Lucene search
K

1068 matches found

EUVD
EUVD
added 10 hours ago4 views

EUVD-2026-40984

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

5.8AI score
Exploits0References6
Tenable Nessus
Tenable Nessus
added 3 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-53152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and...

5.9AI score0.00168EPSS
Exploits0References2
Cvelist
Cvelist
added 5 days ago20 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS0.00214EPSS
Exploits0References1
CVE
CVE
added 5 days ago6 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-39653

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 5 days ago6 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

7.5CVSS0.00177EPSS
Exploits0References1
CVE
CVE
added 5 days ago11 views

CVE-2026-57921

In JetBrains YouTrack prior to version 2026.2.16593, an improper access control flaw in the comment templates endpoint allowed reading users’ private data. Affected component: YouTrack server-side access control for comment templates; root cause is insufficient restrictions on who can retrieve te...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS0.00177EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-52701

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows the unauthorized reading of private user data through the comment templates endpoint. Recommendations Update to version 2026.2.16593...

7.5CVSS5.8AI score0.00177EPSS
Exploits0References5
NVD
NVD
added 6 days ago5 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

0.00168EPSS
Exploits0References4
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.7AI score0.00168EPSS
Exploits0References7
EUVD
EUVD
added 6 days ago3 views

EUVD-2026-39243

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.8AI score0.00168EPSS
Exploits0References4
Debian CVE
Debian CVE
added 6 days ago4 views

CVE-2026-53152

In the Linux kernel, the following vulnerability has been resolved: mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and thus never handled phase data. For that reason it never had a parsedt...

5.7AI score0.00168EPSS
Exploits0
CVE
CVE
added 6 days ago9 views

CVE-2026-53152

The CVE affects the Linux kernel driver for rk-series SD/MMC controllers: mmc: dw_mmc-rockchip. The issue stems from missing private data for very old controllers (rk2928, rk3066, rk3188) that do not support UHS speeds and lacked a parse_dt callback and driver private data. The init path now assu...

5.8AI score0.00168EPSS
Exploits0References4
NVD
NVD
added 2026/06/24 9:16 p.m.5 views

CVE-2026-52795

Gogs is an open source self-hosted Git service. In 0.14.3 and earlier, any authenticated user can watch a private repository they have no access to, because the access check in the Watch API handler is inverted. The code checks if repoCtx.ViewerCanRead returns 404 when the user CAN read instead o...

4.3CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:42 p.m.4 views

CVE-2026-50184

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22, and 19.2.23, an issue in the @angular/service-worker package compromises the integrity of request-policy enforcement during...

5.7CVSS5.9AI score0.0015EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/22 3:42 p.m.16 views

CVE-2026-50184

Summary (CVE-2026-50184) : The vulnerability affects the Angular ecosystem, specifically the @angular/service-worker package. When the service worker reconstructs outbound requests, an internal helper strips client-specified safety parameters (credentials: omit and cache: no-store), reverting the...

6.1CVSS5.9AI score0.0015EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: removed the unused checkbuddypriv function. The commit 2461c7d60f9f “rtlwifi: Update header file” introduced a global list of private data structures. Later, the commit 26634c4b1868 “rtlwifi: Modify existing bits t...

7.8CVSS6.3AI score0.00184EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintelpcie: Memory allocation for driver-private data was performed. The issue was fixed because the driver did not allocate memory for the struct btinteldata structure, which is used to store internal data...

5.5CVSS5.3AI score0.00203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: fddi: fixed a Use-after-Free UAF issue in fzaprobe. The fp field is private data of netdev, and it cannot be used after the freenetdev call. Using fp after freenetdev can cause a UAF bug. This issue was fixed by moving the...

7.8CVSS6.1AI score0.00231EPSS
Exploits0References2
Rows per page
Query Builder