.m.4 views

CVE-2026-53000

In the Linux kernel, the following vulnerability has been resolved: netfilter: nat: use kfreercu to release ops Florian Westphal says: "Historically this is not an issue, even for normal base hooks: the data path doesn't use the original nfhookops that are used to register the callbacks. However,...

5.8AI score0.00129EPSS
Exploits0References4Affected Software1
cve
cve
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52978

The CVE-2026-52978 issue affects the Linux kernel PSP networking code. The netlink operations dev-set and key-rotate modify sensitive PSP state (version configuration and cryptographic keys) but did not require CAP_NET_ADMIN; access was only checked by psp_dev_check_access() for netns membership....

5.5CVSS5.7AI score0.00126EPSS
Exploits0References3Affected Software1
astralinux
astralinux
added 2026/06/24 3:11 p.m.9 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: SCSI: UFS: Core – Flush exception handling work when RPM level is zero Ensure that exception event handling work is explicitly flushed during suspension when the runtime power management level is set to UFSPMLVL0. When the RPM...

4.7CVSS5.7AI score0.00091EPSS
Exploits0References2
astralinux
astralinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, the CUPS daemon cupsd contained a authorization bypass vulnerability due to case-insensitive username comparisons during authorization checks. This vulnerability...

6.3CVSS5.8AI score0.00317EPSS
Exploits1References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.14 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: hfsplus: The issue of missing hfsbnodeget in hfsbnodecreate has been fixed. When sync and link are called concurrently, both threads may enter hfsbnodefind, but fail to find the node in the hash table. As a result, they proceed t...

5.8AI score0.00173EPSS
Exploits0References3
astralinux
astralinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: octeontx2-af: Workarounds for stalls caused by disabling sticky operations. It is known that the sticky mode of the NIX SQ manager can cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE ma...

7.5CVSS6.2AI score0.00387EPSS
Exploits0References2
osv
osv
added 2026/06/24 11:53 a.m.3 views

CVE-2026-56231 Capgo - Broken Object Level Authorization in Build Job Control via jobId Parameter

Capgo before 12.128.2 contains a broken object level authorization BOLA vulnerability in the POST /build/start/:jobId and POST /build/cancel/:jobId endpoints. The handlers authorize the request based only on the attacker-controlled appid supplied in the request body and never verify that the jobI...

7.2CVSS6.1AI score0.00176EPSS
Exploits0References4
nvd
nvd
added 2026/06/24 8:16 a.m.11 views

CVE-2026-52939

In the Linux kernel, the following vulnerability has been resolved: net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or IBWRMASKEDATOMICFETCHANDADD for every RDS atomic cmsg. But the...

5.5CVSS0.00114EPSS
Exploits0References8
osv
osv
added 2026/06/24 8:16 a.m.6 views

UBUNTU-CVE-2026-52925

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent call to netdevmasterupperdevgetrcu will return a VRF device. They then...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References11
cve
cve
added 2026/06/24 7:14 a.m.15 views

CVE-2026-52925

CVE-2026-52925 : In the Linux kernel, a VRF port removal could lead to a NULL pointer dereference due to readers assuming a VRF master provides l3mdev operations. The fix adds RCU synchronization after clearing IFF_L3MDEV_SLAVE, and skips it when removing a device from a VRF during deletion or wh...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References8Affected Software1
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.13 views

PT-2026-51902

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists between the ice free tx tstamp ring and ice tx map functions. The ice free tx tstamp ring function clears the ICE TX FLAGS TXTIME flag after setting the tstamp ri...

6AI score0.00077EPSS
Exploits0References11
nessus
nessus
added 2026/06/24 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-52939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/rds: fix NULL deref in rdsibsendcqehandler on masked atomic completion rdsibxmitatomic always programs a masked atomic opcode IBWRMASKEDATOMICCMPANDSWP or...

5.5CVSS6AI score0.00114EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.12 views

PT-2026-51718

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A Null Pointer Dereference NPD can occur when removing a port from a Virtual Routing and Forwarding VRF instance. RCU readers using netif is l3 slave may incorrectly assume that netdev...

6AI score0.00114EPSS
Exploits0References19
nessus
nessus
added 2026/06/24 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-52925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netifisl3slave assume that a subsequent ca...

5.5CVSS6AI score0.00114EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/06/24 12:0 a.m.10 views

PT-2026-51972

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the BPF sock ops program when accessing ctx fields where the destination register dst reg is the same as the source register src reg. In the !fullsock or !locked tcp...

7.8CVSS5.7AI score0.00112EPSS
Exploits0References4
ibm
ibm
added 2026/06/23 6:17 p.m.3 views

Security Bulletin: Unauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization Bypass

Summary An improper authorization vulnerability in Streamable MCP transport endpoint /api/v1/mcp/project/projectid/streamable allows unauthenticated attackers to bypass project ownership controls and execute Model Context Protocol MCP operations against OAuth-authenticated projects owned by other...

9.8CVSS6.1AI score0.00259EPSS
Exploits0Affected Software1
cvelist
cvelist
added 2026/06/23 3:49 p.m.44 views

CVE-2026-49465 n8n: Git Node Clone and Push Operations Bypass File Sandbox

n8n is an open source workflow automation platform. Prior to 1.123.48, 2.21.8, and 2.22.4, an authenticated user with permission to create or modify workflows could supply a local filesystem path as the source repository in the Git node's Clone operation, or as the target repository in the Push...

6CVSS0.00495EPSS
Exploits0References1
cve
cve
added 2026/06/23 12:12 p.m.21 views

CVE-2025-71370

Vulnerability summary (CVE-2025-71370): picklescan before 0.0.28 fails to detect malicious torch.jit.unsupported_tensor_ops.execWrapper function calls embedded in pickle files. Attackers can craft malicious pickle files that bypass picklescan detection and execute arbitrary code when loaded via p...

8.1CVSS6.2AI score0.00379EPSS
Exploits0References2
Rows per page
Query Builder