Lucene search
K

623 matches found

CVE
CVE
added yesterday7 views

CVE-2026-62314

Anubis Web AI Firewall Utility vulnerable in versions 1.22.0–1.26.0-pre1 due to PathChecker.Check() trusting the client-controlled X-Original-URI header before r.URL.Path, enabling bypass of the challenge via ALLOW rules (e.g., ^/.well-known/.*$). A fixed release is 1.26.0-pre1; upgrade to mitiga...

5.8CVSS6.1AI score
Exploits0References4
RedHat Linux
RedHat Linux
added 3 days ago9 views

freeipmi: buffer overflows on response messages via ipmi-oem

A flaw was found in FreeIPMI. The ipmi-oem program is used to send Intelligent Platform Management Interface IPMI OEM commands for specific hardware vendors to retrieve specific information from the hardware. A malicious server can reply with crafted response messages and cause buffer overflows...

7.5CVSS6.1AI score0.00403EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago6 views

freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client

A flaw was found in FreeIPMI. Specifically, the ipmi-oem client command, which implements Intelligent Platform Management Interface IPMI OEM commands, contains exploitable buffer overflows. A remote attacker could exploit these vulnerabilities by sending specially crafted response messages to the...

7.5CVSS6.1AI score0.00405EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 3 days ago7 views

freeipmi: buffer overflows on response messages via ipmi-oem

A flaw was found in FreeIPMI. The ipmi-oem program is used to send Intelligent Platform Management Interface IPMI OEM commands for specific hardware vendors to retrieve specific information from the hardware. A malicious server can reply with crafted response messages and cause buffer overflows...

7.5CVSS6.1AI score0.00403EPSS
Exploits0References8
NVD
NVD
added 6 days ago6 views

CVE-2026-55670

ZITADEL is an open source identity management platform. Prior to 4.15.1, ZITADEL's event store validation can retain the original resource owner for a deleted user identifier, causing a later user recreated with the same identifier in another organization to be provisioned under the original...

2.3CVSS0.00286EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.10 views

PT-2026-56623

Name of the Vulnerable Software and Affected Versions Generic OEM UZ801 v2.1 4G LTE Router version 3.4.3 Description A remote attacker can execute arbitrary code through the /ajax web management API endpoint located within the MifiService.apk component. Recommendations At the moment, there is no...

9.8CVSS6.4AI score0.00515EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/07 2:33 p.m.5 views

freeipmi: FreeIPMI: Denial of service via buffer overflow in ipmi-oem client

A flaw was found in FreeIPMI. Specifically, the ipmi-oem client command, which implements Intelligent Platform Management Interface IPMI OEM commands, contains exploitable buffer overflows. A remote attacker could exploit these vulnerabilities by sending specially crafted response messages to the...

7.5CVSS6.1AI score0.00405EPSS
Exploits0References7
OSV
OSV
added 2026/07/07 10:17 a.m.4 views

PYSEC-2026-940 TensorFlow vulnerable to `CHECK` fail in `AvgPoolGrad`

Impact The implementation of AvgPoolGrad does not fully validate the input originputshape. This results in a CHECK failure which can be used to trigger a denial of service attack: python import tensorflow as tf ksize = 1, 2, 2, 1 strides = 1, 2, 2, 1 padding = "VALID" dataformat = "NHWC"...

5.9CVSS5.9AI score0.00396EPSS
Exploits0References7
OSV
OSV
added 2026/06/30 6:9 p.m.4 views

GHSA-G4W6-VMGF-XQVX @cedar-policy/authorization-for-expressjs has an authorization bypass via query string manipulation

Summary @cedar-policy/authorization-for-expressjs is an open-source Express.js middleware that integrates Cedar authorization into Express applications by mapping HTTP requests to Cedar actions and evaluating authorization policies before allowing requests to proceed. An issue exists where, under...

8.8CVSS5.9AI score
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/27 1:54 a.m.9 views

SUSE CVE-2026-53053

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...

7CVSS5.8AI score0.00128EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/06/25 3:59 p.m.7 views

CVE-2026-54573

Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl to verify if an API key or OAuth token has the required scopes for a request. It extracts the resource by splitting the URL by / and taking the last...

5.3CVSS5.9AI score0.00285EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-53053

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This functi...

8.8CVSS6.1AI score0.00128EPSS
Exploits0References4
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53053 iommu/amd: Fix clone_alias() to use the original device's devid

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...

8.8CVSS5.8AI score0.00128EPSS
Exploits0References7
EUVD
EUVD
added 2026/06/24 4:29 p.m.6 views

EUVD-2026-38921

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clonealias to use the original device's devid Currently clonealias assumes first argument pdev is always the original device pointer. This function is called by pciforeachdmaalias which based on topology decides to...

5.7AI score0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 4:29 p.m.10 views

CVE-2026-53053

The CVE-2026-53053 issue lies in the Linux kernel’s iommu/amd driver where clone_alias() incorrectly uses the wrong device ID (devid) for alias devices, risking propagation of wrong or stale Device Table Entries (DTEs). The fix passes the original pdev as opaque data to both clone_alias() and pci...

8.8CVSS5.7AI score0.00128EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-51947

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the clone alias function within the AMD IOMMU driver. The function incorrectly assumes that the first argument pdev is always the original device pointer. Because pci...

9.8CVSS5.7AI score0.00533EPSS
Exploits5References393
OSV
OSV
added 2026/06/19 2:13 p.m.2 views

SUSE-SU-2026:22243-1 Security update for freeipmi

This update for freeipmi fixes the following issue - CVE-2026-50031: denial of service via buffer overflow in ipmi-oem client bsc1267605...

7.5CVSS6AI score0.00405EPSS
Exploits0References3
OSV
OSV
added 2026/06/09 10:57 p.m.11 views

MAL-2026-5490 Malicious code in sb-original (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c0e07a765f6ef2042da47b1c017ecc5f6f1f99167da76e04c4b2c4ea6ecfcb83 [email protected] is an unscoped package whose version is set to 9999.99.99 to win semver resolution against any internal package of the same...

5.4AI score
Exploits0References2
RustSec
RustSec
added 2026/06/07 12:0 p.m.42 views

proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.8 views

CVE-2026-24087

Memory corruption while processing fastboot OEM commands...

7.2CVSS5.5AI score0.00097EPSS
Exploits0References1
Rows per page
Query Builder