509 matches found
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: A null pointer dereference issue in destroyprevioussession has been fixed. If the -PreviousSessionId is set during the Kerberos session setup phase, a null pointer dereference error may occur. Since sess-user is not set ye...
BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks
...
CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
CVE-2026-44283
etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...
Linux Distros Unpatched Vulnerability : CVE-2026-44283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...
Flight 安全漏洞
Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...
CVE-2026-41551
A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...
EUVD-2025-209743
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...
CVE-2025-66467
Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...
EUVD-2026-27799
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...
CVE-2026-43240
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM
In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials
A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...
CVE-2026-31461
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drmedid leak in amdgpudm WHAT When a sink is connected, aconnector-drmedid was overwritten without freeing the previous allocation, causing a memory leak on resume. HOW Free the previous drmedid before updati...
PT-2026-34366
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the amdgpu dm component when a sink is connected. The drm edid variable in aconnector is overwritten without freeing the previous allocation, which leads to a...
CVE-2026-32990
A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application. Mitigation Mitigation for thi...
CVE-2026-40212
OpenStack Skyline contains a DOM-based XSS in the console interface prior to 5.0.1, 6.0.0, and 7.0.0 due to unsafe use of document.write when administrators view instance console logs. Root cause is unsafe DOM manipulation in the console web UI. Impact is cross-site scripting in the admin console...
CVE-2026-40117
PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...