Lucene search
K

180 matches found

RedHat Linux
RedHat Linux
added 2026/03/17 5:52 p.m.3 views

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

7.8CVSS5.8AI score0.0019EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/03/16 8:35 p.m.4 views

grub2: Missing unregister call for gettext command may lead to use-after-free

A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the applicati...

7.8CVSS5.8AI score0.0019EPSS
Exploits0References5
CVE
CVE
added 2026/03/05 6:56 p.m.19 views

CVE-2025-13350

Summary : CVE-2025-13350 affects Ubuntu Linux 6.8 GA builds that retain the legacy AF_UNIX garbage collector and backport a specific commit. Root cause : when orphaned MSG_OOB sockets are processed by unix_gc(), the code frees the buffer via kfree_skb() as if OOB SKBs held two references, but in ...

7.1CVSS6.1AI score0.00146EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/05 6:56 p.m.4 views

CVE-2025-13350 Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 "afunix: Don’t call skbget for OOB skb". When orphaned MSGOOB sockets hit unixgc, the garbage collector still calls kfreeskb as if OOB SKBs held two references; on Ubuntu Linux 6.8 Noble...

7.1CVSS6AI score0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 6:56 p.m.32 views

CVE-2025-13350 Use-after-free of orphaned AF_UNIX in Ubuntu builds of Linux kernel

Ubuntu Linux 6.8 GA retains the legacy AFUNIX garbage collector but backports upstream commit 8594d9b85c07 "afunix: Don’t call skbget for OOB skb". When orphaned MSGOOB sockets hit unixgc, the garbage collector still calls kfreeskb as if OOB SKBs held two references; on Ubuntu Linux 6.8 Noble...

7.1CVSS0.00146EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/05 3:52 p.m.36 views

CVE-2026-30783 RustDesk Client Can Orphan API Channel to Ignore All Admin Commands and ACL Policies

A vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient Client signaling, API sync loop, config management modules allows Privilege Abuse. This vulnerability is associated with program files src/rendezvousmediator.Rs, src/hbbshttp/sync....

4.8CVSS0.00376EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.8 views

PT-2026-23496

Name of the Vulnerable Software and Affected Versions Ubuntu Linux versions 6.8.0-56.58 through 6.8.0-84.84 Description The Ubuntu Linux kernel retains a legacy AF UNIX garbage collector that, when combined with a backported upstream commit, can lead to a use-after-free condition. Specifically,...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005792)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005792 advisory. In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free...

7.8CVSS6.9AI score0.00153EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005492 advisory. In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free...

7.8CVSS6.6AI score0.00153EPSS
Exploits0References4
NVD
NVD
added 2026/02/26 11:16 p.m.12 views

CVE-2026-28226

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the...

6.5CVSS0.00332EPSS
Exploits1References2
CVE
CVE
added 2026/02/26 10:43 p.m.11 views

CVE-2026-28226

CVE-2026-28226 — Phishing Club : An authenticated SQL injection exists in the GetOrphaned recipient listing endpoint for versions before 1.30.2. The endpoint concatenates a user-controlled sortBy value directly into the SQL ORDER BY clause without allowlist validation, allowing injection of SQL e...

6.5CVSS5.7AI score0.00332EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/26 10:43 p.m.7 views

CVE-2026-28226 Phishing Club has Authenticated Blind SQL Injection in GetOrphaned Recipient Listing

Phishing Club is a phishing simulation and man-in-the-middle framework. Prior to version 1.30.2, an authenticated SQL injection vulnerability exists in the GetOrphaned recipient listing endpoint in versions prior to v1.30.2. The endpoint constructs a raw SQL query and concatenates the...

6.5CVSS5.8AI score0.00332EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

Phishing Club SQL注入漏洞

Phishing Club is an open-source platform for simulating and testing phishing attacks developed by Phishing Club. Versions of Phishing Club prior to 1.30.2 contained a SQL injection vulnerability. This vulnerability stemmed from the GetOrphaned recipient list endpoint, where the sortBy value...

6.5CVSS5.9AI score0.00332EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.12 views

PT-2026-22214

Name of the Vulnerable Software and Affected Versions Phishing Club versions prior to 1.30.2 Description Phishing Club is a phishing simulation and man-in-the-middle framework. An authenticated SQL injection issue exists in the GetOrphaned recipient listing endpoint. The endpoint builds a SQL que...

6.5CVSS6AI score0.00332EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2026/02/05 12:24 a.m.6 views

SUSE CVE-2026-23104

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

5.1CVSS5.2AI score0.00112EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2026/02/04 5:16 p.m.6 views

CVE-2026-23104

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References4
OSV
OSV
added 2026/02/04 5:16 p.m.6 views

UBUNTU-CVE-2026-23104

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

5.5CVSS5.7AI score0.00112EPSS
Exploits0References5
EUVD
EUVD
added 2026/02/04 4:8 p.m.6 views

EUVD-2026-5438

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

5.2AI score0.00112EPSS
Exploits0References2
CVE
CVE
added 2026/02/04 4:8 p.m.26 views

CVE-2026-23104

CVE-2026-23104 describes a Linux kernel ice driver issue where devlink reload can trigger a call trace due to mismatched cleanup of the internal hwmon state. The root cause is that ice_hwmon_init() is invoked during feature init and ice_hwmon_exit() was tied to ice_remove(), which could leave a d...

5.5CVSS5.2AI score0.00112EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/04 4:8 p.m.33 views

CVE-2026-23104 ice: fix devlink reload call trace

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b "ice: read internal temperature sensor" introduced internal temperature sensor reading via HWMON. icehwmoninit was added to iceinitfeature and icehwmonexit was added to...

0.00112EPSS
Exploits0References3
Rows per page
Query Builder