Lucene search
K

102945 matches found

OSV
OSV
added 2026/06/24 8:16 a.m.2 views

UBUNTU-CVE-2026-52930

In the Linux kernel, the following vulnerability has been resolved: ipc/shm: serialize orphan cleanup with shmnattch updates shmdestroyorphaned walks the shm idr under shmidsns.rwsem, but that does not serialize all fields tested by shmmaydestroy. In particular, shmnattch is updated while holding...

5.6AI score0.00165EPSS
Exploits0References11
OSV
OSV
added 2026/06/24 8:16 a.m.3 views

UBUNTU-CVE-2026-52923

In the Linux kernel, the following vulnerability has been resolved: ipc: limit nextid allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through ids-nextid. ipcidralloc currently forwards that request to idralloc with an open-ended upper bound. If...

7.8CVSS5.6AI score0.00123EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/24 7:14 a.m.8 views

EUVD-2026-38707

In the Linux kernel, the following vulnerability has been resolved: tap: fix stack info leak in tapioctl SIOCGIFHWADDR In the SIOCGIFHWADDR path, tapioctl copies 16 bytes of an uninitialised on-stack struct sockaddrstorage to userspace via ifrhwaddr, but netifgetmacaddress only writes safamily an...

5.8AI score0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.30 views

CVE-2026-52938 bpf: Fix NULL pointer dereference in bpf_sk_storage_clone and diag paths

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix NULL pointer dereference in bpfskstorageclone and diag paths bpfselemunlinknofail sets SDATAselem-smap to NULL before removing the selem from the storage hlist. A concurrent RCU reader in bpfskstorageclone can observe th...

0.00145EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 7:14 a.m.9 views

EUVD-2026-38705

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

5.9AI score0.0012EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.7 views

CVE-2026-52929

In the Linux kernel, the following vulnerability has been resolved: sctp: stream: fully roll back denied add-stream state When ADDOUTSTREAMS is denied, SCTP only shrinks the queued chunks and then lowers outcnt. That leaves removed stream metadata behind, so a later re-add can reuse a stale ext a...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/06/24 7:14 a.m.9 views

CVE-2026-52929

The CVE affects the Linux kernel SCTP stream handling. When ADD_OUT_STREAMS is denied, the rollback only shrinks queued chunks and lowers outcnt, leaving removed stream metadata behind. A subsequent re-add can reuse a stale ext and trigger a null-pointer dereference in the scheduler get path, pot...

7.5CVSS5.7AI score0.00394EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 7:14 a.m.32 views

CVE-2026-52917

Summary (concrete details from provided sources): CVE-2026-52917 fixes a Linux kernel SCTP diagnostics flaw in the sock_diag lookup during the dump_one path. The issue occurs when an SCTP association has been freed but is still being reported, allowing the code to dereference an invalid associati...

7.1CVSS5.7AI score0.00126EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 7:14 a.m.7 views

EUVD-2026-38720

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

5.7AI score0.00126EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:14 a.m.6 views

CVE-2026-52917

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

5.7AI score0.00126EPSS
Exploits0References9Affected Software1
Debian CVE
Debian CVE
added 2026/06/24 7:14 a.m.4 views

CVE-2026-52917

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

7.1CVSS5.6AI score0.00126EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/24 7:14 a.m.28 views

CVE-2026-52917 sctp: diag: reject stale associations in dump_one path

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dumpone path The SCTP exact sockdiag lookup can hold a transport reference, block on locksocksk, and then resume after sctpassociationfree has marked the association dead and freed its bin...

7.1CVSS0.00126EPSS
Exploits0References8
Veracode
Veracode
added 2026/06/24 5:36 a.m.7 views

Open Redirect

Nuxt is vulnerable to open redirect. The vulnerability is due to improper validation of path-normalized URLs in navigateTo, where specially crafted paths can bypass external-host checks after normalization, allowing attackers to redirect users to malicious websites and facilitate phishing attacks...

6.1CVSS5.9AI score0.00205EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 5:33 a.m.6 views

CVE-2026-8628

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS6AI score0.00205EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 5:33 a.m.6 views

EUVD-2026-38671

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS6AI score0.00205EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.30 views

CVE-2026-8628 EntreDroppers <= 1.1.2 - Reflected Cross-Site Scripting via PHP_SELF Parameter

The EntreDroppers plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHPSELF Parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts...

6.1CVSS0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 5:33 a.m.2 views

ROOT-APP-NPM-CVE-2024-52798 CVE-2024-52798 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-52798 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

8.7CVSS5.4AI score0.00792EPSS
Exploits0
OSV
OSV
added 2026/06/24 5:33 a.m.3 views

ROOT-APP-NPM-CVE-2026-4867 CVE-2026-4867 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2026-4867 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

7.5CVSS5.9AI score0.00496EPSS
Exploits0
OSV
OSV
added 2026/06/24 5:33 a.m.5 views

ROOT-APP-NPM-CVE-2024-45296 CVE-2024-45296 in @rootio/path-to-regexp - Patched by Root

Root has patched CVE-2024-45296 in the @rootio/path-to-regexp package for Root:npm. Multiple fixed versions available...

7.5CVSS7.3AI score0.00932EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52087

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the safepath package used by virt-handler. The OpenAtNoFollow function utilizes O PATH|O NOFOLLOW to obtain a file descriptor for a path leaf; however, subsequent operations...

7.3CVSS6AI score0.00124EPSS
Exploits0References5
Rows per page
Query Builder