Lucene search
K

1116 matches found

NVD
NVD
added 2026/07/02 9:16 p.m.6 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/02 8:10 p.m.7 views

CVE-2026-58460

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/02 8:10 p.m.8 views

EUVD-2026-41437

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/02 8:10 p.m.38 views

CVE-2026-58460 react-native-receive-sharing-intent Path Traversal via _display_name

react-native-receive-sharing-intent contains a path traversal vulnerability that allows a co-resident malicious application to write files outside the intended cache directory by supplying a crafted displayname value containing dot-dot path components through a malicious ContentProvider. Attacker...

7.7CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/07/02 8:10 p.m.18 views

CVE-2026-58460

CVE-2026-58460 affects the React Native package react-native-receive-sharing-intent. A path traversal vulnerability allows a co-resident malicious app to write files outside the intended cache directory by supplying a crafted _display_name with dot-dot path components via a malicious ContentProvi...

7.7CVSS5.9AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.17 views

PT-2026-55309

Name of the Vulnerable Software and Affected Versions react-native-receive-sharing-intent affected versions not specified Description A path traversal issue exists where a co-resident malicious application can write files outside the intended cache directory. This occurs when a crafted display na...

7.7CVSS6.1AI score0.00138EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup...

6AI score0.00161EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/01 4:30 p.m.7 views

CVE-2026-53350

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ASoC Wolfson Microelectronics Audio Digital Signal Processor wmadsp driver. The wmadspcontrolremove function attempts to clean up private control data without verifying if the pointer to this data is null. This can occur whe...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 2:16 p.m.4 views

CVE-2026-53350

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 2:16 p.m.4 views

UBUNTU-CVE-2026-53350

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

5.7AI score0.00161EPSS
Exploits0References9
CVE
CVE
added 2026/07/01 1:32 p.m.18 views

CVE-2026-53350

The CVE-2026-53350 fix applies to the Linux kernel ASoC wm_adsp component. The vulnerability was a NULL dereference in wm_adsp_control_remove() when cleaning up private control data cs_ctl->priv. The patch ensures priv is non-NULL before cleanup. Two scenarios avoid creating private data: SYST...

5.8AI score0.00161EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/01 1:32 p.m.7 views

EUVD-2026-40984

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

5.8AI score0.00161EPSS
Exploits0References6
OSV
OSV
added 2026/07/01 1:32 p.m.3 views

CVE-2026-53350 ASoC: wm_adsp: Fix NULL dereference when removing firmware controls

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

5.8AI score0.00161EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-53152

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: dwmmc-rockchip: Add missing private data for very old controllers The really old controllers rk2928, rk3066, rk3188 do not support UHS speeds at all, and...

5.5CVSS6.1AI score0.00122EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:29 p.m.24 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS0.00214EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 7:29 p.m.5 views

CVE-2026-49355 OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, GET /api/v3/meetings/:meetingid/agendaitems/:agendaitemid discloses private work package data from a linked work package that belongs to a private/inaccessible project. This vulnerability is fixed in 17.4.0...

4.3CVSS6AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:29 p.m.15 views

CVE-2026-49355

OpenProject (open-source, web-based project management) contains a vulnerability in versions prior to 17.4.0. The issue arises in GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id, which may disclose private work package data from a linked work package that belongs to a private/inacce...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 3:32 p.m.8 views

EUVD-2026-39653

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS5.8AI score0.00177EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.6 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

7.5CVSS0.00177EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.43 views

CVE-2026-57921

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading users' private data via the comment templates endpoint...

4.3CVSS0.00177EPSS
Exploits0References1
Rows per page
Query Builder