Lucene search
K

2048 matches found

Cvelist
Cvelist
added 2026/05/28 6:39 p.m.37 views

CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS0.00268EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/28 6:39 p.m.13 views

CVE-2026-45039 RustFS: Internode RPC HMAC secret falls back to public default credential, enabling peer impersonation

RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the internode RPC layer authenticates every request with an HMAC-SHA256 signature using a shared secret. The function that produces this secret, getsharedsecret in crates/ecstore/src/rpc/httpauth.rs, falls back to...

9.8CVSS5.7AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/05/28 6:39 p.m.28 views

CVE-2026-45039

RustFS prior to 1.0.0-beta.2 uses an HMAC-SHA256 signature for internode RPC authentication that falls back to DEFAULT_SECRET_KEY = "rustfsadmin" if neither RUSTFS_RPC_SECRET nor the global S3 secret key is configured. The vulnerability arises from get_shared_secret() in crates/ecstore/src/rpc/ht...

9.8CVSS5.7AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 9:40 a.m.15 views

EUVD-2026-32856

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPUGEMCREATEVRAMWIPEONRELEASE but not AMDGPUGEMCREATEVRAMCLEARED, leaving freshly allocated VRAM with stale data from prior use...

5.8AI score0.00119EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/05/28 3:56 a.m.13 views

SUSE CVE-2026-45929

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

5.8AI score0.00157EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/05/28 3:52 a.m.11 views

SUSE CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7CVSS5.7AI score0.00103EPSS
Exploits0References21
EUVD
EUVD
added 2026/05/27 9:56 p.m.11 views

EUVD-2026-32677

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's constellation client tracks pending task responses by sessionid only and does not verify that a TASKEND message came from the device that originally received the task...

5.9CVSS5.8AI score0.00225EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 9:54 p.m.15 views

EUVD-2026-32675

Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but later send a TASK...

8.8CVSS5.8AI score0.00502EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 3:33 p.m.17 views

EUVD-2026-32213

In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpnnetxmit When building the skblist in ovpnnetxmit, skbsharecheck will free the original skb if it is shared. The current implementation continues to use the stale skb pointer for subsequent...

5.8AI score0.00157EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 2:23 p.m.30 views

CVE-2026-6957

Mattermost Plugin versions ≤ 1.1.5 are affected by a path traversal vulnerability in the export path construction from unsanitized filenames received from federated peers. An attacker — specifically an administrator of a remote federated Mattermost server — can cause files to be written to arbitr...

8CVSS6AI score0.00296EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/27 2:23 p.m.42 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS0.00296EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/27 2:23 p.m.14 views

CVE-2026-6957 Path traversal in Mattermost Legal Hold plugin via unsanitized file name from federated peer allows arbitrary file write.

Mattermost Plugins versions =1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federated Mattermost server to write files to arbitrary locations within the target server's filestore via...

8CVSS6AI score0.00296EPSS
Exploits0References1
NVD
NVD
added 2026/05/27 2:17 p.m.18 views

CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS0.00103EPSS
Exploits0References22
OSV
OSV
added 2026/05/27 2:17 p.m.47 views

UBUNTU-CVE-2026-45880

In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References9
OSV
OSV
added 2026/05/27 2:17 p.m.7 views

UBUNTU-CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS5.7AI score0.00103EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.9 views

CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS5.7AI score0.00103EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2026/05/27 12:58 p.m.51 views

CVE-2026-46090

CVE-2026-46090 affects the Linux kernel ALSA aloop driver. A use-after-free in loopback_check_format() can occur when playback starts with parameters that no longer match a running capture stream, while a concurrent close may detach or free the runtime. The issue arises after a patch that moved t...

7.8CVSS5.8AI score0.00103EPSS
Exploits0References22Affected Software1
Debian CVE
Debian CVE
added 2026/05/27 12:58 p.m.9 views

CVE-2026-46090

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS5.7AI score0.00103EPSS
Exploits0
EUVD
EUVD
added 2026/05/27 12:58 p.m.14 views

EUVD-2026-32473

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

5.8AI score0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/27 12:58 p.m.50 views

CVE-2026-46090 ALSA: aloop: Fix peer runtime UAF during format-change stop

In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopbackcheckformat may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa62e3 "ALSA: aloop: Fix...

7.8CVSS0.00103EPSS
Exploits0References6
Rows per page
Query Builder