Lucene search
+L

722 matches found

cve
cve
added yesterday6 views

CVE-2026-46404

BigBlueButton: Before 3.0.23, presentation URL validation did not properly restrict site-local/link-local access. The fix pins resolved IPs in redirect logic and is addressed in 3.0.23. No exploitation details provided.

6.8CVSS6AI score0.00037EPSS
Exploits0References2
thn
thn
added 2 days ago6 views

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools, unsanctioned...

6.1AI score
Exploits0
osv
osv
added 4 days ago4 views

MAL-2026-10490 Malicious code in @sqlite-panel/createsql (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bb20d0c9e601940f84c676cd74d174e06a740b6bcb90c12d38cdcecc6ca68696 The package's main entry point index.js fetches a hardcoded GitHub Gist owned by 'getchainverse' via api.github.com and passes the returned file...

6.1AI score
Exploits0References2
osv
osv
added 2026/07/08 7:29 p.m.5 views

MAL-2026-7019 Malicious code in npm-rce-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6365312ad1339c7d5539f594b9e472ea3f10401fa356fe49766de887368e87c9 Package declares a postinstall lifecycle script that, on npm install, fetches a script over plain HTTP from a hardcoded bare IP...

6.5AI score
Exploits0References2
redhat
redhat
added 2026/07/01 9:48 a.m.24 views

kernel: RDMA/umem: Fix double dma_buf_unpin in failure path

A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...

7.8CVSS7AI score0.00139EPSS
Exploits0References5
redhat
redhat
added 2026/07/01 12:20 a.m.6 views

kernel: RDMA/umem: Fix double dma_buf_unpin in failure path

A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...

7.8CVSS7AI score0.00139EPSS
Exploits0References5
redhat
redhat
added 2026/06/29 7:50 p.m.4 views

kernel: RDMA/umem: Fix double dma_buf_unpin in failure path

A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...

7.8CVSS7AI score0.00139EPSS
Exploits0References5
redhatcve
redhatcve
added 2026/06/29 4:39 a.m.11 views

CVE-2026-47155

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. The revision pinning controls in vLLM do not consistently apply to all artifacts loaded for a model. This allows a deployment configured with specific revisions to still load dynamic code or other...

6.5CVSS5.8AI score0.00146EPSS
Exploits0References7
osv
osv
added 2026/06/24 1:11 p.m.6 views

OESA-2026-2720 coredns security update

CoreDNS is a fast and flexible DNS server. The key word here is flexible: with CoreDNS you are able to do what you want with your DNS data by utilizing plugins. Security Fixes: CoreDNS is a DNS server that chains plugins. Starting in version 1.2.0 and prior to version 1.12.4, the CoreDNS etcd...

7.1CVSS5.9AI score0.00407EPSS
Exploits0References2
nvd
nvd
added 2026/06/22 11:16 p.m.11 views

CVE-2026-47155

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00146EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/22 10:20 p.m.28 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS0.00146EPSS
Exploits0References4
osv
osv
added 2026/06/22 10:20 p.m.5 views

CVE-2026-47155 vLLM: Artifact Pin Decay in vLLM allows pinned deployments to load unpinned code, weights, and processors

vLLM is an inference and serving engine for large language models LLMs. Prior to 0.22.0, vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies --revision or --code-revision can still load dynamic code, GGUF files, image...

6.5CVSS6AI score0.00146EPSS
Exploits0References6
vulnrichment
vulnrichment
added 2026/06/22 11:43 a.m.7 views

CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS6AI score0.00362EPSS
Exploits0References16
cvelist
cvelist
added 2026/06/22 11:43 a.m.36 views

CVE-2026-56422 MISP Core: Mass Assignment and Object Re-ownership via Unvalidated Request Fields

Multiple MISP core controllers and model capture paths accepted client-controlled request fields such as primary keys id and ownership/scope foreign keys eventid, orgid, userid, sharinggroupid, galaxyclusteruuid, organisationuuid, and related nested object identifiers without consistently...

9.4CVSS0.00362EPSS
Exploits0References16
osv
osv
added 2026/06/19 2:0 p.m.2 views

CVE-2026-52908 RDMA: During rereg_mr ensure that REREG_ACCESS is compatible

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References8
osv
osv
added 2026/06/18 2:28 p.m.12 views

GHSA-VMH5-MC38-953G undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servername...

7.4CVSS5.9AI score0.00476EPSS
Exploits0References4
redhat
redhat
added 2026/06/17 11:5 p.m.15 views

netty-codec-haproxy: Netty HAProxy PROXY protocol v2 codec: Denial of Service via memory leak from crafted PROXY protocol headers

A flaw was found in the Netty HAProxy PROXY protocol v2 codec. A remote attacker can exploit this vulnerability by sending a specially crafted HAProxy PROXY protocol v2 header with nested PP2TYPESSL type-length-value TLV records. This can lead to a memory leak, causing the underlying cumulation...

8.7CVSS5.6AI score0.00606EPSS
Exploits0References7
nvd
nvd
added 2026/06/17 6:18 p.m.18 views

CVE-2026-9697

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS0.00476EPSS
Exploits0References16
vulnrichment
vulnrichment
added 2026/06/17 4:46 p.m.7 views

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6.4AI score0.00476EPSS
Exploits0References2
osv
osv
added 2026/06/17 4:46 p.m.4 views

CVE-2026-9697 undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent

Impact: undici's ProxyAgent silently drops the requestTls option when configured with a SOCKS5 proxy URI socks5:// or socks://. The target HTTPS connection through the SOCKS5 tunnel falls back to Node's default trust store, ignoring user-configured ca, cert, key, rejectUnauthorized, and servernam...

7.4CVSS6.7AI score0.00476EPSS
Exploits0References18
Rows per page
Query Builder