CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в linux-5.15, linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: perf: Fixed an event leak that occurred during execution and file release. The pending task work related to perf is never waited for when a matching event occurs. In the case of a child event released directly via freeevent,...

5.5CVSS6.8AI score0.00013EPSS

Snyk•added 2026/04/16 8:41 p.m.•2 views

Authorization Bypass Through User-Controlled Key

Overview weblate is an A web-based continuous localization system with tight version control integration Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key in the API for pending tasks due to missing verification of user access. An attacker can...

4.9CVSS5.7AI score0.00011EPSS

NVD•added 2026/04/15 6:17 p.m.•0 views

CVE-2026-33212

Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't have access to given scope. The attacker needs to brute-force the random UUID of the task, so...

3.1CVSS0.00011EPSS

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2025-30374

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00074EPSS

CNNVD•added 2025/10/01 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ioringexitwork function waiting for a request to complete without using an interruptible state, which...

5.9AI score0.00017EPSS

Exploits0References6

OSV•added 2025/09/21 6:15 a.m.•1 views

CVE-2025-10764

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...

8.8CVSS6.7AI score

Exploits0References4

CVE•added 2025/09/21 5:32 a.m.•8 views

CVE-2025-10764

CVE-2025-10764 affects SeriaWei ZKEACMS up to 4.3, specifically the Edit function in Event Action System at src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs. The vulnerability stems from manipulation of the Data argument, enabling server-side request forgery (SSRF) from remote attacke...

8.8CVSS6.3AI score0.00074EPSS

Exploits0References4Affected Software1

Cvelist•added 2025/09/21 5:32 a.m.•6 views

CVE-2025-10764 SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery

6.5CVSS0.00074EPSS

Exploits0References4

CNNVD•added 2025/09/21 12:0 a.m.•3 views

ZKEACMS 代码问题漏洞

ZKEACMS is a visually designed, WYSIWYG content management system from ZKEASOFT open source. A code issue vulnerability exists in ZKEACMS 4.3 and earlier versions, which stems from incorrect manipulation of the parameter Data in the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.c...

8.8CVSS6.3AI score0.00074EPSS

Positive Technologies•added 2025/09/21 12:0 a.m.•3 views

PT-2025-38659

Name of the Vulnerable Software and Affected Versions SeriaWei ZKEACMS versions prior to 4.4 Description A vulnerability exists in SeriaWei ZKEACMS up to version 4.3. The issue affects the Edit function within the src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs file of the Event Acti...

6.5CVSS6.3AI score0.00074EPSS

Exploits0References7

OSV•added 2025/05/01 1:15 p.m.•4 views

AZL-69680 CVE-2025-37747 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: perf: Fix hang while freeing sigtrap event Perf can hang while freeing a sigtrap event if a related deferred signal hadn't managed to be sent before the file got closed: perfeventoverflow taskworkaddperfpendingtask fput...

5.5CVSS6.2AI score0.00065EPSS

OSV•added 2025/05/01 1:15 p.m.•2 views

AZL-69674 CVE-2025-37747 affecting package kernel 5.15.200.1-1

5.5CVSS6.2AI score0.00065EPSS

RedHat Linux•added 2024/11/12 9:11 a.m.•1 views

kernel: perf: Fix event leak upon exec and file release

Linux kernel perf pending task work is never waited upon the matching event release; in the case of a child event, released via freeevent directly, this can potentially result in a leaked event...

5.5CVSS7.3AI score0.00013EPSS

OSV•added 2024/10/21 8:15 p.m.•1 views

DEBIAN-CVE-2022-48950

In the Linux kernel, the following vulnerability has been resolved: perf: Fix perfpendingtask UaF Per syzbot it is possible for perfpendingtask to run after the event is free'd. There are two related but distinct cases: - the taskwork was already queued before destroying the event; - destroying t...

7.8CVSS5.9AI score0.00045EPSS

OSV•added 2024/10/21 8:15 p.m.•0 views

UBUNTU-CVE-2022-48950

7.8CVSS5.7AI score0.00045EPSS

Exploits0References6

CNNVD•added 2024/10/21 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible post-release reuse error in the perfpendingtask function if the perfpendingtask function runs aft...

7.8CVSS6.5AI score0.00045EPSS

SUSE CVE•added 2024/08/22 2:58 a.m.•1 views

SUSE CVE-2024-43869

In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exec and file release The perf pending task work is never waited upon the matching event release. In the case of a child event, released via freeevent directly, this can potentially result in a leaked...

5.5CVSS7.2AI score0.00013EPSS

Exploits0References17

OSV•added 2024/08/21 1:15 a.m.•1 views

DEBIAN-CVE-2024-43869

5.5CVSS5.8AI score0.00013EPSS