Lucene search
K

1148 matches found

Github Security Blog
Github Security Blog
added last week6 views

Rancher Fleet vulnerable to cross namespace secret disclosure via unvalidated `valuesFrom` references in Helm Deployer

Impact A vulnerability in Fleet for Rancher Manager affects multi-tenancy environments where different tenants share the same downstream clusters e.g., different privileged or untrusted teams inside the same organization. On unpatched versions, tenants could bypass restrictions to access any conf...

9.9CVSS5.8AI score0.00585EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/30 11:7 a.m.2 views

SUSE-SU-2026:22458-1 Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-10263: arm64: errata: Mitigate TLBI errata on various Arm CPUs bsc1266290. - CVE-2025-38549: efivarfs: Fix memory leak of efivarfsfsinfo in...

9.8CVSS6.6AI score0.93235EPSS
Exploits41References350
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats...

5.5CVSS6AI score0.0009EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:17 p.m.6 views

CVE-2026-53323

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

5.5CVSS0.0009EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:40 p.m.16 views

CVE-2026-53301

The CVE-2026-53301 entry refers to a Linux kernel issue: reset: amlogic: t7 where missing reset operations can cause a kernel null pointer dereference. The description notes this SOC’s reset is not currently used. Connected sources indicate this is a kernel-level fix (null reset ops) with referen...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:39 a.m.6 views

CVE-2026-53188

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate the passed in fops for ibgetucaps Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same devt it can masquerade as a ucap cdev fd...

5.8AI score0.00136EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.19 views

PT-2026-51894

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the netfilter component of the Linux kernel, specifically within the Network Address Translation NAT subsystem. The issue stems from improper memory management when...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References8
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: net: Fixed a UAF issue in nfqnlnfhookDrop when opsinit fails. When the opsinit function is called to initialize the network, but ops-init fails, data is released. However, the pointer ptr in net-gen becomes invalid. In this...

6AI score0.0018EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: w1: fixed the warning that appeared after calling w1process. I received the following warning message while removing the driver ds2482: ------------ cut here ------------ Do not call blocking operations when the !TASKRUNNING;...

5.5CVSS6.1AI score0.00178EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 5:3 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Improperly Controlled Modification of Object Prototype Attributes (CVE-2025-13465)

Summary There are vulnerabilities in lodash-4.17.21.tgz, lodash-es-4.17.21.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-13465. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-13465 DESCRIPTION: Lodash versions 4.0.0 through 4.17.22 are...

8.2CVSS5.3AI score0.01535EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 2:11 p.m.4 views

Security Bulletin: MongoDB Enterprised Advanced affected by: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') (CVE-2026-2332)

Summary There are vulnerabilities in jetty-http-12.0.22.jar used in MongoDB Enterprised Advanced for IBM, involving CVE-2026-2332. The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2026-2332 DESCRIPTION: In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling...

9.1CVSS5.3AI score0.01127EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6912

Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR 165 allows remote authenticated users to escalate to deployment admin privileges and manage Cognito user accounts via a crafted UpdateUserAttributes API...

8.8CVSS5.6AI score0.00419EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.11 views

CVE-2026-8431

An administrative user with access to configure webhooks can execute arbitrary commands by configuring and then triggering webhooks containing specific FreeMarker template syntax. This issue affects all MongoDB Ops Manager 7.0 versions and MongoDB Ops Manager versions 8.0.22 and prior...

9.4CVSS5.8AI score0.00371EPSS
Exploits0References1
OSV
OSV
added 2026/06/02 11:20 a.m.13 views

MAL-2026-5159 Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis ed7a024c524e1a4bc29e2670d7dc00e5aa4c6891650c3c6bf38a2f388f4a3cb9 The OpenSSF Package Analysis project identified 'po-ops-local-dev' @ 99.9.1 npm as malicious. It is considered malicious because: - The package...

5.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/02 11:20 a.m.14 views

Malicious code in po-ops-local-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c7d0f2e829316d0c6a04bc41fb4d187569c00c3273384b1666d3068a0e696291 [email protected] has no functional code of its own index.js contains only module.exports = ; and there are no lifecycle scripts. Its sole effe...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-28586

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

3.3CVSS5.9AI score0.00064EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.31 views

CVE-2026-28586

In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00064EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/06/01 9:16 a.m.10 views

apache-airflow-core (>=3.2.0 <=3.2.1), apache-airflow-providers-google (=5.0.0) +10 more potentially affected by CVE-2026-41014 via apache-airflow (>=3.2.0 <=3.2.1rc3)

apache-airflow PYPI version =3.2.0, =3.2.0, =1.2.0, =13.0.2, =7.2.0, =1.18.3, =1.4.2, =2.1.1, =1.10.3, =1.41.2, =1.28.2, =5.6.2, =5.7.17 Source cves: CVE-2026-41014 Source advisory: OSV:PYSEC-2026-182...

4.3CVSS5.7AI score0.00352EPSS
Exploits0
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.9 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There is a security vulnerability in Google Android, which stems from missing permission checks for multiple functions in AppOpsService.java. This vulnerability may lead to the disclosure of local informati...

3.3CVSS5.3AI score0.00064EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/31 7:39 a.m.240 views

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

HackTheBox — DevHub CVE-2026-23744 | MCPJam Inspector Unaut...

9.8CVSS6AI score0.38374EPSS
Exploits32
Rows per page
Query Builder