Lucene search
K

7872 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-53249

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP option...

5.5CVSS6AI score0.00128EPSS
Exploits0References3
Fedora
Fedora
added 2026/06/27 1:12 a.m.5 views

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-6.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03459EPSS
Exploits4
Fedora
Fedora
added 2026/06/27 12:56 a.m.5 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03459EPSS
Exploits4
OSV
OSV
added 2026/06/26 9:1 p.m.7 views

GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction

internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...

6.9CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 8:4 p.m.8 views

CVE-2026-47220

A flaw was found in Envoy. A remote attacker can exploit this vulnerability by sending a request with a missing host header when the %REQUESTEDSERVERNAMEX:Y% is used in the log format and host-related options, such as HOSTFIRST or SNIFIRST, are specified. This can lead to a crash of the Envoy...

7.5CVSS5.7AI score0.00665EPSS
Exploits1References4
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.8 views

SUSE CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.8AI score0.00128EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 11:17 p.m.4 views

DEBIAN-CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.7AI score0.00151EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/25 10:29 p.m.5 views

CVE-2026-40080

Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Open Redirect through a substring check rather than a host check at strcontains$referer, CACTIPATHURL. When the user's loginopts == '1' redirect to referer after login, the function use...

6.1CVSS5.7AI score0.00151EPSS
Exploits1
OSV
OSV
added 2026/06/25 3:31 p.m.4 views

OPENSUSE-RU-2026:21160-1 Recommended update for dnscrypt-proxy

This update for dnscrypt-proxy fixes the following issues: Changes in dnscrypt-proxy: - Update to version 2.1.16 The "tlsciphersuite" option is now a no-op. Modern TLS stacks no longer expose cipher suite selection in a meaningful way, and the option had become misleading A log size of 0 no longe...

9.1CVSS6.6AI score0.01557EPSS
Exploits1References8
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS0.00426EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.31 views

CVE-2026-54823 WordPress Widget Options plugin <= 4.2.3 - Remote Code Execution (RCE) vulnerability

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS0.00426EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.23 views

CVE-2026-54823

CVE-2026-54823 affects the WordPress Widget Options plugin, specifically versions

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.6 views

CVE-2026-54823

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:12 p.m.6 views

EUVD-2026-39365

Contributor Remote Code Execution RCE in Widget Options = 4.2.3 versions...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 12:24 p.m.32 views

CVE-2026-42004 EDNS options smuggling

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS0.00162EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 12:24 p.m.8 views

EUVD-2026-39351

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 12:24 p.m.14 views

CVE-2026-42004

CVE-2026-42004 affects DNSdist via EDNS OPT handling. An attacker can craft an EDNS OPT record that DNSdist’s filtering ignores, but is rewritten to a valid OPT when EDNS Client Subnet is applied, allowing the backend to observe EDNS options DNSdist did not filter. Impact is limited to informatio...

3.7CVSS5.9AI score0.00162EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/25 12:24 p.m.7 views

CVE-2026-42004

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS options that DNSdist did not filter...

3.7CVSS5.9AI score0.00162EPSS
Exploits0
CVE
CVE
added 2026/06/25 8:39 a.m.14 views

CVE-2026-53249

CVE-2026-53249 is a Linux kernel vulnerability where the IPOPT_SSRR and IPOPT_LSRR IPv4 options are restricted to CAP_NET_RAW, preventing unprivileged processes from steering packets through attacker-controlled nodes to leak information (e.g., TCP ISN). The issue is patched in multiple OS context...

5.5CVSS5.7AI score0.00128EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/25 8:39 a.m.9 views

EUVD-2026-39200

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.7AI score0.00128EPSS
Exploits0References8
Rows per page
Query Builder