Lucene search
K

509 matches found

AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...

6.5CVSS6.6AI score0.00618EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: A null pointer dereference issue in destroyprevioussession has been fixed. If the -PreviousSessionId is set during the Kerberos session setup phase, a null pointer dereference error may occur. Since sess-user is not set ye...

5.5CVSS6.1AI score0.00482EPSS
Exploits0References2
OSV
OSV
added 2026/05/18 5:39 a.m.6 views

BIT-ETCD-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/17 8:1 a.m.14 views

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

...

6.5CVSS5.8AI score0.00225EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/14 6:16 p.m.14 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2026/05/14 5:1 p.m.20 views

CVE-2026-44283

etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via PrevKv, or lease attachment in Put requests within transaction operations, to bypass RBAC authorization checks. An authenticated user...

4.3CVSS5.8AI score0.00225EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.14 views

Linux Distros Unpatched Vulnerability : CVE-2026-44283

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.4.44, 3.5.30, and 3.6.11, a vulnerability in etcd allows read access via...

4.3CVSS5.6AI score0.00225EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

Flight 安全漏洞

Flight is a PHP microframework developed by Mike Cao. Versions of Flight prior to 3.18.1 contained security vulnerabilities. These vulnerabilities stemmed from the unconditional acceptance of the X-HTTP-Method-Override header and the$REQUESTmethod parameter by the Request::getMethod method. This...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 8:21 a.m.37 views

CVE-2026-41551

A vulnerability has been identified in ROS All versions V2.2.2. Affected versions contain a path traversal vulnerability because user input is not properly sanitized. This could allow a remote attacker to access arbitrary files on the device...

9.3CVSS0.00487EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/08 3:31 p.m.9 views

EUVD-2025-209743

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8CVSS5.8AI score0.00373EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 1:16 p.m.30 views

CVE-2025-66467

Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously owned. If another user creates a new bucket with the same name, the previous owners can gain unauthorized read and write access to it by using the previously...

8.1CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/06 12:30 p.m.6 views

EUVD-2026-27799

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...

5.8AI score0.00123EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/05/06 11:28 a.m.10 views

CVE-2026-43240

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: add a sanity check on previous kernel's ima kexec buffer When the second-stage kernel is booted via kexec with a limiting command line such as "mem=", the physical range that contains the carried over IMA measurement...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/06 11:27 a.m.29 views

CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM

In the Linux kernel, the following vulnerability has been resolved: ima: verify the previous kernel's IMA buffer lies in addressable RAM Patch series "Address page fault in imarestoremeasurementlist", v3. When the second-stage kernel is booted via kexec with a limiting command line such as "mem="...

0.00122EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/23 11:52 p.m.4 views

CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials

A vulnerability exists in SenseLive X3050’s web management interface in which password updates are not reliably applied due to improper handling of credential changes on the backend. After the device undergoes a factory restore using the SenseLive Config 2.0 tool, the interface may indicate that...

9.3CVSS5.3AI score0.0038EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 1:53 p.m.3 views

CVE-2026-31461

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drmedid leak in amdgpudm WHAT When a sink is connected, aconnector-drmedid was overwritten without freeing the previous allocation, causing a memory leak on resume. HOW Free the previous drmedid before updati...

5.5AI score0.00121EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34366

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak occurs in the amdgpu dm component when a sink is connected. The drm edid variable in aconnector is overwritten without freeing the previous allocation, which leads to a...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/04/10 7:7 a.m.8 views

CVE-2026-32990

A flaw was found in Apache Tomcat. This improper input validation vulnerability stems from an incomplete fix for a previous security issue CVE-2025-66614. This flaw may allow an attacker to bypass security controls or cause unexpected behavior within the application. Mitigation Mitigation for thi...

7.3CVSS6.5AI score0.00307EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 12:0 a.m.10 views

CVE-2026-40212

OpenStack Skyline contains a DOM-based XSS in the console interface prior to 5.0.1, 6.0.0, and 7.0.0 due to unsafe use of document.write when administrators view instance console logs. Root cause is unsafe DOM manipulation in the console web UI. Impact is cross-site scripting in the admin console...

5.4CVSS5.8AI score0.00219EPSS
Exploits0References4
NVD
NVD
added 2026/04/09 10:16 p.m.2 views

CVE-2026-40117

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, readskillfile in skilltools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skillpath parameter. Unlike filetools.readfile which enforces workspace boundary confinement, and unlike runskillscript...

7.5CVSS0.00234EPSS
Exploits1References1
Rows per page
Query Builder