1735 matches found
CVE-2026-61459 MCP Server Kubernetes < 3.9.0 Argument Injection via kubectl Structured Tools
MCP Server Kubernetes before 3.9.0 contains an argument injection vulnerability in structured tools kubectlget, kubectldescribe, kubectldelete that allows attackers to bypass the assertNoDangerousFlags security check by supplying resourceType and name parameters with leading dashes. Attackers can...
CVE-2026-0286
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...
CVE-2026-0286
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...
EUVD-2026-42675
A command injection vulnerability in the management plane of Palo Alto Networks PAN-OS® software enables an authenticated administrator to execute arbitrary OS commands as root. The security risk posed by this issue is significantly minimized when CLI access is restricted to a limited group of...
kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...
kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...
CVE-2026-21370
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
EUVD-2026-41928
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370 Out-of-bounds Write in Camera Driver
Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values...
CVE-2026-21370
CVE-2026-21370 is an out-of-bounds write in the camera driver causing memory corruption when validating input batch size and buffer plane count that exceed maximum allowed values. The issue is described as a memory corruption condition in the Qualcomm camera driver. Exploitation details beyond wh...
CVE-2026-9165 Stackrox: stackrox: unbounded graphql query depth allows authenticated denial of service
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-9165
A flaw was found in Red Hat Advanced Cluster Security for Kubernetes RHACS. Central does not limit the depth of GraphQL queries served on the authenticated GraphQL API. An authenticated user with a valid API token can send deeply nested queries that cause excessive resource consumption in Central...
CVE-2026-9165
Summary : A flaw in Red Hat Advanced Cluster Security for Kubernetes (RHACS) Central allows unbounded GraphQL query depth on the authenticated GraphQL API, enabling a token-authenticated user to issue deeply nested queries that exhaust resources and cause a denial of service to the management pla...
PT-2026-56078
Name of the Vulnerable Software and Affected Versions Coder versions 2.33.0 through 2.33.7 Coder versions 2.34.0 through 2.34.1 Description AI Bridge provider handlers read request bodies using io.ReadAll without enforcing a maximum size. An authenticated user with AI Bridge access can send an...
PT-2026-55990
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs during the validation of input batch size and buffer plane count when these values exceed the maximum allowed limits. Recommendations At...
CVE-2026-38971
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...
kernel: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()
A flaw was found in the Linux kernel's Direct Rendering Manager DRM Graphics Execution Manager GEM component. This vulnerability arises from an inconsistent calculation of plane dimensions, which can lead to incorrect memory allocation checks. A local attacker could exploit this by creating a...
CVE-2026-57670
Unauthenticated Cross Site Scripting XSS in Google Maps CP = 1.2.5 versions...
CVE-2026-38971
ardupilot through Plane-4.6.3 was found to contain an out-of-bounds read issue in libraries/GCSMAVLink/GCSserialcontrol.cpp in GCSMAVLINK::handleserialcontrol...