Lucene search
K

7859 matches found

OSV
OSV
added 2026/06/29 9:20 a.m.2 views

SUSE-SU-2026:22431-1 Security update for dracut

This update for dracut fixes the following issue - CVE-2026-6893: Root code execution via DHCP options command injection bsc1268322. Changes for dracut: - Update to version 059+suse.609.g1a2492e: fixnetwork-legacy: sanitize DHCP values in dhclient-script.sh bsc1268322, CVE-2026-6893...

7.5CVSS6.4AI score0.01131EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

RHEL 8 : flatpak (RHSA-2026:30901)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30901 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS6.3AI score0.0168EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-56116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dhcpcd through 10.3.2, fixed in commit 708b4a5, contains a memory leak vulnerability in the IPv6 Router Advertisement route information handling that allows an...

7.1CVSS6AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/06/28 2:16 a.m.9 views

CVE-2026-58057

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS0.00827EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.49 views

CVE-2026-58057 Flowise - Custom MCP Environment Variable Denylist Bypass via Case Sensitivity

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS0.00827EPSS
Exploits3References3
EUVD
EUVD
added 2026/06/28 1:32 a.m.9 views

EUVD-2026-39977

Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows, where environment names are case-insensitive, supplying 'nodeoptions' bypasses the NODEOPTIONS denylist entry. An authenticated user who can configure a Custo...

5CVSS6.1AI score0.00827EPSS
Exploits3References3
CVE
CVE
added 2026/06/28 1:32 a.m.29 views

CVE-2026-58057

Flowise before 3.1.3 is affected: a case-sensitive denylist for Custom MCP stdio environment variables allows bypass on Windows (case-insensitive env names). An authenticated user who can configure a Custom MCP node can inject NODE_OPTIONS --require to execute arbitrary code in the Flowise server...

5CVSS6.1AI score0.00827EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2026/06/28 1:32 a.m.36 views

CVE-2026-58053 Gitea act_runner - Container Hardening Bypass via Workflow Container Options

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/28 1:32 a.m.8 views

EUVD-2026-39973

Gitea actrunner with the Docker backend through act 0.262.0 passes a workflow's container.options string to the Docker job container's HostConfig and, when configured with privileged: false, forces only the Privileged flag off while merging options such as --pid=host, --cap-add, and --security-op...

9.9CVSS5.8AI score0.00265EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.14 views

PT-2026-53089

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.3 Description An authenticated user can execute arbitrary code in the server context by configuring a Custom MCP node. The issue occurs because environment variables are validated against a denylist using a...

5CVSS6.1AI score0.00827EPSS
Exploits3References12
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP option...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/27 1:12 a.m.5 views

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-6.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03225EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.4 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03225EPSS
Exploits4
OSV
OSV
added 2026/06/26 9:1 p.m.6 views

GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction

internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...

6.9CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 8:4 p.m.8 views

CVE-2026-47220

A flaw was found in Envoy. A remote attacker can exploit this vulnerability by sending a request with a missing host header when the %REQUESTEDSERVERNAMEX:Y% is used in the log format and host-related options, such as HOSTFIRST or SNIFIRST, are specified. This can lead to a crash of the Envoy...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.8 views

SUSE CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.8AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 11:17 p.m.4 views

DEBIAN-CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.7AI score0.00151EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/25 10:29 p.m.5 views

CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.7AI score0.00151EPSS
Exploits1
OSV
OSV
added 2026/06/25 3:31 p.m.4 views

OPENSUSE-RU-2026:21160-1 Recommended update for dnscrypt-proxy

This update for dnscrypt-proxy fixes the following issues: Changes in dnscrypt-proxy: - Update to version 2.1.16 The "tlsciphersuite" option is now a no-op. Modern TLS stacks no longer expose cipher suite selection in a meaningful way, and the option had become misleading A log size of 0 no longe...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References8
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS0.00426EPSS
Exploits0References1
Rows per page
Query Builder