Lucene search
K

96 matches found

Cvelist
Cvelist
added 2026/04/16 5:2 p.m.30 views

CVE-2026-2336 Weak webstax_auth Cookie Authentication Allows Privilege Escalation

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstaxauth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...

8.7CVSS0.00202EPSS
Exploits0References1
CVE
CVE
added 2026/04/16 5:2 p.m.12 views

CVE-2026-2336

CVE-2026-2336 describes a privilege escalation in Microchip IStaX where an authenticated low-privilege user can extract the shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges. Affected product: IStaX (before 2026.03). T...

8.7CVSS5.8AI score0.00202EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.6 views

PT-2026-33346

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...

8.7CVSS5.8AI score0.00202EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/03 4:8 a.m.14 views

Malicious code in xpack-per-device (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f3e144fc188f6f28820784883e158f5841d1276a3eb100db4c469e45439f415 The package xpack-per-device was found to contain malicious code. Source: ghsa-malware 40c08125e60c3d43432e40679e35d49bb3fc0b9d4a3df799c45b80999f1753...

5.7AI score
Exploits0References2
OSV
OSV
added 2026/03/03 4:8 a.m.1 views

MAL-2026-1159 Malicious code in xpack-per-device (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5f3e144fc188f6f28820784883e158f5841d1276a3eb100db4c469e45439f415 The package xpack-per-device was found to contain malicious code. Source: ghsa-malware 40c08125e60c3d43432e40679e35d49bb3fc0b9d4a3df799c45b80999f1753...

5.7AI score
Exploits0References2
Snyk
Snyk
added 2026/03/03 4:8 a.m.5 views

Malicious Package

Overview xpack-per-device is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2026/02/14 3:16 p.m.8 views

CVE-2026-23129

In the Linux kernel, the following vulnerability has been resolved: dpll: Prevent duplicate registrations Modify the internal registration helpers dpllxarefdpll,pinadd to reject duplicate registration attempts. Previously, if a caller attempted to register the same pin multiple times with the sam...

5.5CVSS0.00115EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/21 1:2 a.m.4 views

EUVD-2026-3306

ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component...

6.3CVSS5.4AI score0.00273EPSS
Exploits0References5
NVD
NVD
added 2026/01/19 6:16 p.m.7 views

CVE-2026-23833

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

7.5CVSS0.00273EPSS
Exploits0References4
CVE
CVE
added 2026/01/19 5:58 p.m.17 views

CVE-2026-23833

Summary: CVE-2026-23833 affects ESPHome 2025.9.0–2025.12.6. A flaw in the API component’s protobuf decoder lets an attacker perform a denial-of-service by sending a large field_length, causing an overflow of the bounds check in components/api/proto.cpp (ptr + field_length > end). This can cras...

7.5CVSS5.5AI score0.00273EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.10 views

PT-2026-3475

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.9.0 through 2025.12.6 Description ESPHome is a system for remote microcontroller control via Home Automation systems. An integer overflow in the API component’s protobuf decoder can lead to denial-of-service attacks when...

7.5CVSS5.5AI score0.00273EPSS
Exploits0References18
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : kernel-3.10.0-327.10.1.el7 (AXSA:2016-136:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2016-136:02 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

7.2CVSS6.3AI score0.00624EPSS
Exploits0References3
OSV
OSV
added 2025/12/30 12:8 p.m.5 views

CVE-2022-50818 scsi: pm8001: Fix running_req for internal abort commands

In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix runningreq for internal abort commands Disabling the remote phy for a SATA disk causes a hang: root@none$ more /sys/class/sasphy/phy-0:0:8/targetportprotocols sata root@none$ echo 0...

6.6AI score0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.9 views

PT-2025-53936

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc1-205202-gf26f8f761e83 218 Description A flaw exists in the SCSI subsystem of the Linux kernel, specifically within the pm8001 driver. The issue involves incorrect handling of the running req counter when...

7.8CVSS6.5AI score0.00462EPSS
Exploits2References842
SUSE CVE
SUSE CVE
added 2025/12/17 12:26 a.m.5 views

SUSE CVE-2025-68174

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...

5.5CVSS6.4AI score0.00155EPSS
Exploits0References20
EUVD
EUVD
added 2025/12/16 3:30 p.m.6 views

EUVD-2025-203722

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...

5.9AI score0.00155EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 2:15 p.m.4 views

UBUNTU-CVE-2025-68174

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...

5.7AI score0.00155EPSS
Exploits0References10
OSV
OSV
added 2025/12/16 1:42 p.m.4 views

CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...

6.3AI score0.00155EPSS
Exploits0References5
CVE
CVE
added 2025/12/16 1:42 p.m.16 views

CVE-2025-68174

Concrete details confirm CVE-2025-68174 affects the Linux kernel component amd/amdkfd (KFD) with a race between kfd_process_wq_release and device teardown during partition switching. The fix introduces an atomic kfd_processes_count to track active KFD processes, incremented on creation and decrem...

6.1AI score0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/16 1:42 p.m.29 views

CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition

In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfdprocessestable is empty. kfdprcessestable entry is deleted in kfdprocessnotifierrelease, but kfdprocess tear down is in...

0.00155EPSS
Exploits0References2
Rows per page
Query Builder